CVE List for February 2022

CVE-2021-46661

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).

CVE-2021-46662

MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.

CVE-2021-46663

MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.

CVE-2021-46664

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.

CVE-2021-46665

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.

CVE-2021-46666

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.

CVE-2021-46667

MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

CVE-2021-46668

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource l...

CVE-2021-46669

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

CVE-2022-23774

Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.

CVE-2020-8562

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost netw...

CVE-2022-0419

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.

CVE-2022-23602

Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an incl...

CVE-2022-23603

iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properl...

CVE-2022-23607

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq....

CVE-2021-41040

In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.

CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 10...

CVE-2022-21687

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The a...

CVE-2022-23596

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting ...

CVE-2022-23597

Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program ...

CVE-2021-24648

The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribut...

CVE-2021-24686

The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could all...

CVE-2021-24707

The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege ...

CVE-2021-24761

The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, ...

CVE-2021-24762

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the ...

CVE-2021-24763

The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing u...

CVE-2021-24764

The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics pag...

CVE-2021-24765

The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic ...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitr...

CVE-2021-24814

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users...

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to e...

CVE-2021-24900

The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perfor...

CVE-2021-24919

The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicke...

CVE-2021-24926

The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a ...

CVE-2021-24934

The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an adm...

CVE-2021-24937

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it b...

CVE-2021-24944

The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-S...

CVE-2021-24975

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the...

CVE-2021-24983

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_...

CVE-2021-25063

The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, ...

CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker t...

CVE-2021-25085

The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Re...

CVE-2021-25089

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting i...

CVE-2021-25091

The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, lea...

CVE-2021-25092

The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin ...

CVE-2021-25093

The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbi...

CVE-2021-25097

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenti...

CVE-2021-41571

In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API ...

CVE-2021-43848

h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in...

CVE-2021-45416

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the ...

CVE-2021-46253

A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...

CVE-2022-0220

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users...

CVE-2022-0320

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statement...

CVE-2022-0401

Path Traversal in NPM w-zip prior to 1.0.12.

CVE-2022-0417

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

CVE-2022-23601

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protectio...

CVE-2021-43509

SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.

CVE-2021-43510

SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.

CVE-2021-44451

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be...

CVE-2021-44746

UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Ma...

CVE-2021-38560

Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.

CVE-2021-46093

eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.

CVE-2022-24218

An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.

CVE-2022-24219

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.

CVE-2022-24220

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.

CVE-2022-24221

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.

CVE-2022-24222

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.

CVE-2022-24223

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.

CVE-2022-24196

iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows...

CVE-2022-24197

iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of...

CVE-2022-24198

iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause...

CVE-2021-42638

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

CVE-2022-24301

In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.

CVE-2021-36177

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the ...

CVE-2021-41016

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and bel...

CVE-2021-42753

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and be...

CVE-2021-43062

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 an...

CVE-2021-43073

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3...

CVE-2020-26208

JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected...

CVE-2021-24043

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v...

CVE-2021-36193

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrar...

CVE-2021-39044

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorize...

CVE-2021-39066

IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authent...

CVE-2021-39070

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to ...

CVE-2021-41018

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and ...

CVE-2022-0366

An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions...

CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The ...

CVE-2022-21817

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can g...

CVE-2022-22509

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the ...

CVE-2022-22510

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via ...

CVE-2021-42633

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit record...

CVE-2021-42637

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vu...

CVE-2021-42639

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled...

CVE-2021-42640

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unau...

CVE-2021-42641

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unau...

CVE-2021-42642

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unau...

CVE-2021-39021

IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable ...

CVE-2022-0443

Use After Free in GitHub repository vim/vim prior to 8.2.

CVE-2022-0432

Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.

CVE-2021-43522

An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityC...

CVE-2022-24069

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35....

CVE-2020-5953

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (...

CVE-2021-33625

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI...

CVE-2021-33627

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.4...

CVE-2021-41837

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM m...

CVE-2021-41838

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access t...

CVE-2021-41839

An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SM...

CVE-2021-41840

An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access ...

CVE-2021-41841

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the...

CVE-2021-42059

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.3...

CVE-2021-42060

An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 befor...

CVE-2021-42113

An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 b...

CVE-2021-42554

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before...

CVE-2021-43323

An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26....

CVE-2021-43615

An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43...

CVE-2022-22818

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This m...

CVE-2022-23833

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart f...

CVE-2022-24030

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to wr...

CVE-2022-24031

An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to...

CVE-2022-23357

mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir.

CVE-2022-23871

Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitra...

CVE-2022-23873

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parame...

CVE-2022-24121

SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a coo...

CVE-2022-21726

Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result...

CVE-2022-21727

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow w...

CVE-2022-21728

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value...

CVE-2022-21730

Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors...

CVE-2022-21731

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of servi...

CVE-2022-21732

Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by...

CVE-2022-21733

Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by cau...

CVE-2022-21736

Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain con...

CVE-2022-23567

Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be ...

CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which ...

CVE-2022-21725

Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division b...

CVE-2022-21729

Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer...

CVE-2022-21734

Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scal...

CVE-2022-21735

Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a div...

CVE-2022-23569

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fail...

CVE-2021-44866

An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attac...

CVE-2022-21737

Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of servic...

CVE-2022-21738

Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by ...

CVE-2022-21739

Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inpu...

CVE-2022-21740

Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix wil...

CVE-2022-21741

Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the ...

CVE-2022-24307

Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD sig...

CVE-2021-45268

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on th...

CVE-2021-44246

Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overf...

CVE-2021-44247

Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injec...

CVE-2021-44880

D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerabilit...

CVE-2021-44881

D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerabi...

CVE-2021-44882

D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability all...

CVE-2021-45733

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability...

CVE-2021-45734

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attacke...

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to inte...

CVE-2021-45736

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attacker...

CVE-2021-45737

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to ca...

CVE-2021-45738

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerabil...

CVE-2021-45739

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to ca...

CVE-2021-45740

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers ...

CVE-2021-45741

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to c...

CVE-2021-45742

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows at...

CVE-2021-45986

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vu...

CVE-2021-45987

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This v...

CVE-2021-45988

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows ...

CVE-2021-45989

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allo...

CVE-2021-45990

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerab...

CVE-2021-45991

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows at...

CVE-2021-45992

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows a...

CVE-2021-45993

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allow...

CVE-2021-45994

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows at...

CVE-2021-45995

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows...

CVE-2021-45996

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows...

CVE-2021-45997

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows...

CVE-2021-45998

D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vu...

CVE-2021-46226

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability ...

CVE-2021-46227

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerabili...

CVE-2021-46228

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerabilit...

CVE-2021-46229

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability ...

CVE-2021-46230

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability...

CVE-2021-46231

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability ...

CVE-2021-46232

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerab...

CVE-2021-46233

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability a...

CVE-2021-46452

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This...

CVE-2021-46453

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulne...

CVE-2021-46454

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnera...

CVE-2021-46455

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerabi...

CVE-2021-46456

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerabi...

CVE-2021-46457

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnera...

CVE-2022-24142

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause ...

CVE-2022-24143

Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerabi...

CVE-2022-24144

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows a...

CVE-2022-24145

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a ...

CVE-2022-24146

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a De...

CVE-2022-24147

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause...

CVE-2022-24148

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers ...

CVE-2022-24149

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cau...

CVE-2022-24150

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows ...

CVE-2022-24151

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cau...

CVE-2022-24152

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause ...

CVE-2022-24153

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to caus...

CVE-2022-24154

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause ...

CVE-2022-24155

Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denia...

CVE-2022-24156

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a...

CVE-2022-24157

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause...

CVE-2022-24158

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a ...

CVE-2022-24159

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a...

CVE-2022-24160

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a...

CVE-2022-24161

Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause...

CVE-2022-24162

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cau...

CVE-2022-24163

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a De...

CVE-2022-24164

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows ...

CVE-2022-24165

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulne...

CVE-2022-24166

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows att...

CVE-2022-24167

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerabili...

CVE-2022-24168

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnera...

CVE-2022-24169

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows a...

CVE-2022-24170

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vul...

CVE-2022-24171

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vul...

CVE-2022-24172

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allow...

CVE-2021-44899

Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MO...

CVE-2021-44900

Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64....

CVE-2021-44901

Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys...

CVE-2021-44903

Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, at...

CVE-2021-46320

In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) ma...

CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=downloa...

CVE-2021-44983

In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.

CVE-2021-43145

With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.

CVE-2021-44886

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as th...

CVE-2021-44977

In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.

CVE-2021-44978

iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.

CVE-2021-46398

A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get...

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted req...

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to exec...

CVE-2021-43635

A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrar...

CVE-2021-29393

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated user...

CVE-2021-29394

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users...

CVE-2021-29395

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated us...

CVE-2021-29396

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functiona...

CVE-2021-29397

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remot...

CVE-2021-29398

Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remot...

CVE-2021-45429

A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara...

CVE-2022-24249

A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. T...

CVE-2021-23470

This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a m...

CVE-2021-23497

This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **No...

CVE-2021-23507

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object protot...

CVE-2021-45408

Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using t...

CVE-2022-24129

The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the requ...

CVE-2022-24448

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular fi...

CVE-2021-46671

options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.

CVE-2022-24348

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. Fo...

CVE-2022-23329

A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading...

CVE-2022-23330

A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafte...

CVE-2013-20003

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an att...

CVE-2018-25029

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range dur...

CVE-2020-12891

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any l...

CVE-2020-12965

When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits po...

CVE-2020-12966

AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure E...

CVE-2020-7534

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized ac...

CVE-2021-21959

A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies...

CVE-2021-21960

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-craf...

CVE-2021-21961

A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted ne...

CVE-2021-21962

A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A seri...

CVE-2021-21963

An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted ...

CVE-2021-21964

A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafte...

CVE-2021-21965

A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially...

CVE-2021-21968

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT pay...

CVE-2021-21969

An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIn...

CVE-2021-21970

An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIn...

CVE-2021-21971

An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQT...

CVE-2021-22284

Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node...

CVE-2021-22285

Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module ...

CVE-2021-22286

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unr...

CVE-2021-22288

Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unr...

CVE-2021-28503

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, whic...

CVE-2021-29218

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0,...

CVE-2021-29219

A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. ...

CVE-2021-32036

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to res...

CVE-2021-32732

### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that...

CVE-2021-36151

In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0...

CVE-2021-36152

Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to vers...

CVE-2021-38130

A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulne...

CVE-2021-38960

IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047.

CVE-2021-40401

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv...

CVE-2021-40403

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerb...

CVE-2021-40420

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document ...

CVE-2021-43841

XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible ...

CVE-2021-44204

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Window...

CVE-2021-44205

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before...

CVE-2021-44206

Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Pro...

CVE-2021-44779

Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No p...

CVE-2021-4043

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.

CVE-2021-4154

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a us...

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings du...

CVE-2022-0264

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to u...

CVE-2022-0317

An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, ...

CVE-2022-0365

The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell command...

CVE-2022-0380

The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER['PHP_SELF'] found i...

CVE-2022-0381

The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the ur...

CVE-2022-0472

Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9.

CVE-2022-0481

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

CVE-2022-0484

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to pe...

CVE-2022-0487

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this fla...

CVE-2022-22150

A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF docume...

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insuff...

CVE-2022-22722

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH crypt...

CVE-2022-22723

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary ...

CVE-2022-22724

A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sendi...

CVE-2022-22725

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary ...

CVE-2022-22726

A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a li...

CVE-2022-22727

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availabili...

CVE-2022-22804

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated ...

CVE-2022-22939

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the ...

CVE-2022-22987

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perf...

CVE-2022-23379

Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().

CVE-2022-23557

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` ...

CVE-2022-23558

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayC...

CVE-2022-23559

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup...

CVE-2022-23560

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arr...

CVE-2022-23561

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array i...

CVE-2022-23562

Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined beh...

CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this i...

CVE-2022-23564

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter case...

CVE-2022-23565

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on...

CVE-2022-23566

Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes ...

CVE-2022-23570

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of...

CVE-2022-23571

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK...

CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. Thi...

CVE-2022-23573

Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. Th...

CVE-2022-23574

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to...

CVE-2022-23575

Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer...

CVE-2022-23576

Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer...

CVE-2022-23577

Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null poi...

CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExe...

CVE-2022-23579

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `...

CVE-2022-23580

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor...

CVE-2022-23581

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `...

CVE-2022-23582

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorBy...

CVE-2022-23583

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binar...

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::Co...

CVE-2022-23585

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After ...

CVE-2022-23586

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertion...

CVE-2022-23587

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflo...

CVE-2022-23588

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler ...

CVE-2022-23589

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer derefere...

CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow ...

CVE-2022-23591

Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assu...

CVE-2022-23592

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is don...

CVE-2022-23593

Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable ...

CVE-2022-23594

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` ...

CVE-2022-23595

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a n...

CVE-2022-23600

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missin...

CVE-2022-23605

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably...

CVE-2022-23609

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize use...

CVE-2022-23611

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize ima...

CVE-2022-23614

Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attack...

CVE-2022-23805

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to ...

CVE-2022-23913

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption...

CVE-2022-23946

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and m...

CVE-2022-23947

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and m...

CVE-2022-23980

Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter '...

CVE-2022-24113

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Wi...

CVE-2022-24114

Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS...

CVE-2022-24115

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (...

CVE-2022-0437

Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.

CVE-2022-0501

Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12.

CVE-2021-38172

perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)

CVE-2022-0502

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

CVE-2022-23206

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted ...

CVE-2007-20001

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, whic...

CVE-2013-20004

A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An atta...

CVE-2021-39280

Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S be...

CVE-2021-41816

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such a...

CVE-2022-22831

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.

CVE-2022-22832

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.

CVE-2022-24551

A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could res...

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go di...

CVE-2022-22833

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.

CVE-2022-22680

Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allo...

CVE-2021-43925

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskSta...

CVE-2021-43926

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskSta...

CVE-2021-43927

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology Di...

CVE-2021-43928

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Sy...

CVE-2021-43929

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology D...

CVE-2022-22679

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Man...

CVE-2022-23184

In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.

CVE-2022-0473

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used i...

CVE-2022-0474

Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrati...

CVE-2021-46359

FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may ...

CVE-2021-46389

IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv....

CVE-2021-24839

The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthen...

CVE-2021-24843

The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged ...

CVE-2021-24878

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_...

CVE-2021-24879

The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some ...

CVE-2021-24880

The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role a...

CVE-2021-24928

The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validatio...

CVE-2021-24947

The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in ...

CVE-2021-24993

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any au...

CVE-2021-25004

The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it a...

CVE-2021-25029

The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users...

CVE-2021-25077

The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin p...

CVE-2021-25084

The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks i...

CVE-2021-25095

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rul...

CVE-2021-25096

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL

CVE-2021-25103

The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-emai...

CVE-2021-25105

The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site...

CVE-2021-25106

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisat...

CVE-2021-25108

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, all...

CVE-2021-25114

The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users)...

CVE-2022-0148

The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sti...

CVE-2022-0149

The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin...

CVE-2022-23261

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2022-23262

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-23263

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-42833

A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipu...

CVE-2022-22931

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve fi...

CVE-2022-21813

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges m...

CVE-2022-21814

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or priv...

CVE-2022-21815

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer...

CVE-2022-21816

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on ...

CVE-2021-3835

Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github....

CVE-2021-3861

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more ...

CVE-2021-45281

QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the valu...

CVE-2022-21712

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following ...

CVE-2022-23613

xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server...

CVE-2022-23623

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator throug...

CVE-2022-23624

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integra...

CVE-2022-24450

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dy...

CVE-2022-0504

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-0505

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-0506

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

CVE-2021-20877

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264d...

CVE-2022-0508

Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832

CVE-2022-21173

Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S f...

CVE-2022-21193

Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server vi...

CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS co...

CVE-2022-21799

Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject ...

CVE-2022-21805

Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated ...

CVE-2022-22142

Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker t...

CVE-2022-22146

Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecifi...

CVE-2022-0509

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.

CVE-2022-23331

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.

CVE-2022-23340

Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.

CVE-2021-44864

TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRp...

CVE-2021-44956

Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode...

CVE-2021-44957

Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjp...

CVE-2021-45325

Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.

CVE-2021-45326

Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST ...

CVE-2021-45327

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could ...

CVE-2022-0510

Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.

CVE-2021-45328

Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.

CVE-2022-0139

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.

CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana dataso...

CVE-2022-0518

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.

CVE-2022-0519

Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.

CVE-2022-0520

Use After Free in NPM radare2.js prior to 5.6.2.

CVE-2022-0521

Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.

CVE-2022-0522

Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.

CVE-2022-0523

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which...

CVE-2022-21713

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly ...

CVE-2022-0524

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.

CVE-2022-23626

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly...

CVE-2021-45329

Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.

CVE-2021-45919

Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.

CVE-2022-23627

ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, i...

CVE-2022-24676

update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive.

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php.

CVE-2022-0525

Out-of-bounds Read in Homebrew mruby prior to 3.2.

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starti...

CVE-2022-0526

Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.

CVE-2022-0527

Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.

CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not own...

CVE-2021-37852

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in t...

CVE-2022-0536

Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.

CVE-2021-25939

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature...

CVE-2021-40837

A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the ...

CVE-2022-23378

A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made t...

CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Ad...

CVE-2021-46360

Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP she...

CVE-2022-0538

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulne...

CVE-2022-0539

Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.

CVE-2021-3813

Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.

CVE-2021-37185

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP ...

CVE-2021-37194

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web c...

CVE-2021-37204

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9....

CVE-2021-37205

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP ...

CVE-2021-40360

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 S...

CVE-2021-40363

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 S...

CVE-2021-44000

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions...

CVE-2021-44016

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions...

CVE-2021-44018

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions...

CVE-2021-44911

XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When s...

CVE-2021-44912

In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. S...

CVE-2021-45106

A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database se...

CVE-2021-46151

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46152

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46153

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46154

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46155

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46156

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46157

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46158

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46159

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46160

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2021-46161

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a...

CVE-2022-23102

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. A...

CVE-2022-23312

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in a...

CVE-2021-41441

A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sendi...

CVE-2022-21844

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2022-21926

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2022-21927

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2022-21957

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

CVE-2022-21965

Microsoft Teams Denial of Service Vulnerability

CVE-2022-21968

Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVE-2022-21971

Windows Runtime Remote Code Execution Vulnerability

CVE-2022-21974

Roaming Security Rights Management Services Remote Code Execution Vulnerability

CVE-2022-21981

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2022-21984

Windows DNS Server Remote Code Execution Vulnerability

CVE-2022-21985

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVE-2022-21986

.NET Denial of Service Vulnerability

CVE-2022-21987

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2022-21988

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2022-21989

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-21991

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

CVE-2022-21992

Windows Mobile Device Management Remote Code Execution Vulnerability

CVE-2022-21993

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability

CVE-2022-21994

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2022-21995

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2022-21996

Win32k Elevation of Privilege Vulnerability

CVE-2022-21997

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-21998

Windows Common Log File System Driver Information Disclosure Vulnerability

CVE-2022-21999

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-22000

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2022-22001

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2022-22002

Windows User Account Profile Picture Denial of Service Vulnerability

CVE-2022-22003

Microsoft Office Graphics Remote Code Execution Vulnerability

CVE-2022-22004

Microsoft Office ClickToRun Remote Code Execution Vulnerability

CVE-2022-22005

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2022-22709

VP9 Video Extensions Remote Code Execution Vulnerability

CVE-2022-22710

Windows Common Log File System Driver Denial of Service Vulnerability

CVE-2022-22712

Windows Hyper-V Denial of Service Vulnerability

CVE-2022-22715

Named Pipe File System Elevation of Privilege Vulnerability

CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability

CVE-2022-22717

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-22718

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-23252

Microsoft Office Information Disclosure Vulnerability

CVE-2022-23254

Microsoft Power BI Information Disclosure Vulnerability

CVE-2022-23255

Microsoft OneDrive for Android Security Feature Bypass Vulnerability

CVE-2022-23256

Azure Data Explorer Spoofing Vulnerability

CVE-2022-23269

Microsoft Dynamics GP Spoofing Vulnerability

CVE-2022-23271

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

CVE-2022-23272

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

CVE-2022-23273

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

CVE-2022-23274

Microsoft Dynamics GP Remote Code Execution Vulnerability

CVE-2022-23276

SQL Server for Linux Containers Elevation of Privilege Vulnerability

CVE-2022-23280

Microsoft Outlook for Mac Security Feature Bypass Vulnerability

CVE-2021-45330

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session...

CVE-2021-45331

An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for ...

CVE-2021-36302

All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with stand...

CVE-2021-41442

An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web app...

CVE-2021-45286

Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.

CVE-2022-21660

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privileg...

CVE-2022-22566

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physi...

CVE-2022-22567

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticat...

CVE-2022-23615

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT rig...

CVE-2022-23616

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unp...

CVE-2022-23617

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right...

CVE-2022-23618

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection a...

CVE-2022-23619

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess i...

CVE-2022-23620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFacto...

CVE-2022-23621

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT rig...

CVE-2022-23622

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site sc...

CVE-2022-23628

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic ...

CVE-2022-23631

superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to ru...

CVE-2021-0060

Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03...

CVE-2021-0066

Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may a...

CVE-2021-0072

Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 an...

CVE-2021-0076

Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems...

CVE-2021-0091

Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privileg...

CVE-2021-0092

Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local a...

CVE-2021-0093

Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via l...

CVE-2021-0099

Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation ...

CVE-2021-0103

Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of p...

CVE-2021-0107

Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via loca...

CVE-2021-0111

NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via...

CVE-2021-0115

Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local acces...

CVE-2021-0116

Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via loca...

CVE-2021-0117

Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local acc...

CVE-2021-0118

Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local...

CVE-2021-0119

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via phy...

CVE-2021-0124

Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via phy...

CVE-2021-0125

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via phy...

CVE-2021-0127

Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local a...

CVE-2021-0145

Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure v...

CVE-2021-0147

Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww...

CVE-2021-0156

Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privileg...

CVE-2021-0161

Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may a...

CVE-2021-0162

Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user t...

CVE-2021-0163

Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an ...

CVE-2021-0164

Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may all...

CVE-2021-0165

Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may a...

CVE-2021-0166

Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some ...

CVE-2021-0167

Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potent...

CVE-2021-0168

Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 an...

CVE-2021-0169

Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable...

CVE-2021-0170

Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some ...

CVE-2021-0171

Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to po...

CVE-2021-0172

Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 an...

CVE-2021-0173

Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) ...

CVE-2021-0174

Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Wi...

CVE-2021-0175

Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems...

CVE-2021-0176

Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 an...

CVE-2021-0177

Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an ...

CVE-2021-0178

Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user t...

CVE-2021-0179

Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthentic...

CVE-2021-0183

Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems...

CVE-2021-22817

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local...

CVE-2021-22954

A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.

CVE-2021-23152

Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of pri...

CVE-2021-26613

improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method.

CVE-2021-26616

An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments.

CVE-2021-33061

Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable de...

CVE-2021-33068

Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service...

CVE-2021-33096

Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to ...

CVE-2021-33101

Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privileg...

CVE-2021-33105

Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM) RX Vega M GL integrated graphics before version 21.10 may allow an authenticat...

CVE-2021-33107

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEB...

CVE-2021-33110

Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22...

CVE-2021-33113

Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an u...

CVE-2021-33114

Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an a...

CVE-2021-33115

Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privile...

CVE-2021-33119

Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information di...

CVE-2021-33120

Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to po...

CVE-2021-33129

Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentiall...

CVE-2021-33137

Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local acce...

CVE-2021-33139

Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an ...

CVE-2021-33147

Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information d...

CVE-2021-33155

Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an ...

CVE-2021-33166

Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable inf...

CVE-2021-37107

There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-37109

There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure.

CVE-2021-37115

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may af...

CVE-2021-39943

An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions start...

CVE-2021-39986

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may af...

CVE-2021-39991

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may af...

CVE-2021-39992

There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confiden...

CVE-2021-39994

There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service co...

CVE-2021-39997

There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of...

CVE-2021-40015

There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel s...

CVE-2021-40044

There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operatio...

CVE-2021-40045

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerabi...

CVE-2021-44454

Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to ...

CVE-2022-0162

The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in ...

CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into component...

CVE-2022-0529

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound writ...

CVE-2022-0530

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound writ...

CVE-2022-0532

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the clust...

CVE-2022-0534

A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicio...

CVE-2022-20017

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no ad...

CVE-2022-20024

In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no a...

CVE-2022-20025

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no addition...

CVE-2022-20026

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no addition...

CVE-2022-20027

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no addition...

CVE-2022-20028

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no addition...

CVE-2022-20029

In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System e...

CVE-2022-20030

In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with Sys...

CVE-2022-20031

In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execu...

CVE-2022-20032

In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution pr...

CVE-2022-20033

In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System...

CVE-2022-20034

In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of pri...

CVE-2022-20035

In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execut...

CVE-2022-20036

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no ad...

CVE-2022-20037

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no ad...

CVE-2022-20038

In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System ex...

CVE-2022-20039

In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System executio...

CVE-2022-20040

In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privi...

CVE-2022-20041

In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no ...

CVE-2022-20042

In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no addi...

CVE-2022-20043

In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no ...

CVE-2022-20044

In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution...

CVE-2022-20045

In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution...

CVE-2022-20046

In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution priv...

CVE-2022-21133

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of ...

CVE-2022-21153

Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information di...

CVE-2022-21156

Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enab...

CVE-2022-21157

Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable informa...

CVE-2022-21174

Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to pot...

CVE-2022-21203

Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user...

CVE-2022-21204

Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of...

CVE-2022-21205

Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an un...

CVE-2022-21218

Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable informatio...

CVE-2022-21220

Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potential...

CVE-2022-21226

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable informatio...

CVE-2022-21825

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker...

CVE-2022-22528

SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, un...

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an un...

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53,...

CVE-2022-22534

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user I...

CVE-2022-22535

SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees i...

CVE-2022-22536

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulner...

CVE-2022-22537

When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version...

CVE-2022-22538

When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - versi...

CVE-2022-22539

When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the ...

CVE-2022-22540

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute cra...

CVE-2022-22542

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for ...

CVE-2022-22543

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, ...

CVE-2022-22544

Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents an...

CVE-2022-22545

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Appl...

CVE-2022-22546

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence ...

CVE-2022-22779

The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the r...

CVE-2022-22780

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6...

CVE-2022-22807

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings...

CVE-2022-22808

A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cros...

CVE-2022-22809

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthor...

CVE-2022-22810

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after n...

CVE-2022-22811

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of th...

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session com...

CVE-2022-22813

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the ...

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and ...

CVE-2022-23048

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. Aft...

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an adminis...

CVE-2022-24310

A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potential...

CVE-2022-24311

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by insert...

CVE-2022-24312

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding...

CVE-2022-24313

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remot...

CVE-2022-24314

A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedl...

CVE-2022-24315

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. A...

CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affe...

CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Produc...

CVE-2022-24318

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of ...

CVE-2022-24319

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and ...

CVE-2022-24320

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and ...

CVE-2022-24321

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server w...

CVE-2022-24666

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This a...

CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header...

CVE-2022-24668

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affe...

CVE-2021-25992

In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attac...

CVE-2022-0558

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

CVE-2021-45901

The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists...

CVE-2022-24111

In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios ...

CVE-2021-31814

In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the ...

CVE-2021-37613

Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.

CVE-2021-3398

Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.

CVE-2021-41445

A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to exec...

CVE-2021-44892

A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server...

CVE-2021-45357

Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.

CVE-2022-0011

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on yo...

CVE-2022-0016

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect ap...

CVE-2022-0017

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that ena...

CVE-2022-0018

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user ...

CVE-2022-0019

An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials ...

CVE-2022-0020

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to s...

CVE-2022-0021

An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentia...

CVE-2022-20630

A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vu...

CVE-2022-20680

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive...

CVE-2022-20699

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20700

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20701

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20702

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20703

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20704

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20705

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20706

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20707

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20708

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20709

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20710

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20711

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20712

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2022-20738

A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature...

CVE-2022-20749

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe...

CVE-2021-44850

On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boo...

CVE-2021-45364

A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an erro...

CVE-2022-23321

A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStor...

CVE-2022-24568

Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.

CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification a...

CVE-2022-24916

Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction.

CVE-2022-0554

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

CVE-2021-42000

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multi...

CVE-2021-44969

Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.

CVE-2021-44970

MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.

CVE-2022-24646

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtM...

CVE-2022-24647

Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.

CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect ...

CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that i...

CVE-2022-24954

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' an...

CVE-2022-24955

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files.

CVE-2022-24958

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

CVE-2022-24959

An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.

CVE-2022-24961

In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.

CVE-2022-0557

OS Command Injection in Packagist microweber/microweber prior to 1.2.11.

CVE-2021-30309

Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sna...

CVE-2021-30317

Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdrago...

CVE-2021-30318

Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv...

CVE-2021-30322

Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon C...

CVE-2021-30323

Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consume...

CVE-2021-30324

Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Aut...

CVE-2021-30325

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdr...

CVE-2021-30326

Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdrago...

CVE-2021-35068

Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto...

CVE-2021-35069

Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti...

CVE-2021-35074

Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon ...

CVE-2021-35075

Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon...

CVE-2021-35077

Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapd...

CVE-2021-44521

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enabl...

CVE-2021-46355

OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device ...

CVE-2022-0560

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (...

CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature...

CVE-2021-38679

An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers ...

CVE-2021-45402

The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 ins...

CVE-2020-13668

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the...

CVE-2020-13669

Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prio...

CVE-2020-13670

Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file ...

CVE-2020-13672

Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. ...

CVE-2020-13673

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivile...

CVE-2020-13674

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to po...

CVE-2020-13675

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes...

CVE-2020-13676

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are ...

CVE-2020-13677

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access ...

CVE-2020-36062

Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control...

CVE-2021-42940

A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG ...

CVE-2021-45385

A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out o...

CVE-2021-23597

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Not...

CVE-2021-45386

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c

CVE-2021-45387

tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.

CVE-2020-14521

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker coul...

CVE-2020-14523

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.

CVE-2021-0524

In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel informatio...

CVE-2021-22748

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution...

CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an...

CVE-2021-22787

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted H...

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the ...

CVE-2021-22796

A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-...

CVE-2021-22798

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Ne...

CVE-2021-22800

A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over net...

CVE-2021-22801

A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with spe...

CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on u...

CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, wh...

CVE-2021-22804

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read i...

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user r...

CVE-2021-22806

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing ...

CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user r...

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user...

CVE-2021-31932

Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functio...

CVE-2021-34235

Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page.

CVE-2021-39616

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438

CVE-2021-39619

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual...

CVE-2021-39631

In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectation...

CVE-2021-39635

ims_ex is a vendor system service used to manage VoLTE in unisoc devices，But it does not verify the caller's permissions，so that normal apps (No phone...

CVE-2021-39658

ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service，but it does not check the permissions of t...

CVE-2021-39662

In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing per...

CVE-2021-39663

In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This cou...

CVE-2021-39664

In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information d...

CVE-2021-39665

In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information d...

CVE-2021-39666

In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclo...

CVE-2021-39668

In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privil...

CVE-2021-39669

In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/ov...

CVE-2021-39671

In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disc...

CVE-2021-39672

In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional ...

CVE-2021-39674

In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privileg...

CVE-2021-39675

In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privile...

CVE-2021-39676

In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This coul...

CVE-2021-39677

In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11...

CVE-2021-39687

In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local info...

CVE-2021-39688

In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privile...

CVE-2021-44111

A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.

CVE-2021-4035

A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to ex...

CVE-2021-4046

The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to car...

CVE-2022-0185

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel ver...

CVE-2022-0382

An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram ...

CVE-2022-0483

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53

CVE-2022-0561

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 c...

CVE-2022-0562

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could...

CVE-2022-22291

Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information thro...

CVE-2022-22292

Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.

CVE-2022-23425

Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base ...

CVE-2022-23426

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.

CVE-2022-23427

PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files withou...

CVE-2022-23428

An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

CVE-2022-23429

An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application cr...

CVE-2022-23431

An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

CVE-2022-23432

An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

CVE-2022-23433

Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in A...

CVE-2022-23434

A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers ...

CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can...

CVE-2022-23853

The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary w...

CVE-2022-23994

An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applicatio...

CVE-2022-23995

Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applicatio...

CVE-2022-23996

Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to...

CVE-2022-23997

Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted ap...

CVE-2022-23998

Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9...

CVE-2022-23999

PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission i...

CVE-2022-24000

PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files withou...

CVE-2022-24001

Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.

CVE-2022-24002

Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity.

CVE-2022-24003

Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via...

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitra...

CVE-2022-24924

An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permi...

CVE-2022-24925

Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of servic...

CVE-2022-24926

Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices...

CVE-2022-24927

Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permiss...

CVE-2020-26728

A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution vi...

CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and...

CVE-2021-20001

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions ...

CVE-2021-23555

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of...

CVE-2022-24975

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a...

CVE-2021-46361

An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a cr...

CVE-2021-46362

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers t...

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These fo...

CVE-2021-46364

A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.

CVE-2021-46366

An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request For...

CVE-2022-23633

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a...

CVE-2022-23634

Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails,...

CVE-2022-24968

In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server und...

CVE-2021-4098

Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to pot...

CVE-2021-4099

Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted H...

CVE-2021-4100

Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted...

CVE-2021-4101

Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a cra...

CVE-2021-4102

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0096

Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p...

CVE-2022-0097

Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extens...

CVE-2022-0098

Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user...

CVE-2022-0099

Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to p...

CVE-2022-0100

Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via ...

CVE-2022-0101

Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestu...

CVE-2022-0102

Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-0103

Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HT...

CVE-2022-0104

Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HT...

CVE-2022-0105

Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a craf...

CVE-2022-0106

Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to p...

CVE-2022-0107

Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious...

CVE-2022-0108

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HT...

CVE-2022-0109

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information ...

CVE-2022-0110

Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via ...

CVE-2022-0111

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HT...

CVE-2022-0112

Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a cra...

CVE-2022-0113

Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML pa...

CVE-2022-0114

Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory re...

CVE-2022-0115

Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via ...

CVE-2022-0116

Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL...

CVE-2022-0117

Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-0118

Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omni...

CVE-2022-0120

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a...

CVE-2022-0289

Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted ...

CVE-2022-0290

Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafte...

CVE-2022-0291

Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to b...

CVE-2022-0292

Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer proces...

CVE-2022-0293

Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted ...

CVE-2022-0294

Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer proce...

CVE-2022-0295

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interacti...

CVE-2022-0296

Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interact...

CVE-2022-0297

Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa...

CVE-2022-0298

Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM...

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage ...

CVE-2022-0301

Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to p...

CVE-2022-0302

Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to p...

CVE-2022-0304

Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interacti...

CVE-2022-0305

Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer p...

CVE-2022-0306

Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted H...

CVE-2022-0307

Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user ...

CVE-2022-0308

Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specif...

CVE-2022-0309

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a craf...

CVE-2022-0310

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via speci...

CVE-2022-0311

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user ...

CVE-2022-22765

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensit...

CVE-2021-24446

The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make ...

CVE-2021-24874

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter befo...

CVE-2021-24904

The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, w...

CVE-2021-25014

The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any auth...

CVE-2021-25018

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allow...

CVE-2021-25033

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leadi...

CVE-2021-25050

The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scrip...

CVE-2021-25107

The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowin...

CVE-2021-25109

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract dat...

CVE-2021-25110

The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.

CVE-2021-25115

The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, ...

CVE-2021-44879

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer deref...

CVE-2021-45444

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This...

CVE-2022-0176

The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an a...

CVE-2022-0188

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.

CVE-2022-0190

The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action.

CVE-2022-0193

The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a R...

CVE-2022-0200

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of...

CVE-2022-0201

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query pa...

CVE-2022-0206

The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Ref...

CVE-2022-0208

The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" err...

CVE-2022-0212

The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the w...

CVE-2022-0214

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, ...

CVE-2022-0565

Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.

CVE-2022-0569

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.

CVE-2022-0570

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.

CVE-2022-0571

Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

CVE-2022-0572

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0575

Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.

CVE-2022-0576

Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.

CVE-2022-24110

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.

CVE-2022-24976

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point ...

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe inte...

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi...

CVE-2021-45421

Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to a...

CVE-2022-24686

HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad ...

CVE-2021-46371

antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage o...

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.

CVE-2021-45392

A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDel...

CVE-2021-39079

IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to...

CVE-2021-39080

Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer t...

CVE-2022-22854

An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via a...

CVE-2022-23367

Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows ...

CVE-2021-45346

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File...

CVE-2021-45347

An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cook...

CVE-2022-0579

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.

CVE-2022-25150

In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.

CVE-2019-16864

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that ...

CVE-2021-43106

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.T...

CVE-2021-45348

An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, ...

CVE-2022-24988

In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector.

CVE-2019-25057

In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer.

CVE-2021-45310

Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction...

CVE-2022-22295

Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.

CVE-2022-23335

Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.

CVE-2022-23336

S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.

CVE-2022-23337

DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.

CVE-2022-23389

PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.

CVE-2022-23390

An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files.

CVE-2022-23391

A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into...

CVE-2022-23637

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnera...

CVE-2022-23638

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to ve...

CVE-2022-23902

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.

CVE-2022-24206

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.

CVE-2021-45005

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.

CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.

CVE-2021-46462

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.

CVE-2021-46463

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then...

CVE-2021-4201

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack se...

CVE-2022-0581

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture f...

CVE-2022-0582

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or craf...

CVE-2022-0583

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture ...

CVE-2022-0586

Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted cap...

CVE-2022-23410

AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attem...

CVE-2022-23992

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially all...

CVE-2022-24704

The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into...

CVE-2022-24705

The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that ...

CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.

CVE-2022-0580

Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.

CVE-2022-21818

NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual appliance, where a user on a network after signing in t...

CVE-2021-43952

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a...

CVE-2021-43950

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration...

CVE-2021-43953

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring s...

CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local syste...

CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and...

CVE-2021-43948

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private object...

CVE-2022-0587

Improper Authorization in Packagist librenms/librenms prior to 22.2.0.

CVE-2022-0588

Missing Authorization in Packagist librenms/librenms prior to 22.2.0.

CVE-2022-0589

Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.

CVE-2021-46557

Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs.

CVE-2021-46558

Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts o...

CVE-2022-23317

CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by speci...

CVE-2022-23384

YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add

CVE-2021-41552

CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.

CVE-2021-42712

Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2021-43734

kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-0597

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-24586

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary w...

CVE-2022-24227

A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payloa...

CVE-2022-24684

HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to ...

CVE-2021-44960

In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a ...

CVE-2022-21698

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP...

CVE-2022-23604

x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation...

CVE-2022-24226

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.

CVE-2022-24585

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web ...

CVE-2022-24587

A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web sc...

CVE-2022-24588

Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.

CVE-2022-24590

A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or...

CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typi...

CVE-2022-25174

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libra...

CVE-2022-25175

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allo...

CVE-2022-25176

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configure...

CVE-2022-25177

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline li...

CVE-2022-25178

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource ...

CVE-2022-25179

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the confi...

CVE-2022-25180

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attac...

CVE-2022-25181

A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure ...

CVE-2022-25182

A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure ...

CVE-2022-25183

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories withou...

CVE-2022-25184

Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Sn...

CVE-2022-25185

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scrip...

CVE-2022-25186

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the age...

CVE-2022-25187

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

CVE-2022-25188

Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item...

CVE-2022-25189

Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-si...

CVE-2022-25190

A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials ...

CVE-2022-25191

Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scr...

CVE-2022-25192

A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specifi...

CVE-2022-25193

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-spe...

CVE-2022-25194

A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified UR...

CVE-2022-25195

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specif...

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication proc...

CVE-2022-25197

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenki...

CVE-2022-25198

A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified...

CVE-2022-25199

A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-spe...

CVE-2022-25200

A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specifie...

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-spec...

CVE-2022-25202

Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scriptin...

CVE-2022-25203

Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by ...

CVE-2022-25204

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc...

CVE-2022-25205

A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified da...

CVE-2022-25206

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified databas...

CVE-2022-25207

A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP reques...

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP ...

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Conf...

CVE-2022-25211

A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified...

CVE-2022-25212

A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web s...

CVE-2021-43049

The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an un...

CVE-2021-43050

The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an...

CVE-2022-22770

The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker...

CVE-2021-42713

Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2021-42714

Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils ...

CVE-2022-24589

Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute...

CVE-2021-33945

RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221S...

CVE-2021-37354

Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability ...

CVE-2021-46262

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attacker...

CVE-2021-46263

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attac...

CVE-2021-46264

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows att...

CVE-2021-46265

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows at...

CVE-2021-46321

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows a...

CVE-2022-23641

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the `stable` branch, 2.9.0.beta2 in the `beta` branch, and 2.9.0.beta2 ...

CVE-2021-35380

A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain a...

CVE-2022-23643

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in...

CVE-2021-46249

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40...

CVE-2021-46250

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other use...

CVE-2021-46251

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary w...

CVE-2021-46252

A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request...

CVE-2022-0611

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a ce...

CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

CVE-2022-25241

In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).

CVE-2022-25242

In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).

CVE-2022-0612

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

CVE-2022-0613

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.

CVE-2022-0614

Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.

CVE-2022-0559

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

CVE-2022-23358

EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were u...

CVE-2021-45391

A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sb...

CVE-2021-26726

A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM pr...

CVE-2019-4291

IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to the lack of binary protection precautions. IBM X-Force ...

CVE-2019-4351

IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493.

CVE-2019-4352

IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494.

CVE-2020-6917

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Suppo...

CVE-2020-6918

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Suppo...

CVE-2020-6919

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Suppo...

CVE-2020-6920

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Suppo...

CVE-2020-6921

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Suppo...

CVE-2020-6922

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Suppo...

CVE-2021-21958

A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malfo...

CVE-2021-21966

An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0...

CVE-2021-22040

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative pr...

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative priv...

CVE-2021-22042

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileg...

CVE-2021-22043

VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with acc...

CVE-2021-22050

ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to ...

CVE-2021-23682

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the que...

CVE-2021-39297

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code...

CVE-2021-39298

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting...

CVE-2021-39299

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code...

CVE-2021-39300

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code...

CVE-2021-39301

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code...

CVE-2021-3551

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This f...

CVE-2021-3557

A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server...

CVE-2021-4106

A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow...

CVE-2021-4134

The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found...

CVE-2022-0513

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter ...

CVE-2022-0617

A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for ...

CVE-2022-22792

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and p...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary command...

CVE-2022-23186

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arb...

CVE-2022-23188

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a...

CVE-2022-23189

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated ...

CVE-2022-23190

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclo...

CVE-2022-23191

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclo...

CVE-2022-23192

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclo...

CVE-2022-23193

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclo...

CVE-2022-23194

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclo...

CVE-2022-23195

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclo...

CVE-2022-23196

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclo...

CVE-2022-23197

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclo...

CVE-2022-23198

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated ...

CVE-2022-23199

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated ...

CVE-2022-23200

Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in a...

CVE-2022-23202

Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbi...

CVE-2022-23203

Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a cra...

CVE-2022-23204

Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An...

CVE-2022-23803

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA ...

CVE-2022-23804

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA ...

CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checko...

CVE-2022-24663

PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenti...

CVE-2022-24664

PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user ab...

CVE-2022-24665

PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit po...

CVE-2022-22853

A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts ...

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the ro...

CVE-2021-3578

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary in...

CVE-2021-3752

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously du...

CVE-2021-3753

A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write a...

CVE-2021-3760

A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system a...

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network a...

CVE-2021-3781

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe comma...

CVE-2022-23644

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to...

CVE-2022-25255

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory wh...

CVE-2021-3242

DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.

CVE-2022-25258

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of int...

CVE-2021-43299

Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copie...

CVE-2021-43300

Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is cop...

CVE-2021-43301

Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is c...

CVE-2021-43302

Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when th...

CVE-2021-43303

Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an ou...

CVE-2022-25265

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2...

CVE-2022-22880

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.

CVE-2022-22881

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.

CVE-2022-22885

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.

CVE-2022-23636

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator i...

CVE-2022-24981

A reflected cross-site scripting (XSS) vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrar...

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users...

CVE-2022-24983

Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When...

CVE-2022-24984

Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable...

CVE-2022-24985

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative sect...

CVE-2022-25271

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This cou...

CVE-2022-25270

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permi...

CVE-2022-0622

Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.

CVE-2022-22901

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c ...

CVE-2022-24953

The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG ...

CVE-2022-0623

Out-of-bounds Read in Homebrew mruby prior to 3.2.

CVE-2021-46368

TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.

CVE-2022-0629

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through ...

CVE-2022-23318

A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out...

CVE-2022-23319

A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font...

CVE-2022-20653

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Securi...

CVE-2022-20659

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow a...

CVE-2022-20750

A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow an unau...

CVE-2022-23632

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when...

CVE-2021-44868

A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do

CVE-2021-39034

IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964.

CVE-2022-0638

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-24683

HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities ...

CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

CVE-2021-46247

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a ...

CVE-2022-22912

Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code ...

CVE-2014-8597

A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the stat...

CVE-2021-45382

A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L route...

CVE-2021-46314

A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin...

CVE-2022-22914

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in ...

CVE-2022-23646

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation...

CVE-2021-46315

Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW...

CVE-2021-46319

Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users ca...

CVE-2022-22916

O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.

CVE-2021-3155

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attac...

CVE-2021-44730

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to c...

CVE-2021-44731

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacke...

CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary...

CVE-2021-41599

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit...

CVE-2022-22922

TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attacke...

CVE-2021-46108

D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25317

An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.

CVE-2022-25318

An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.

CVE-2022-25319

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.

CVE-2022-25320

An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.

CVE-2022-25321

An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.

CVE-2020-8107

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a s...

CVE-2022-0660

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

CVE-2021-46372

Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using upper...

CVE-2022-25298

This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server.

CVE-2022-25299

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attacke...

CVE-2022-0451

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be ex...

CVE-2022-0631

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.

CVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

CVE-2022-0666

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2....

CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers...

CVE-2022-25322

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.

CVE-2022-25323

ZEROF Web Server 2.0 allows /admin.back XSS.

CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wi...

CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalati...

CVE-2020-25718

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allo...

CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could be...

CVE-2020-25722

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause ...

CVE-2020-8242

Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin cont...

CVE-2021-20315

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window l...

CVE-2021-20320

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special use...

CVE-2021-20321

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A ...

CVE-2021-20322

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the abi...

CVE-2021-20325

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regressi...

CVE-2021-26618

An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execu...

CVE-2021-26619

An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delet...

CVE-2021-30650

A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a mal...

CVE-2021-38935

IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compro...

CVE-2021-39026

IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properl...

CVE-2021-3657

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMA...

CVE-2021-3930

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the '...

CVE-2021-3947

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain in...

CVE-2021-3948

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be abl...

CVE-2021-44968

A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which co...

CVE-2021-45401

A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUn...

CVE-2021-4090

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_...

CVE-2021-4091

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search re...

CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigg...

CVE-2022-0138

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a...

CVE-2022-0585

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted ca...

CVE-2022-0646

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync...

CVE-2022-0671

A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.

CVE-2022-0672

A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX...

CVE-2022-0673

A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.

CVE-2022-21141

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does ...

CVE-2022-21143

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does ...

CVE-2022-21176

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does ...

CVE-2022-21196

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does ...

CVE-2022-21215

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only acces...

CVE-2022-21800

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses ...

CVE-2022-23981

The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4).

CVE-2022-23982

The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure.

CVE-2022-25335

RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild ...

CVE-2022-25336

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image ...

CVE-2022-25337

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.

CVE-2021-46036

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.

CVE-2021-46037

MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.

CVE-2021-23702

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend.

CVE-2021-46062

MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.

CVE-2021-46063

MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.

CVE-2021-46082

Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to con...

CVE-2021-46562

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46563

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46564

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46565

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46566

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46567

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46568

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46569

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46570

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is...

CVE-2021-46571

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is require...

CVE-2021-46572

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46573

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46574

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46575

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46576

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46577

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46578

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46579

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46580

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46581

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46582

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46583

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46584

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46585

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46586

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46587

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46588

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46589

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46590

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46591

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46592

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46593

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46594

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46595

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46596

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46597

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46598

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46599

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46600

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46601

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46602

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46603

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46604

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46605

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46606

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46607

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46608

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46609

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46610

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46611

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46612

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46614

Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote atta...

CVE-2021-46615

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46616

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46618

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46619

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46620

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46621

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46622

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46623

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is...

CVE-2021-46624

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is...

CVE-2021-46625

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46626

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46627

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46628

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is...

CVE-2021-46629

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is...

CVE-2021-46630

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is...

CVE-2021-46631

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46632

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is...

CVE-2021-46633

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46634

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46635

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46636

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46637

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46638

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46639

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46640

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46641

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46642

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is...

CVE-2021-46643

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46644

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46645

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46646

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46647

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46648

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User intera...

CVE-2021-46649

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46650

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46651

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. Use...

CVE-2021-46652

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46653

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46654

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is...

CVE-2021-46655

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2021-46656

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is require...

CVE-2022-0543

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which co...

CVE-2022-24046

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 syste...

CVE-2022-24047

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not req...

CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate p...

CVE-2022-24049

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11...

CVE-2022-24050

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on ...

CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on a...

CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate pr...

CVE-2022-24055

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User intera...

CVE-2022-24056

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is...

CVE-2022-24057

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is...

CVE-2022-24058

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is...

CVE-2022-24059

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is...

CVE-2022-24060

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User intera...

CVE-2022-24061

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User intera...

CVE-2022-24062

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interactio...

CVE-2022-24063

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interactio...

CVE-2022-24064

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. User interaction is...

CVE-2022-24354

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 202110...

CVE-2022-24355

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel....

CVE-2022-24356

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. Use...

CVE-2022-24357

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24358

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24359

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24360

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24361

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24362

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24363

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24364

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24365

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24366

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24367

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24368

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interact...

CVE-2022-24369

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2022-24370

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 ma...

CVE-2022-24971

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is r...

CVE-2021-40840

A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2.

CVE-2021-40841

A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server.

CVE-2021-46110

Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.

CVE-2022-23645

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerabl...

CVE-2021-29655

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.

CVE-2021-29656

Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.

CVE-2022-23228

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing d...

CVE-2022-23649

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipu...

CVE-2022-23650

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-...

CVE-2022-25358

A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read fi...

CVE-2017-0371

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki v...

CVE-2022-23642

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` servic...

CVE-2021-44302

BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php.

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Pytho...

CVE-2022-25130

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2...

CVE-2022-25131

A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015...

CVE-2022-25132

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attac...

CVE-2022-25133

A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows at...

CVE-2022-25134

A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attack...

CVE-2022-25135

A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows...

CVE-2022-25136

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V...

CVE-2022-25137

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T1...

CVE-2022-25256

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backu...

CVE-2022-25365

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-237...

CVE-2022-25366

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disab...

CVE-2022-24979

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not...

CVE-2022-24980

An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing acc...

CVE-2016-20013

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional...

CVE-2022-0409

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.

CVE-2022-0678

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-0630

Out-of-bounds Read in Homebrew mruby prior to 3.2.

CVE-2022-0632

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

CVE-2022-0689

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-23375

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form ...

CVE-2022-23376

WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages.

CVE-2016-1239

duck before 0.10 did not properly handle loading of untrusted code from the current directory.

CVE-2022-0690

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

CVE-2021-46700

In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.

CVE-2022-0685

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

CVE-2021-45007

Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOT...

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.

CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that ...

CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into t...

CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScrip...

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript ...

CVE-2022-23848

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.

CVE-2022-25372

Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.

CVE-2022-25375

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size o...

CVE-2021-46701

PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potential...

CVE-2022-25297

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable...

CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins a...

CVE-2021-24921

The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attribut...

CVE-2021-25055

The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter.

CVE-2021-25057

The Translation Exchange WordPress plugin through 1.0.14 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text...

CVE-2021-25058

The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mentio...

CVE-2021-25060

The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page...

CVE-2021-25069

The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading...

CVE-2021-25075

The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_pa...

CVE-2021-25082

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading...

CVE-2021-25099

The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthent...

CVE-2021-25100

The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, l...

CVE-2021-25101

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it bac...

CVE-2021-4208

The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading...

CVE-2022-0134

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make lo...

CVE-2022-0164

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX actio...

CVE-2022-0186

The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allo...

CVE-2022-0199

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attacke...

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-S...

CVE-2022-0228

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL stat...

CVE-2022-0234

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX...

CVE-2022-0252

The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, ...

CVE-2022-0255

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement ...

CVE-2022-0279

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticat...

CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection p...

CVE-2022-0313

The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in adm...

CVE-2021-45008

Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor sta...

CVE-2022-24553

An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command executi...

CVE-2022-0692

Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.

CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability...

CVE-2021-26256

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).

CVE-2021-27753

"Sametime Android PathTraversal Vulnerability"

CVE-2021-27755

"Sametime Android potential path traversal vulnerability when using File class"

CVE-2021-27796

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted sh...

CVE-2021-27797

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded crede...

CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an are...

CVE-2021-44568

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies funct...

CVE-2022-0564

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this v...

CVE-2022-0708

Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members ...

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web appl...

CVE-2022-23983

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress ...

CVE-2022-23984

Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).

CVE-2022-24295

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.

CVE-2022-25599

Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).

CVE-2022-0563

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment var...

CVE-2022-0696

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.

CVE-2021-4115

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat...

CVE-2022-24564

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML i...

CVE-2022-0676

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-0665

Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.

CVE-2021-46162

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end o...

CVE-2021-46699

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnera...

CVE-2022-0712

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-0713

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-0714

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

CVE-2022-23608

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, ST...

CVE-2022-23652

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper...

CVE-2022-23654

Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page ou...

CVE-2022-23635

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a req...

CVE-2021-43824

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CO...

CVE-2021-43825

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further process...

CVE-2021-43826

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured f...

CVE-2022-21654

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings h...

CVE-2022-21655

Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect ...

CVE-2022-21656

Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the ...

CVE-2022-21657

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certif...

CVE-2022-23606

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) ...

CVE-2022-23612

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions ...

CVE-2022-0654

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.

CVE-2022-0717

Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.

CVE-2022-0736

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.

CVE-2022-0719

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.

CVE-2022-0721

Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.

CVE-2022-0724

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

CVE-2022-0726

Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.

CVE-2022-0727

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.

CVE-2022-0729

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

CVE-2022-0476

Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2022-20623

A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches ...

CVE-2022-20624

A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause...

CVE-2022-20625

A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attac...

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root pr...

CVE-2022-0731

Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.

CVE-2022-21705

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before renderi...

CVE-2021-4070

Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.

CVE-2022-22333

IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the J...

CVE-2022-22336

IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources...

CVE-2022-24409

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected sy...

CVE-2022-23651

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a ...

CVE-2022-23653

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool ver...

CVE-2022-23655

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signature...

CVE-2021-26092

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12...

CVE-2021-35689

A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attacke...

CVE-2022-24671

A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file...

CVE-2022-24678

An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Fr...

CVE-2022-24679

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free ...

CVE-2022-24680

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free ...

CVE-2022-25329

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the consol...

CVE-2022-25330

Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or a...

CVE-2022-25331

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the proces...

CVE-2021-43943

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML o...

CVE-2022-0695

Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE-2019-25058

An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all...

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.

CVE-2021-25636

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurr...

CVE-2021-43724

A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

CVE-2021-44550

An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).

CVE-2021-44565

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote m...

CVE-2021-44566

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.

CVE-2021-44567

An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.

CVE-2021-44607

A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.

CVE-2021-44608

Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit ...

CVE-2021-44610

Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype...

CVE-2021-44967

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious ...

CVE-2021-45746

A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java.

CVE-2021-4029

A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a ...

CVE-2021-4030

A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands ...

CVE-2022-21142

Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2....

CVE-2022-21179

Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1....

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extensi...

CVE-2022-23176

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session ...

CVE-2022-23810

Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior...

CVE-2022-23916

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.1...

CVE-2022-23986

SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via...

CVE-2022-24374

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.1...

CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

CVE-2022-24435

Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecif...

CVE-2022-24565

Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of...

CVE-2022-24566

In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when sho...

CVE-2022-24582

Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and ...

CVE-2022-24599

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak se...

CVE-2022-24610

Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by edit...

CVE-2022-24613

metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an applicatio...

CVE-2022-24614

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an o...

CVE-2022-24615

zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This...

CVE-2022-24620

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmast...

CVE-2022-24633

All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<usernam...

CVE-2022-25072

TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability...

CVE-2022-25073

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenti...

CVE-2022-25074

TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows una...

CVE-2022-25075

TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows at...

CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows a...

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows ...

CVE-2022-25078

TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows ...

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows a...

CVE-2022-25080

TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows atta...

CVE-2022-25081

TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attack...

CVE-2022-25082

TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. ...

CVE-2022-25083

TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows a...

CVE-2022-25084

TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attacke...

CVE-2022-25098

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.

CVE-2022-25099

A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-25101

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-25104

HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.

CVE-2022-25290

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This ...

CVE-2022-25291

An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and poten...

CVE-2022-25292

A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrar...

CVE-2022-25293

A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrar...

CVE-2022-25355

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to d...

CVE-2022-25360

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. Thi...

CVE-2022-25363

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user creden...

CVE-2022-25401

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbit...

CVE-2022-25402

An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.

CVE-2022-25404

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter.

CVE-2022-25405

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter.

CVE-2022-25406

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.

CVE-2022-25414

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.

CVE-2022-25417

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.

CVE-2022-25418

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.

CVE-2022-25636

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This...

CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs w...

CVE-2022-25640

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_ve...

CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-suppl...

CVE-2022-25809

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices ...

CVE-2022-25838

Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.

CVE-2022-0732

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating a...

CVE-2022-24687

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:w...

CVE-2022-24707

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabi...

CVE-2022-24708

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.56...

CVE-2021-38994

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service....

CVE-2021-38995

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service....

CVE-2021-39038

IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack th...

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI con...

CVE-2022-22793

Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesy...

CVE-2022-22794

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /ad...

CVE-2020-10632

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which...

CVE-2020-10635

Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the...

CVE-2020-10636

Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.

CVE-2020-10640

Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code executi...

CVE-2020-14478

A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content...

CVE-2020-14480

Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain crede...

CVE-2020-14481

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user c...

CVE-2020-14502

The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious scrip...

CVE-2020-14504

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send...

CVE-2021-26252

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of se...

CVE-2021-3596

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not ch...

CVE-2021-3607

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handli...

CVE-2021-3608

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_...

CVE-2021-3610

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is ...

CVE-2021-3700

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c....

CVE-2021-44531

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing n...

CVE-2021-44532

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer ...

CVE-2021-44533

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certifi...

CVE-2021-44662

A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php.

CVE-2021-44663

A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php.

CVE-2021-4021

A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary f...

CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted...

CVE-2022-0545

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing ...

CVE-2022-0546

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of ...

CVE-2022-0651

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter...

CVE-2022-0653

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and s...

CVE-2022-0683

The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the se...

CVE-2022-0710

The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] paramete...

CVE-2022-21824

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" paramete...

CVE-2022-23104

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Work...

CVE-2022-23135

There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, ...

CVE-2022-23922

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer dir...

CVE-2022-24232

A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-25003

Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doc...

CVE-2022-25004

Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_d...

CVE-2022-25148

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter f...

CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~...

CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in th...

CVE-2022-25306

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found ...

CVE-2022-25307

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found...

CVE-2022-24709

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface developmen...

CVE-2021-44664

An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a malicio...

CVE-2021-44665

A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.

CVE-2021-29216

A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software updat...

CVE-2021-29217

A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to ...

CVE-2021-29220

Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities coul...

CVE-2021-39363

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.

CVE-2021-39364

Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achie...

CVE-2021-43745

A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function

CVE-2022-23701

A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior ...

CVE-2022-23835

The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application tha...

CVE-2021-34359

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remot...

CVE-2021-34361

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remot...

CVE-2021-45229

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache ...

CVE-2022-0746

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.

CVE-2022-24288

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Inj...

CVE-2022-24947

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 ...

CVE-2022-24948

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, whic...

CVE-2022-0247

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO ...

CVE-2022-25326

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem s...

CVE-2022-25327

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other us...

CVE-2022-25328

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set o...

CVE-2022-24594

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.

CVE-2022-24612

An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.

CVE-2022-25374

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may captur...

CVE-2021-45977

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, Php...

CVE-2022-24327

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.

CVE-2022-24328

In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

CVE-2022-24330

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

CVE-2022-24331

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

CVE-2022-24332

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

CVE-2022-24333

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.

CVE-2022-24335

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.

CVE-2022-24336

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

CVE-2022-24337

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

CVE-2022-24338

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

CVE-2022-24339

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

CVE-2022-24340

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

CVE-2022-24341

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.

CVE-2022-24342

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.

CVE-2022-24343

In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.

CVE-2022-24344

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.

CVE-2022-24346

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.

CVE-2022-24347

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.

CVE-2021-38993

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of servic...

CVE-2021-22319

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.

CVE-2021-22394

There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen C...

CVE-2021-22395

There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22426

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22429

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22430

There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.

CVE-2021-22431

There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds a...

CVE-2021-22432

There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds a...

CVE-2021-22433

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22434

There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be exe...

CVE-2021-22437

There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random addr...

CVE-2021-22441

Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.

CVE-2021-22448

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of...

CVE-2021-22478

The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage.

CVE-2021-22479

The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to ker...

CVE-2021-22480

The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memo...

CVE-2021-22489

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.

CVE-2021-26617

This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malic...

CVE-2021-37027

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-37103

There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confiden...

CVE-2021-37504

A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web script...

CVE-2021-40043

The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effective...

CVE-2021-40046

PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond i...

CVE-2021-42244

A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted tit...

CVE-2022-0615

Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the syste...

CVE-2022-21209

The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that woul...

CVE-2022-21798

The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used t...

CVE-2022-23921

Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is onl...

CVE-2022-23985

The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that wou...

CVE-2022-25170

The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary c...

CVE-2021-23495

The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.

CVE-2021-42952

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can the...

CVE-2021-44132

A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands v...

CVE-2022-24442

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

CVE-2022-25060

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

CVE-2022-25061

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

CVE-2022-25062

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers ...

CVE-2022-25064

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

CVE-2022-25259

JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.

CVE-2022-25260

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).

CVE-2022-25261

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

CVE-2022-25262

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.

CVE-2022-25263

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

CVE-2022-25264

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.

CVE-2022-24710

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user nam...

CVE-2022-21706

Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access...

CVE-2022-25094

Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in Syste...

CVE-2022-25095

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.

CVE-2022-25096

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php...

CVE-2021-46702

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity...

CVE-2020-36516

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off...

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVE-2022-24986

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be c...

CVE-2022-25359

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.

CVE-2022-0762

Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.

CVE-2022-0763

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.

CVE-2022-0723

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.

CVE-2022-0764

Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.

CVE-2020-27958

The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide cra...

CVE-2022-26146

Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.

CVE-2022-26149

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Upl...

CVE-2022-22908

SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the User...

CVE-2021-3967

Improper Access Control in GitHub repository zulip/zulip prior to 4.10.

CVE-2021-21708

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/m...

CVE-2022-0772

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.

CVE-2021-43945

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or ...

CVE-2022-26159

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/au...

CVE-2020-36510

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX ac...

CVE-2021-24688

The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_fil...

CVE-2021-24689

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the w...

CVE-2021-24704

In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared SQL query ...

CVE-2021-24730

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX a...

CVE-2021-24803

The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a ...

CVE-2021-24820

The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform...

CVE-2021-24823

The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attac...

CVE-2021-24864

The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dash...

CVE-2021-24898

The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege use...

CVE-2021-24901

The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform ...

CVE-2021-24903

The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users ...

CVE-2021-24913

The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing att...

CVE-2021-24920

The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege u...

CVE-2021-24933

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the term...

CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not ...

CVE-2021-24977

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthent...

CVE-2021-24994

The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well a...

CVE-2021-25010

The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbi...

CVE-2021-25011

The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which cou...

CVE-2021-25034

The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflec...

CVE-2021-25042

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX acti...

CVE-2021-25081

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers...

CVE-2021-25112

The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading t...

CVE-2021-25118

The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST e...

CVE-2021-4222

The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform...

CVE-2022-0150

The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 de...

CVE-2022-0189

The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action befor...

CVE-2022-0328

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logg...

CVE-2022-0345

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX actio...

CVE-2022-0360

The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which coul...

CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user cro...

CVE-2022-0383

The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a hi...

CVE-2022-0385

The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the ...

CVE-2022-0411

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route...

CVE-2022-0412

The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the ...

CVE-2022-23911

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when r...

CVE-2022-23912

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute...

CVE-2022-23987

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perfor...

CVE-2022-23988

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit ...

CVE-2022-0768

Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2.

CVE-2022-24571

Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to ge...

CVE-2022-24572

Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vuln...

CVE-2022-24685

HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fix...

CVE-2021-43086

ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer...

CVE-2021-44334

David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overf...

CVE-2022-25642

Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.

CVE-2021-44339

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overf...

CVE-2021-44340

David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-o...

CVE-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allo...

CVE-2022-24712

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers...

CVE-2022-26155

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter ...

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= pa...

CVE-2022-26157

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secur...

CVE-2022-26158

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a c...

CVE-2021-44331

ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise().

CVE-2021-44342

David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in "/ok_png.c:494".

CVE-2020-22844

A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.

CVE-2020-22845

A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.

CVE-2022-25013

Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the com...

CVE-2022-25014

Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current...

CVE-2022-25015

A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First...

CVE-2022-25023

Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.

CVE-2022-26181

Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.

CVE-2022-26315

qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.

CVE-2021-41111

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated...

CVE-2021-41112

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users coul...

CVE-2021-45414

A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver...

CVE-2022-0743

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is...

CVE-2022-23907

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.

CVE-2022-25028

Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter unde...

CVE-2022-25407

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1....

CVE-2022-25408

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-pane...

CVE-2022-25409

Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1....

CVE-2022-25410

Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.

CVE-2022-25411

A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-25412

Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and d...

CVE-2022-25413

Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3.