-
2022-12-01 18:15:10
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall older than version 19.5 GA.National Vulnerability Database
-
2022-12-01 18:15:10
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall older than version 19.5 GA.National Vulnerability Database
-
2022-12-01 18:15:10
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall older than version 19.5 GA.National Vulnerability Database
-
2022-12-01 09:15:09
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The title parameter on the twitter.php endpoint does not properly neutralNational Vulnerability Database
-
2022-12-01 08:15:09
A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument National Vulnerability Database
-
2022-12-01 08:15:09
A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. National Vulnerability Database
-
2022-12-01 08:15:09
A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argumeNational Vulnerability Database
-
2022-12-01 08:15:09
A vulnerability classified as problematic has been found in Kakao PotPlayer. This affects an unknown part of the component MID File Handler. The manipulation leads to denial of service. It is possibleNational Vulnerability Database
-
2022-12-01 08:15:09
A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injecNational Vulnerability Database
-
2022-12-01 08:15:09
A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulatNational Vulnerability Database
-
2022-12-01 08:15:09
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads National Vulnerability Database
-
2022-12-01 05:15:11
ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).National Vulnerability Database
-
2022-12-01 05:15:11
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.National Vulnerability Database
-
2022-12-01 05:15:11
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). National Vulnerability Database
-
2022-11-30 23:15:10
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. National Vulnerability Database
-
2022-11-30 18:15:10
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.National Vulnerability Database
-
2022-11-30 18:15:09
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.National Vulnerability Database
-
2022-11-30 18:15:09
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.National Vulnerability Database
-
2022-11-30 17:15:10
A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. National Vulnerability Database
-
2022-11-30 17:15:10
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.National Vulnerability Database
-
2022-11-30 15:15:10
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.National Vulnerability Database
-
2022-11-30 15:15:10
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).National Vulnerability Database
-
2022-11-30 15:15:10
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.National Vulnerability Database
-
2022-11-30 15:15:10
SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS).National Vulnerability Database
-
2022-11-30 14:15:10
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.National Vulnerability Database
-
2022-11-30 14:15:10
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. National Vulnerability Database
-
2022-11-30 14:15:10
A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads National Vulnerability Database
-
2022-11-30 14:15:10
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf geneNational Vulnerability Database
-
2022-11-30 13:15:11
Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.National Vulnerability Database
-
2022-11-30 13:15:10
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such asNational Vulnerability Database
-
2022-11-30 13:15:10
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plNational Vulnerability Database
-
2022-11-30 13:15:10
Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.National Vulnerability Database
-
2022-11-30 12:15:10
A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. National Vulnerability Database
-
2022-11-30 12:15:10
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricteNational Vulnerability Database
-
2022-11-30 12:15:10
A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=National Vulnerability Database
-
2022-11-30 12:15:10
A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to iNational Vulnerability Database
-
2022-11-30 09:15:08
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restNational Vulnerability Database
-
2022-11-30 07:15:09
A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request HNational Vulnerability Database
-
2022-11-30 05:15:11
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisationNational Vulnerability Database
-
2022-11-30 05:15:11
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.National Vulnerability Database
-
2022-11-30 05:15:11
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.National Vulnerability Database
-
2022-11-30 05:15:11
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.National Vulnerability Database
-
2022-11-30 05:15:11
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.National Vulnerability Database
-
2022-11-30 03:15:14
Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.National Vulnerability Database
-
2022-11-30 03:15:13
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.National Vulnerability Database
-
2022-11-30 03:15:13
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.National Vulnerability Database
-
2022-11-30 00:15:11
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)National Vulnerability Database
-
2022-11-30 00:15:11
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: MNational Vulnerability Database
-
2022-11-30 00:15:10
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome ExtensNational Vulnerability Database
-
2022-11-30 00:15:10
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium securNational Vulnerability Database
-
2022-11-30 00:15:10
Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentialNational Vulnerability Database
-
2022-11-30 00:15:10
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictioNational Vulnerability Database
-
2022-11-30 00:15:10
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome ExtNational Vulnerability Database
-
2022-11-30 00:15:10
Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security seveNational Vulnerability Database
-
2022-11-30 00:15:10
Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UINational Vulnerability Database
-
2022-11-30 00:15:10
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium securityNational Vulnerability Database
-
2022-11-30 00:15:10
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severityNational Vulnerability Database
-
2022-11-30 00:15:10
Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)National Vulnerability Database
-
2022-11-30 00:15:10
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crNational Vulnerability Database
-
2022-11-30 00:15:10
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (ChromNational Vulnerability Database
-
2022-11-30 00:15:10
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security sNational Vulnerability Database
-
2022-11-30 00:15:10
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)National Vulnerability Database
-
2022-11-30 00:15:10
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: MedNational Vulnerability Database
-
2022-11-30 00:15:10
Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profileNational Vulnerability Database
-
2022-11-30 00:15:10
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome ExNational Vulnerability Database
-
2022-11-30 00:15:10
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severitNational Vulnerability Database
-
2022-11-30 00:15:10
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: MediNational Vulnerability Database
-
2022-11-30 00:15:09
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)National Vulnerability Database
-
2022-11-29 23:15:10
Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, National Vulnerability Database
-
2022-11-29 21:15:12
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, National Vulnerability Database
-
2022-11-29 21:15:12
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. National Vulnerability Database
-
2022-11-29 21:15:12
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited iNational Vulnerability Database
-
2022-11-29 21:15:12
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, National Vulnerability Database
-
2022-11-29 21:15:12
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, National Vulnerability Database
-
2022-11-29 21:15:12
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. National Vulnerability Database
-
2022-11-29 21:15:11
The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versionNational Vulnerability Database
-
2022-11-29 21:15:11
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes itNational Vulnerability Database
-
2022-11-29 21:15:11
The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, National Vulnerability Database
-
2022-11-29 21:15:11
The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, National Vulnerability Database
-
2022-11-29 21:15:11
The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and ouNational Vulnerability Database
-
2022-11-29 21:15:11
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the National Vulnerability Database
-
2022-11-29 21:15:11
The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, National Vulnerability Database
-
2022-11-29 21:15:11
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. National Vulnerability Database
-
2022-11-29 21:15:11
The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sNational Vulnerability Database
-
2022-11-29 21:15:11
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate_dropdown_options function that accepts user supplied input and National Vulnerability Database
-
2022-11-29 21:15:11
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. National Vulnerability Database
-
2022-11-29 21:15:11
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.National Vulnerability Database
-
2022-11-29 21:15:10
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest National Vulnerability Database
-
2022-11-29 21:15:10
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.National Vulnerability Database
-
2022-11-29 21:15:10
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, National Vulnerability Database
-
2022-11-29 21:15:10
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.National Vulnerability Database
-
2022-11-29 21:15:10
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.National Vulnerability Database
-
2022-11-29 21:15:10
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodesNational Vulnerability Database
-
2022-11-29 20:15:09
Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.National Vulnerability Database
-
2022-11-29 18:15:10
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, National Vulnerability Database
-
2022-11-29 18:15:10
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. National Vulnerability Database
-
2022-11-29 18:15:10
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, National Vulnerability Database
-
2022-11-29 17:15:11
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.National Vulnerability Database
-
2022-11-29 17:15:11
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.National Vulnerability Database
-
2022-11-29 17:15:11
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. National Vulnerability Database
-
2022-11-29 17:15:11
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data aNational Vulnerability Database
-
2022-11-29 17:15:11
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checNational Vulnerability Database
-
2022-11-29 17:15:11
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, National Vulnerability Database
-
2022-11-29 17:15:11
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directNational Vulnerability Database
-
2022-11-29 16:15:09
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.National Vulnerability Database
-
2022-11-29 15:15:10
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote cNational Vulnerability Database
-
2022-11-29 14:15:13
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, National Vulnerability Database
-
2022-11-29 13:15:10
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, National Vulnerability Database
-
2022-11-29 09:15:09
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leNational Vulnerability Database
-
2022-11-29 05:15:11
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator accNational Vulnerability Database
-
2022-11-29 05:15:11
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.National Vulnerability Database
-
2022-11-29 05:15:11
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.National Vulnerability Database
-
2022-11-29 05:15:11
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.National Vulnerability Database
-
2022-11-29 04:15:11
Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.National Vulnerability Database
-
2022-11-29 04:15:11
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.National Vulnerability Database
-
2022-11-29 04:15:11
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.National Vulnerability Database
-
2022-11-29 04:15:10
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.National Vulnerability Database
-
2022-11-29 04:15:10
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the iNational Vulnerability Database
-
2022-11-29 04:15:10
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.National Vulnerability Database
-
2022-11-29 04:15:10
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. National Vulnerability Database
-
2022-11-29 04:15:10
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.National Vulnerability Database
-
2022-11-29 04:15:10
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.National Vulnerability Database
-
2022-11-29 04:15:10
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, National Vulnerability Database
-
2022-11-29 04:15:10
RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.National Vulnerability Database
-
2022-11-29 04:15:10
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.National Vulnerability Database
-
2022-11-29 02:15:09
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folNational Vulnerability Database
-
2022-11-29 02:15:09
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.National Vulnerability Database
-
2022-11-29 02:15:09
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that foldeNational Vulnerability Database
-
2022-11-29 02:15:09
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located National Vulnerability Database
-
2022-11-29 02:15:08
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.National Vulnerability Database
-
2022-11-28 22:15:11
A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash theNational Vulnerability Database
-
2022-11-28 22:15:11
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. National Vulnerability Database
-
2022-11-28 22:15:11
A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.National Vulnerability Database
-
2022-11-28 22:15:11
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. National Vulnerability Database
-
2022-11-28 22:15:10
A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameterNational Vulnerability Database
-
2022-11-28 22:15:10
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. National Vulnerability Database
-
2022-11-28 22:15:10
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPasswoNational Vulnerability Database
-
2022-11-28 22:15:10
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. National Vulnerability Database
-
2022-11-28 22:15:10
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. National Vulnerability Database
-
2022-11-28 22:15:10
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and seNational Vulnerability Database
-
2022-11-28 22:15:10
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. National Vulnerability Database
-
2022-11-28 22:15:10
This update resolves a multi-factor authentication bypass attackNational Vulnerability Database
-
2022-11-28 22:15:10
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 SNational Vulnerability Database
-
2022-11-28 21:15:10
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multipNational Vulnerability Database
-
2022-11-28 21:15:10
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. National Vulnerability Database
-
2022-11-28 21:15:10
Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.National Vulnerability Database
-
2022-11-28 21:15:10
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, National Vulnerability Database
-
2022-11-28 21:15:10
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to anNational Vulnerability Database
-
2022-11-28 20:15:16
Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress.National Vulnerability Database
-
2022-11-28 20:15:16
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.National Vulnerability Database
-
2022-11-28 19:15:11
A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.National Vulnerability Database
-
2022-11-28 18:15:12
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_National Vulnerability Database
-
2022-11-28 17:15:10
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.National Vulnerability Database
-
2022-11-28 16:15:09
Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.National Vulnerability Database
-
2022-11-28 16:15:09
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.National Vulnerability Database
-
2022-11-28 15:15:10
Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).National Vulnerability Database
-
2022-11-28 15:15:10
Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.National Vulnerability Database
-
2022-11-28 15:15:10
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in verNational Vulnerability Database
-
2022-11-28 15:15:10
Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammNational Vulnerability Database
-
2022-11-28 15:15:10
Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huNational Vulnerability Database
-
2022-11-28 15:15:10
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.National Vulnerability Database
-
2022-11-28 15:15:10
AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.National Vulnerability Database
-
2022-11-28 15:15:10
Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.National Vulnerability Database
-
2022-11-28 15:15:10
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications forNational Vulnerability Database
-
2022-11-28 14:15:18
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as loNational Vulnerability Database
-
2022-11-28 14:15:18
The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via National Vulnerability Database
-
2022-11-28 14:15:17
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as loNational Vulnerability Database
-
2022-11-28 14:15:17
The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, National Vulnerability Database
-
2022-11-28 14:15:17
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as loNational Vulnerability Database
-
2022-11-28 14:15:16
The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:16
The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:15
The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:15
The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:15
The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:14
The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:14
The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:14
The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low aNational Vulnerability Database
-
2022-11-28 14:15:14
The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:13
The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:13
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role asNational Vulnerability Database
-
2022-11-28 14:15:13
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege usersNational Vulnerability Database
-
2022-11-28 14:15:12
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, National Vulnerability Database
-
2022-11-28 14:15:12
The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, National Vulnerability Database
-
2022-11-28 14:15:12
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could National Vulnerability Database
-
2022-11-28 14:15:12
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, National Vulnerability Database
-
2022-11-28 14:15:11
The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_hNational Vulnerability Database
-
2022-11-28 14:15:11
The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site ScripNational Vulnerability Database
-
2022-11-28 14:15:10
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, National Vulnerability Database
-
2022-11-28 13:15:10
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.National Vulnerability Database
-
2022-11-28 13:15:10
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.National Vulnerability Database
-
2022-11-28 13:15:09
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.National Vulnerability Database
-
2022-11-28 11:15:10
A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can National Vulnerability Database
-
2022-11-28 11:15:10
A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial National Vulnerability Database
-
2022-11-28 11:15:10
A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially-crafted I/O request packet (IRP) can lead to denial National Vulnerability Database
-
2022-11-28 06:15:10
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementationNational Vulnerability Database
