-
2023-03-24 20:15:15
SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of daNational Vulnerability Database
-
2023-03-24 20:15:14
Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/ANational Vulnerability Database
-
2023-03-24 20:15:14
Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/ANational Vulnerability Database
-
2023-03-24 20:15:14
In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges National Vulnerability Database
-
2023-03-24 20:15:13
In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges neNational Vulnerability Database
-
2023-03-24 20:15:13
In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges neededNational Vulnerability Database
-
2023-03-24 20:15:13
In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileNational Vulnerability Database
-
2023-03-24 20:15:13
In Display::setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:13
In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/ANational Vulnerability Database
-
2023-03-24 20:15:13
In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:13
In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges neNational Vulnerability Database
-
2023-03-24 20:15:12
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no National Vulnerability Database
-
2023-03-24 20:15:12
In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. National Vulnerability Database
-
2023-03-24 20:15:12
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no National Vulnerability Database
-
2023-03-24 20:15:12
In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure witNational Vulnerability Database
-
2023-03-24 20:15:12
In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privNational Vulnerability Database
-
2023-03-24 20:15:12
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:12
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not National Vulnerability Database
-
2023-03-24 20:15:12
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no National Vulnerability Database
-
2023-03-24 20:15:12
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:12
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:12
In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution National Vulnerability Database
-
2023-03-24 20:15:12
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:12
In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with SystemNational Vulnerability Database
-
2023-03-24 20:15:12
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no National Vulnerability Database
-
2023-03-24 20:15:12
In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional National Vulnerability Database
-
2023-03-24 20:15:11
In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privNational Vulnerability Database
-
2023-03-24 20:15:11
In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System eNational Vulnerability Database
-
2023-03-24 20:15:11
In btm_read_local_oob_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges neeNational Vulnerability Database
-
2023-03-24 20:15:11
In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execuNational Vulnerability Database
-
2023-03-24 20:15:11
In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System executNational Vulnerability Database
-
2023-03-24 20:15:11
In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. National Vulnerability Database
-
2023-03-24 20:15:11
In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needeNational Vulnerability Database
-
2023-03-24 20:15:11
In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needeNational Vulnerability Database
-
2023-03-24 20:15:11
In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needNational Vulnerability Database
-
2023-03-24 20:15:11
In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with SystNational Vulnerability Database
-
2023-03-24 20:15:11
In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional exNational Vulnerability Database
-
2023-03-24 20:15:11
In BtaAvCo::GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution National Vulnerability Database
-
2023-03-24 20:15:11
In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. National Vulnerability Database
-
2023-03-24 20:15:11
In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System executNational Vulnerability Database
-
2023-03-24 20:15:11
In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.National Vulnerability Database
-
2023-03-24 20:15:10
In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permission without the user's consent due to a logic error in the code. National Vulnerability Database
-
2023-03-24 20:15:10
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:10
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:10
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:10
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:10
In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additioNational Vulnerability Database
-
2023-03-24 20:15:10
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ProNational Vulnerability Database
-
2023-03-24 20:15:09
In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges neNational Vulnerability Database
-
2023-03-24 20:15:09
In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution National Vulnerability Database
-
2023-03-24 20:15:09
In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:09
In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution priviNational Vulnerability Database
-
2023-03-24 20:15:09
In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:09
In addNetworkSuggestions of WifiManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution priviNational Vulnerability Database
-
2023-03-24 20:15:09
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:09
In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. National Vulnerability Database
-
2023-03-24 20:15:09
In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional executNational Vulnerability Database
-
2023-03-24 20:15:09
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional exNational Vulnerability Database
-
2023-03-24 20:15:09
In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no National Vulnerability Database
-
2023-03-24 20:15:09
In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privilegNational Vulnerability Database
-
2023-03-24 20:15:09
In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. National Vulnerability Database
-
2023-03-24 20:15:09
In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privilegesNational Vulnerability Database
-
2023-03-24 20:15:09
In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no adNational Vulnerability Database
-
2023-03-24 20:15:09
In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. National Vulnerability Database
-
2023-03-24 20:15:09
In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. National Vulnerability Database
-
2023-03-24 20:15:09
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. National Vulnerability Database
-
2023-03-24 20:15:09
In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. National Vulnerability Database
-
2023-03-24 20:15:09
In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. National Vulnerability Database
-
2023-03-24 20:15:09
In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:08
In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:08
A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, National Vulnerability Database
-
2023-03-24 20:15:08
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookuNational Vulnerability Database
-
2023-03-24 20:15:08
In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges National Vulnerability Database
-
2023-03-24 20:15:08
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookuNational Vulnerability Database
-
2023-03-24 20:15:08
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().National Vulnerability Database
-
2023-03-24 20:15:08
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookuNational Vulnerability Database
-
2023-03-24 20:15:08
In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privNational Vulnerability Database
-
2023-03-24 20:15:08
In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.National Vulnerability Database
-
2023-03-24 20:15:08
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_National Vulnerability Database
-
2023-03-24 20:15:08
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookupNational Vulnerability Database
-
2023-03-24 20:15:08
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_National Vulnerability Database
-
2023-03-24 20:15:08
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution priviNational Vulnerability Database
-
2023-03-24 20:15:08
In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. National Vulnerability Database
-
2023-03-24 20:15:08
In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. National Vulnerability Database
-
2023-03-24 17:15:07
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.National Vulnerability Database
-
2023-03-24 16:15:08
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.National Vulnerability Database
-
2023-03-24 15:15:10
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.National Vulnerability Database
-
2023-03-24 15:15:10
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.National Vulnerability Database
-
2023-03-24 15:15:10
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.National Vulnerability Database
-
2023-03-24 14:15:09
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. National Vulnerability Database
-
2023-03-24 12:15:07
SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.National Vulnerability Database
-
2023-03-24 00:15:15
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5National Vulnerability Database
-
2023-03-23 22:15:13
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.National Vulnerability Database
-
2023-03-23 22:15:12
Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component.National Vulnerability Database
-
2023-03-23 22:15:12
A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file.National Vulnerability Database
-
2023-03-23 22:15:12
RESERVED churchcrm v4.5.3 was discovered to contain a SQL injection vulnerability via the Event parameter at /churchcrm/EventAttendance.php.National Vulnerability Database
-
2023-03-23 21:15:20
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.National Vulnerability Database
-
2023-03-23 21:15:20
Authenticated users were able to enumerate other users' names via the learning plans page.National Vulnerability Database
-
2023-03-23 21:15:20
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.National Vulnerability Database
-
2023-03-23 21:15:19
A vulnerability has been found in Rebuild up to 3.2.3 and classified as problematic. This vulnerability affects unknown code of the file /feeds/post/publish. The manipulation leads to cross site scripNational Vulnerability Database
-
2023-03-23 21:15:19
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.National Vulnerability Database
-
2023-03-23 21:15:19
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attemptsNational Vulnerability Database
-
2023-03-23 21:15:19
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: National Vulnerability Database
-
2023-03-23 21:15:19
A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible National Vulnerability Database
-
2023-03-23 21:15:19
RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.National Vulnerability Database
-
2023-03-23 21:15:19
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).National Vulnerability Database
-
2023-03-23 21:15:19
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.National Vulnerability Database
-
2023-03-23 21:15:19
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, National Vulnerability Database
-
2023-03-23 21:15:19
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: National Vulnerability Database
-
2023-03-23 21:15:19
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. National Vulnerability Database
-
2023-03-23 20:15:15
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution iNational Vulnerability Database
-
2023-03-23 20:15:15
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability tNational Vulnerability Database
-
2023-03-23 20:15:15
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the conNational Vulnerability Database
-
2023-03-23 20:15:15
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.National Vulnerability Database
-
2023-03-23 20:15:14
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. National Vulnerability Database
-
2023-03-23 20:15:14
A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injNational Vulnerability Database
-
2023-03-23 20:15:14
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads tNational Vulnerability Database
-
2023-03-23 20:15:14
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leadsNational Vulnerability Database
-
2023-03-23 20:15:14
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.National Vulnerability Database
-
2023-03-23 19:15:12
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.National Vulnerability Database
-
2023-03-23 19:15:12
A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is some unknown functionality of the file DictController.java. The manipulation of the argument orderbyNational Vulnerability Database
-
2023-03-23 17:15:15
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.National Vulnerability Database
-
2023-03-23 17:15:15
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document â€National Vulnerability Database
-
2023-03-23 17:15:15
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.National Vulnerability Database
-
2023-03-23 17:15:15
An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module.National Vulnerability Database
-
2023-03-23 17:15:15
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klaviyo, Inc. Klaviyo plugin <= 3.0.7 versions.National Vulnerability Database
-
2023-03-23 17:15:13
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. National Vulnerability Database
-
2023-03-23 17:15:13
Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7 versions.National Vulnerability Database
-
2023-03-23 16:15:11
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. National Vulnerability Database
-
2023-03-23 16:15:11
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration pNational Vulnerability Database
-
2023-03-23 15:15:12
Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package.National Vulnerability Database
-
2023-03-23 15:15:12
A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.National Vulnerability Database
-
2023-03-23 15:15:12
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.National Vulnerability Database
-
2023-03-23 15:15:11
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions.National Vulnerability Database
-
2023-03-23 15:15:11
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions.National Vulnerability Database
-
2023-03-23 15:15:11
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,National Vulnerability Database
-
2023-03-23 15:15:11
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arNational Vulnerability Database
-
2023-03-23 15:15:11
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions.National Vulnerability Database
-
2023-03-23 15:15:11
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions.National Vulnerability Database
-
2023-03-23 14:15:15
Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted packageNational Vulnerability Database
-
2023-03-23 14:15:15
Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.National Vulnerability Database
-
2023-03-23 14:15:15
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Michael Aronoff Very Simple Google Maps plugin <= 2.8.4 versions.National Vulnerability Database
-
2023-03-23 14:15:15
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions.National Vulnerability Database
-
2023-03-23 14:15:15
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.National Vulnerability Database
-
2023-03-23 14:15:15
xpdf v4.04 was discovered to contain a stack overflow in the component pdftotext.National Vulnerability Database
-
2023-03-23 14:15:14
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TemplatesNext TemplatesNext ToolKit plugin <= 3.2.7 versions.National Vulnerability Database
-
2023-03-23 14:15:14
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.National Vulnerability Database
-
2023-03-23 12:15:13
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.National Vulnerability Database
-
2023-03-23 12:15:13
Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions.National Vulnerability Database
-
2023-03-23 12:15:12
Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions.National Vulnerability Database
-
2023-03-23 12:15:12
Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions.National Vulnerability Database
-
2023-03-23 12:15:12
Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.National Vulnerability Database
-
2023-03-23 11:15:13
A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument National Vulnerability Database
-
2023-03-23 10:15:12
A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/MasNational Vulnerability Database
-
2023-03-23 10:15:12
A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of thNational Vulnerability Database
-
2023-03-23 10:15:12
A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injNational Vulnerability Database
-
2023-03-23 09:15:11
A vulnerability classified as critical has been found in SourceCodester Automatic Question Paper Generator System 1.0. This affects an unknown part of the file classes/Users.php?f=save_ruser. National Vulnerability Database
-
2023-03-23 08:15:12
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php.National Vulnerability Database
-
2023-03-23 08:15:12
A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/National Vulnerability Database
-
2023-03-23 08:15:12
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. National Vulnerability Database
-
2023-03-23 07:15:12
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.This issue affects Web Report System: before National Vulnerability Database
-
2023-03-23 07:15:11
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.This issue affects Web Report System: before National Vulnerability Database
-
2023-03-23 06:15:12
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.National Vulnerability Database
-
2023-03-23 05:15:16
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. National Vulnerability Database
-
2023-03-23 02:15:12
Temenos T24 Release 20 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the routineName parameter at genrequest.jsp.National Vulnerability Database
-
2023-03-23 02:15:12
IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task.National Vulnerability Database
-
2023-03-23 02:15:12
An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. National Vulnerability Database
-
2023-03-23 02:15:12
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.National Vulnerability Database
-
2023-03-23 02:15:12
swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.National Vulnerability Database
