Vulnerability Index: Year 2022

Branch Predictor Selector Leakage Vulnerability in Intel Processors Branch Predictor Information Disclosure Vulnerability in Intel Processors Intel(R) Boot Guard and Intel(R) TXT Vulnerability: Privilege Escalation via Physical Access JTAG Interface Vulnerability in Intel(R) Processors with SGX: Potential Information Disclosure via Physical Probing Sensitive Information Leakage via Log Files in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools Vulnerability: Inaccurate URL Category Enforcement in PAN-OS Software Improper Link Resolution Vulnerability in Palo Alto Networks Cortex XDR Agent File Information Exposure Vulnerability in Palo Alto Networks Cortex XDR Agent Untrusted Search Path Vulnerability in Palo Alto Networks Cortex XDR Agent Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent Connect Before Logon Vulnerability in Palo Alto Networks GlobalProtect App Improper Link Resolution Vulnerability in Palo Alto Networks GlobalProtect App on Windows Information Exposure Vulnerability in Palo Alto Networks GlobalProtect App on Windows and MacOS Insufficiently Protected Credentials Vulnerability in Palo Alto Networks GlobalProtect App on Linux Stored Cross-Site Scripting (XSS) Vulnerability in Palo Alto Network Cortex XSOAR Web Interface Title: Information Exposure Vulnerability in Palo Alto Networks GlobalProtect App on Windows Weak Cryptographic Algorithm Vulnerability in Palo Alto Networks PAN-OS Software DNS Proxy Denial-of-Service Vulnerability in Palo Alto Networks PAN-OS Software Title: Root Privilege Escalation Vulnerability in Palo Alto Networks PAN-OS Software Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent Software on Windows Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent Software on Windows Improper Authorization Vulnerability in Palo Alto Network Cortex XSOAR Software PAN-OS URL Filtering Policy Misconfiguration Vulnerability Improper Link Resolution Vulnerability in Palo Alto Networks Cortex XDR Agent on Windows Devices Palo Alto Networks PAN-OS 8.1 Web Interface Authentication Bypass Vulnerability Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XSOAR Engine Software Incomplete fix for CVE-2021-3100: Apache Log4j hotpatch package fails to fully address vulnerability Insufficient Resource Limitation and Device Restriction in Hotdog (CVE-2021-3101) Path Traversal Vulnerability in LiteSpeed Web Server and OpenLiteSpeed Command Injection Vulnerability in LiteSpeed Web Server and OpenLiteSpeed Web Server Privilege Escalation via Untrusted Search Path in LiteSpeed Web Server Sensitive Information Leakage Vulnerability in showdoc Heap-based Buffer Overflow Vulnerability in mruby Sensitive Information Disclosure Vulnerability in livehelperchat XNIO Vulnerability: Log Contention and Disk Fill-up Exploit SSRF Vulnerability in dompdf/dompdf prior to 2.0.0 Uppy Vulnerability: Server-Side Request Forgery (SSRF) Keystone Vulnerability: Cross-Site Scripting (XSS) CSRF Vulnerability in GitHub Repository yourls/yourls prior to 1.8.3 GitLab Vulnerability: Commit Spoofing via Replacement References GitLab Password Expiry Bypass Vulnerability Allows Unauthorized Access to Sensitive Information via RSS Feeds Remote Code Execution Vulnerability in Google Chrome's Storage (CVE-2022-12345) DevTools Inadequate Sandbox Escape Vulnerability in Google Chrome (CVE-2021-37975) Screen Capture Use After Free Vulnerability in Google Chrome on Chrome OS Remote Code Execution via Use After Free in Google Chrome Sign-in Heap Buffer Overflow in Media Streams API in Google Chrome Heap Buffer Overflow in Google Chrome Bookmarks Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 97.0.4692.71) Remote Code Execution Vulnerability in SwiftShader in Google Chrome Heap Buffer Overflow in ANGLE in Google Chrome: Remote Code Execution Vulnerability PDF Accessibility Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome Autofill Use After Free Vulnerability in Google Chrome File Manager API on Chrome OS Cross-Origin Data Leakage in Google Chrome Navigation Autofill Vulnerability in Google Chrome: Remote Information Disclosure Omnibox Spoofing Vulnerability in Google Chrome Autofill Remote Origin Spoofing Vulnerability in Google Chrome Inaccurate URL Display Vulnerability in Google Chrome Cross-Origin Data Leakage in Google Chrome Prior to 97.0.4692.71 Blink Serial API Out of Bounds Memory Read Vulnerability Uninitialized Use Vulnerability in Google Chrome File API (CVE-2021-30563) Omnibox Spoofing Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Omnibox Content Hiding Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Cross-site Scripting (XSS) vulnerability in hoppscotch/hoppscotch before 2.1.1 URL Redirection Vulnerability in Forge Insecure SSL Certificate Validation in GitLab External CI Services GitLab Slack Integration URL Validation Vulnerability Insecure Member Import Verification in GitLab Out-of-bounds Read Vulnerability in Vim Uncontrolled Search Path Element Vulnerability in McAfee TechCheck Prior to 4.0.0.2 Remote Code Execution Vulnerability in Tenable.sc Versions 5.14.0 - 5.19.1 Hard-coded API Key Vulnerability in Jimoty App for Android Peertube Vulnerability: Server-Side Request Forgery (SSRF) Exploit Peertube Vulnerability: Improper Access Control CSRF Vulnerability in AnyComment WordPress Plugin before 0.2.18 Vulnerability: Out-of-Bounds Write in VirGL Renderer Blind SSRF Vulnerability in GitLab's Project Import Feature Heap Buffer Overflow in image_set_mask function of HTMLDOC before 1.9.15 Arbitrary Class Creation Vulnerability in MMP, PTP C-series, and PTMP C-series and A5x Devices GitHub Repository radareorg/radare2 Prior to 5.6.0: Use After Free Vulnerability Unauthenticated Access Control Vulnerability in Visual Form Builder WordPress Plugin CSRF Vulnerability in Visual Form Builder WordPress Plugin CSV Injection Vulnerability in Visual Form Builder WordPress Plugin Unauthenticated Access Vulnerability in LDAP Connector with StartTLS Configuration ShellJS Vulnerability: Improper Privilege Management Stored Cross-site Scripting (XSS) Vulnerability in Fork CMS prior to version 5.11.1 Reflected Cross-Site Scripting in Cookie Information WordPress Plugin Reflected XSS Vulnerability in All-in-one Floating Contact Form WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in WooCommerce Stored Exporter WordPress Plugin Reflected Cross-Site Scripting in WP Accessibility Helper WordPress Plugin GitLab Vulnerability: Denial of Service via Incorrect Handling of Package Deletion Requests Unauthorized Access to Fields in GitLab GraphQL API SQL Injection Vulnerability in Fork CMS Prior to Version 5.11.1 Cross-Site Request Forgery Vulnerability in GitLab Allows Unauthorized GitHub Project Import Vulnerability: follow-redirects Allows Unauthorized Access to Private Personal Information Vim Vulnerability: Use After Free Exploit Cross-Site Scripting Vulnerability in Phoronix-Test-Suite Heap-based Buffer Overflow Vulnerability in Vim OrchardCore Vulnerability: Cross-Site Scripting (XSS) Reflected Cross-Site Scripting in ARI Fancy Lightbox WordPress Plugin ClearText Authentication Vulnerability in TP-Link TL-WR841N V11 Wireless Router Arbitrary Data Download Vulnerability in Smart Forms WordPress Plugin Arbitrary Email Sending Vulnerability in Coming Soon and Maintenance Mode WordPress Plugin Unvalidated Redirect Vulnerability in KingComposer WordPress Plugin Privilege Escalation via Malicious openssl.cnf File in McAfee Agent Vulnerability: Autocomplete Attribute Not Disabled in GitLab Linux Kernel SMB2 IOCTL Query Info Denial of Service Vulnerability Unauthenticated SQL Injection in Photo Gallery by 10Web WordPress Plugin Peertube Vulnerability: Improper Access Control Vulnerability in Linux Kernel's KVM SEV API Allows Host Kernel Crash via Confidential Guest VM Instance GraphQL IP Restriction Bypass Vulnerability in GitLab CE/EE Out-of-bounds Read Vulnerability in radare2 Quantity Validation Bypass Vulnerability in Dolibarr Dolibarr Memory Initialization Vulnerability in VirGL Renderer Reflected Cross-Site Scripting in PowerPack Lite for Beaver Builder WordPress Plugin Missing Authorization vulnerability in snipe snipe/snipe-it Snipe-IT Vulnerability: Missing Authorization CSRF Vulnerability in Quiz And Survey Master Plugin Reflected Cross-Site Scripting Vulnerability in Quiz And Survey Master Versions Prior to 7.3.7 Stored Cross-Site Scripting Vulnerability in Quiz And Survey Master Versions Prior to 7.3.7 Unencrypted Password Storage Vulnerability in 'MIRUPASS' PW10 and PW20 Firmware Credential Exposure Vulnerability in 'TEPRA' PRO SR5900P and SR-R7900P Heap-based Buffer Overflow Vulnerability in Linux Kernel's Filesystem Context Functionality Cross-Site Scripting Vulnerability in Image Photo Gallery Final Tiles Grid WordPress Plugin Arbitrary Layout Change Vulnerability in CMP WordPress Plugin Reflected Cross-Site Scripting in WP RSS Aggregator WordPress Plugin SQL Injection Vulnerability in AICP WordPress Plugin (Version 1.2.6 and below) CSRF Vulnerability in Ad Invalid Click Protector (AICP) WordPress Plugin Allows Arbitrary Ban Removal Privilege Escalation Vulnerability in Lenovo PCManager Reflected Cross-Site Scripting in Complianz WordPress Plugin Remote Code Execution in Netatalk via ad_addcomment Function Phoronix-Test-Suite: Cross-Site Request Forgery (CSRF) Vulnerability Phoronix-Test-Suite: Cross-Site Request Forgery (CSRF) Vulnerability CoreNLP Vulnerability: Improper Restriction of XML External Entity Reference CSRF Vulnerability in Coming Soon and Maintenance Mode WordPress Plugin Reflected Cross-Site Scripting in Themify Portfolio Post WordPress Plugin Reflected Cross-Site Scripting in Permalink Manager Lite and Pro WordPress Plugins GitHub Repository Crater-Invoice/Crater Prior to 6.0.2: Improper Access Control Vulnerability Heap Overflow Vulnerability in BlueZ: Denial of Service via Crafted Files Stored Cross-Site Scripting Vulnerability in YOP Poll WordPress Plugin Reflected Cross-Site Scripting in NewStatPress WordPress Plugin (Versions before 1.3.6) Race Condition Vulnerability in vdsm: Log File Obfuscation Failure Reflected Cross-Site Scripting in MapPress Maps for WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Mitsol Social Post Feed WordPress Plugin Stored Cross-Site Scripting Vulnerability in Random Banner WordPress Plugin Cross-Site Scripting Vulnerability in Shield Security WordPress Plugin Reflected Cross-Site Scripting in SpiderCalendar WordPress Plugin Heap-based Buffer Overflow Vulnerability in Vim Unauthenticated Data Autoload Vulnerability in Custom Popup Builder WordPress Plugin Cross-Site Request Forgery Vulnerability in XootiX WordPress Plugins Use-After-Free Vulnerability in QEMU's LSI53C895A SCSI Host Bus Adapter Emulation XML Parsing Vulnerability in Prosody Library: Recursive Entity Expansion and XML External Entity Injection Unauthenticated Access Vulnerability in WP HTML Mail WordPress Plugin XML External Entity (XXE) Vulnerability in GitHub Repository skylot/jadx (prior to 1.3.2) Unauthenticated Cross-Site Scripting (XSS) Vulnerability in WordPress GDPR Plugin XML External Entity (XXE) Vulnerability in SCADAPack Workbench (6.6.8a and prior) Denial of Service Vulnerability in Modicon M340 Ethernet Communication Modules Path Traversal Vulnerability in EcoStruxure Power Commission (Versions prior to V2.22) Dolibarr SQL Injection Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in Keycloak via Group Name Critical CSRF Vulnerability Found in LiveHelperChat Software SQL Injection Vulnerability in Popup Builder WordPress Plugin Unauthenticated Users Can Delete Arbitrary Options in miniOrange's Google Authenticator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Better WordPress Google XML Sitemaps Plugin Critical CSRF Vulnerability Found in LiveHelperChat Software Stored Cross-Site Scripting Vulnerability in User Registration, Login & Landing Pages WordPress Plugin Stored Cross-Site Scripting Vulnerability in ProfileGrid WordPress Plugin Reflected Cross-Site Scripting in WOOCS WordPress Plugin Node-fetch Vulnerability: Unauthorized Exposure of Sensitive Information Unauthenticated Sensitive Data Disclosure in WP Import Export WordPress Plugin Privilege Escalation Vulnerability in Rapid7 Insight Agent Versions 3.1.2.38 and Earlier Phoronix-Test-Suite: Cross-Site Request Forgery (CSRF) Vulnerability CoreNLP Vulnerability: Improper Restriction of XML External Entity Reference NULL Pointer Dereference Vulnerability in mruby Unrestricted File Upload Vulnerability in GitHub Repository Crater-Invoice/Crater Prior to 6.0 Stored Cross-site Scripting (XSS) Vulnerability in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2 Arbitrary File Read Vulnerability in GitLab CE/EE (Versions 14.5 and above) CSRF Vulnerability in livehelperchat/livehelperchat prior to 2.0 Zip Slip Vulnerability in iQ Block Country WordPress Plugin Vulnerability: Unauthorized Modification of VMO Data through Copy-on-Write Snapshots Cross-Site Scripting (XSS) Vulnerability in Contact Form Submissions WordPress Plugin Blind SSRF Vulnerability in GitLab 12: Exploiting Unblocked Shared Address Space Requests Reflected Cross-Site Scripting in Redirection for Contact Form 7 WordPress Plugin Stored Cross-site Scripting (XSS) vulnerability in GitHub repository pimcore/pimcore prior to version 10.2.10 Reflected Cross-Site Scripting in GiveWP WordPress Plugin (before 2.17.3) via Unescaped JSON Parameter Cross-site Scripting (XSS) Vulnerability in livehelperchat SQL Injection Vulnerability in WordPress Zero Spam Plugin SQL Injection Vulnerability in Database Backup for WordPress Plugin Pimcore Cross-Site Scripting Vulnerability Pimcore Cross-Site Scripting Vulnerability Pimcore SQL Injection Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.2.7 Heap-based Buffer Overflow in Vim prior to version 8.2 Stored Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.2.7 Unrestricted File Upload Vulnerability in Packagist pimcore/pimcore prior to 10.2.7 Linux Kernel eBPF Verifier Memory Leak Vulnerability XML External Entity (XXE) Vulnerability in Hazelcast 5.1-BETA-1 GitHub Repository User-Controlled Key Authorization Bypass in Packagist remdex/livehelperchat (prior to 3.92v) SQL Injection Vulnerability in AdRotate WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Packagist getgrav/grav prior to 1.7.28 CSRF Vulnerability in Packagist YetiForce CRM prior to 6.3.0 Kubernetes Impersonation Header Override Vulnerability Reflected Cross-Site Scripting in LearnPress WordPress Plugin XML External Entity (XXE) Vulnerability in detekt/detekt GitHub Repository Unrestricted Access Control in Pypi calibreweb prior to 0.6.16 Stored Cross-site Scripting (XSS) Vulnerability in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2 Improper Permission Assignment in Packagist microweber/microweber prior to 1.2.11 Stored Cross-site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 Race Condition Vulnerability in AnyComment WordPress Plugin Race Condition Vulnerability in McAfee Total Protection for Windows Allows Privilege Elevation and Arbitrary File Deletion Sensitive Information Exposure in Packagist microweber/microweber prior to 1.2.11 Cross-site Scripting Vulnerability in Packagist microweber/microweber prior to 1.2.11 Open Redirect Vulnerability in GitLab Integration with Jira Heap-based Buffer Over-read Vulnerability in ImageMagick's GetPixelAlpha() Function Stored Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.2.9 Linux Kernel Vulnerability: Local Denial of Service via Null Pointer Dereference in bond_ipsec_add_sa() Unrestricted Access to Email Addresses in myCred WordPress Plugin Reflected Cross-Site Scripting in Ad Inserter WordPress Plugin Remote Code Execution Vulnerability in Google Chrome's Safe Browsing (CVE-2022-12345) Remote Code Execution via Use After Free in Google Chrome Site Isolation Remote Code Execution via Insecure Storage Implementation in Google Chrome Fenced Frames Navigation Bypass Vulnerability in Google Chrome Remote Code Execution via Use After Free in Web Packaging in Google Chrome Remote Code Execution via Push Messaging in Google Chrome Remote Code Execution via Use After Free in Omnibox in Google Chrome Remote Code Execution via Use After Free in Google Chrome Printing Vulnerability Title: Use After Free Heap Corruption in Vulkan in Google Chrome Heap Corruption Vulnerability in Google Chrome Scheduling (CVE-2022-12345) Use After Free Vulnerability in Google Chrome on Android (CVE-2022-12345) Heap Buffer Overflow in DevTools in Google Chrome: Exploiting Heap Corruption via Malicious Extension Use After Free Vulnerability in Google Chrome Omnibox Remote Code Execution via Use After Free in Google Chrome Bookmarks Remote Code Execution via Service Worker API Bypass in Google Chrome Heap Buffer Overflow in PDFium in Google Chrome: Remote Code Execution via Crafted HTML Page Use After Free Vulnerability in Optimization Guide in Google Chrome Use After Free Vulnerability in Google Chrome on Chrome OS Remote Code Execution Vulnerability in Google Chrome Autofill (CVE-2022-12345) Heap Buffer Overflow in Task Manager in Google Chrome Heap Buffer Overflow in Task Manager in Google Chrome CSRF Vulnerability in Float Menu WordPress Plugin Allows Unauthorized Menu Deletion Reflected Cross-Site Scripting in Nimble Page Builder WordPress Plugin Insecure Temporary File Vulnerability in horovod/horovod (prior to 0.24.0) Unauthenticated File Upload Vulnerability in Multiple WordPress Themes Improper Input Validation Vulnerability in go-attestation Allows Spoofing of TCG Log Events Heap-based Buffer Overflow in vim/vim prior to 8.2: A Critical Vulnerability Critical Out-of-Bounds Read Vulnerability in vim/vim prior to 8.2 Local File Inclusion and Remote Code Execution Vulnerability in Essential Addons for Elementor WordPress Plugin Reflected Cross-Site Scripting in WP Voting Contest WordPress Plugin Buffer Overflow Vulnerability in Linux Kernel's SCTP Network Protocol Template Injection Vulnerability in Packagist mustache/mustache prior to 2.14.1 DHCPv6 Packet Parsing Code Vulnerability: Remote Code Execution and Docker Shutdown Critical Vulnerability: NULL Pointer Dereference in Homebrew mruby 3.2 and earlier Reflected Cross-Site Scripting in Master Addons for Elementor WordPress Plugin CSRF Vulnerability in Simple Membership WordPress Plugin Allows Unauthorized Deletion of Members Linux Kernel GPU i915 Driver Vulnerability: Local Privilege Escalation and System Crash Webadmin Information Disclosure Vulnerability in Sophos Firewall v18.5 MR2 and Older SQL Injection Vulnerability in Moodle's H5P Activity Web Service Calendar Event Access and Modification Vulnerability in Moodle Insufficient Capability Checks in Moodle Allow Unauthorized Access to Grade Reports CSRF Risk in Moodle's Delete Badge Alignment Functionality Samba AD DC SPN Bypass Vulnerability File System API Insecure Implementation in Google Chrome on Windows (CVE-2022-12345) Log Injection Vulnerability in Conda loguru prior to 0.5.3 Critical SSRF Vulnerability in Pypi calibreweb prior to 0.6.16 Stored Cross-site Scripting (XSS) vulnerability in GitHub repository vanessa219/vditor prior to version 3.8.12 Web Authentication Bypass Vulnerability in Zyxel Network Security Devices Local Privilege Escalation Vulnerability in Dev Server Disclosure of Private Project Paths via System Notes in GitLab Unauthenticated User Enumeration in Customize WordPress Emails and Alerts Plugin Arbitrary Parameter Value Vulnerability in XML Sitemap Generator for Google WordPress Plugin Reflected Cross-Site Scripting in LoginPress WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.2 Unauthenticated Blind SQL Injection in NotificationX WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository vanessa219/vditor prior to 3.8.13 Memory Access Vulnerability in vim/vim Prior to 8.2 Reflected Cross-site Scripting (XSS) Vulnerability in Pypi calibreweb prior to 0.6.16 Local Privilege Escalation Vulnerability in Lenovo HardwareScanPlugin and Lenovo Diagnostics Privilege Escalation Vulnerability in Lenovo System Update Sensitive Information Exposure in NPM simple-get prior to 4.0.1 Unquoted Search Path or Element Privilege Escalation Vulnerability in Bitdefender Products Privilege Escalation via Group Ownership Vulnerability in QEMU virtio-fs Heap-based Buffer Overflow in Vim prior to version 8.2 Stored Cross-Site Scripting Vulnerability in WP Ultimate CSV Importer WordPress Plugin Heap-based Buffer Overflow in Vim prior to version 8.2 SQL Injection Vulnerability in Packagist Showdoc/Showdoc (prior to version 2.10.3) Unauthenticated Import and Export Vulnerability in myCred WordPress Plugin Stored Cross-Site Scripting Vulnerability in Modern Events Calendar Lite WordPress Plugin Authenticated OS Command Injection Vulnerability in [Product Name] SQL Injection Vulnerability in Capsule8 Console (Versions 4.6.0 - 4.9.1) Allows Unauthorized Administrative Access Heap-Based Buffer Overflow Vulnerability in libmodbus modbus_reply() Function Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v GitLab User Privacy Vulnerability: Unauthorized User Search by Private Email Stored Cross-site Scripting (XSS) Vulnerability in Packagist bytefury/crater prior to 6.0.2 Improper Access Control Vulnerability in GitLab CE/EE: Unauthorized Retrieval of Service Desk Email Address Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Cross-Site Scripting (XSS) Vulnerability in User Meta WordPress Plugin Arbitrary Image File Renaming Vulnerability in LearnPress WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 Stored Cross-site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 Reflected Cross-Site Scripting Vulnerability in Fotobook WordPress Plugin (up to version 3.2.3) Reflected Cross-Site Scripting Vulnerability in Embed Swagger WordPress Plugin Uninitialized Memory Information Leak in Linux Kernel's TIPC Protocol Subsystem SQL Injection Vulnerability in WP Review Slider WordPress Plugin Unrestricted Access to Email Addresses in Video Conferencing with Zoom WordPress Plugin Unauthenticated Stored Cross-Site Scripting in Crazy Bone WordPress Plugin Post-Auth SQL Injection Vulnerability in Mail Manager of Sophos UTM (<= 9.710) Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Cross-Site Scripting Vulnerability in Interactive Medical Drawing of Human Body WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP Time Slots Booking Form WordPress Plugin Improper Access Control in Gitlab CE/EE Versions 12.7 to 14.7.1: Unauthorized Retrieval of Issue Details from Vulnerability Dashboard Unsanitized Input Vulnerability in urllib.parse Module of Python Heap-based Buffer Overflow in Vim Prior to 8.2 Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v BIND TCP CLOSE_WAIT Status Vulnerability Reflected Cross-Site Scripting in WPC Smart Wishlist for WooCommerce WordPress Plugin Unauthenticated Arbitrary Affiliate Link Creation Vulnerability in ThirstyAffiliates WordPress Plugin Reflected Cross-Site Scripting in Advanced Product Labels for WooCommerce WordPress Plugin Linux Kernel SMC Protocol Stack Out-of-Bounds Read Vulnerability: Remote DoS NPM w-zip Path Traversal Vulnerability Reflected Cross-Site Scripting in Super Forms WordPress Plugin Vulnerability: Unauthenticated Arbitrary File Manipulation in Library File Manager WordPress Plugin Arbitrary Option Setting Vulnerability in Material Design for Contact Form 7 WordPress Plugin Improper Access Control in janeczku/calibre-web Repository Improper Authorization in calibre-web GitHub Repository (CVE-XXXX-XXXX) Heap-based Buffer Overflow in Vim prior to version 8.2 Stack-based Buffer Overflow in Vim prior to 8.2 Unrestricted File Upload Vulnerability in Packagist showdoc/showdoc prior to 2.10.2 SQL Injection Vulnerability in WP Visitor Statistics Plugin SQL Injection Vulnerability in Asgaros Forum WordPress Plugin SQL Injection Vulnerability in TI WooCommerce Wishlist Plugin Use After Free Vulnerability in GitHub Repository vim/vim (prior to version 8.2) Insufficient Input Validation in Packagist dolibarr/dolibarr prior to 16.0 Remote Command Execution in GitHub Repository Upload (Gogs/Gogs prior to 0.12.6) Heap-based Buffer Overflow in vim/vim prior to 8.2 Cross-Site Scripting (XSS) Vulnerability in Event List WordPress Plugin NULL Pointer Dereference Vulnerability in radareorg/radare2 (prior to 5.6.0) SQL Injection Vulnerability in RegistrationMagic WordPress Plugin Unauthenticated Payment Status Manipulation and Cross-Site Scripting in Five Star Restaurant Reservations WordPress Plugin Reflected Cross-Site Scripting in White Label CMS WordPress Plugin Unauthenticated Cross-Site Scripting (XSS) Vulnerability in 3D FlipBook WordPress Plugin Unauthenticated Access to Subscribed User Email Addresses in Popup by Supsystic WordPress Plugin DNS Rebinding Vulnerability in GitLab CE/EE Allows SSRF Attacks via Irker IRC Gateway Integration Reflected Cross-Site Scripting in Product Feed PRO for WooCommerce WordPress Plugin Arbitrary HTTP POST Request Vulnerability in Jupyter Notebooks in GitLab CE/EE (CVE-2022-12345) Reflected Cross-Site Scripting in Content Egg WordPress Plugin Unauthenticated Stored Cross-Site Scripting Vulnerability in WP Cerber Security Plugin Unauthorized Access to Sensitive Information in GitHub Repository httpie/httpie (prior to 3.1.0) Reflected Cross-Site Scripting in Google PageSpeed WordPress Plugin (before 4.0.4) Prototype Pollution in Mastodon prior to 3.5.0 Linux Kernel BPF Subsystem NULL Pointer Dereference Vulnerability SQL Injection Vulnerability in Page View Count WordPress Plugin Stack Overflow Vulnerability in Linux Kernel's TIPC Protocol Allows Remote System Crash or Privilege Escalation GitHub Repository Path Traversal Vulnerability in gruntjs/grunt (prior to 1.5.2) DOM-based Cross-site Scripting (XSS) vulnerability in NPM karma prior to version 6.3.14 Blind SQL Injection and CSRF Vulnerabilities in Email Subscribers & Newsletters WordPress Plugin Arbitrary PHP File Upload and Remote Code Execution in Catch Themes Demo Import WordPress Plugin Unauthenticated User Registration Vulnerability in MasterStudy LMS WordPress Plugin User Avatar Overwrite Vulnerability in UsersWP WordPress Plugin Use After Free Vulnerability in GitHub Repository vim/vim (prior to version 8.2) Unauthenticated Attackers Can Reset Settings and Generate New Backup Encryption Key in XCloner Plugin CSRF Vulnerability in WordPress Real Cookie Banner Plugin Allows Unauthorized Settings Reset Cross-Site Scripting Vulnerability in Simple Banner WordPress Plugin Reflected Cross-Site Scripting in Post Grid WordPress Plugin Cross-Site Scripting Vulnerability in CP Blocks WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Flexi WordPress Plugin Unauthenticated Cross-Site Scripting (XSS) in Menu Image, Icons made easy WordPress Plugin Authorization Header Leakage in Dart SDK's HTTPClient Remote Code Execution via Use After Free in Safe Browsing in Google Chrome Remote Code Execution via Use After Free in Google Chrome Reader Mode Heap Buffer Overflow in ANGLE in Google Chrome: Remote Code Execution Vulnerability Omnibox Spoofing Vulnerability in Google Chrome on Android Remote Code Execution via Use After Free in Google Chrome Web Search Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 98.0.4758.80) Use After Free Vulnerability in Thumbnail Tab Strip in Google Chrome Remote Code Execution via Use After Free in Google Chrome Screen Capture Window Dialogue Use After Free Vulnerability in Google Chrome (CVE-2022-12345) COOP Policy Bypass Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Scroll in Google Chrome (prior to 98.0.4758.80) Use After Free Vulnerability in Google Chrome Accessibility (CVE-2022-12345) Use After Free Vulnerability in Google Chrome Accessibility (CVE-2022-12345) Remote Code Execution Vulnerability in Google Chrome Extensions (CVE-2022-12345) Sandbox Escape Vulnerability in Google Chrome Extensions Platform Pointer Lock Bypass Vulnerability in Google Chrome on Windows Remote Code Execution Vulnerability in Google Chrome Payments (CVE-2022-12345) Use After Free Vulnerability in Cast in Google Chrome (Versions prior to 98.0.4758.80) Allows Remote Heap Corruption Remote Code Execution via Out of Bounds Memory Access in V8 in Google Chrome Reflected Cross-Site Scripting in Favicon by RealFaviconGenerator WordPress Plugin Unrestricted File Upload Vulnerability in Packagist jsdecena/laracom prior to v2.0.9 Dynamic Field Injection Vulnerability in OTRS 7.0.x Disclosure of Recipient List in Notification Emails in OTRS AG OTRSCustomContactFields 8.0.x JavaScript Injection Vulnerability in OTRS AG OTRS 7.0.x and 8.0.x Critical Denial of Service Vulnerability in radareorg/radare2 (prior to 5.6.4) GitLab Package Registry Denial of Service Vulnerability SQL Injection Vulnerability in Event Manager and Tickets Selling for WooCommerce WordPress Plugin SQL Injection and Reflected Cross-Site Scripting Vulnerability in Popup Builder WordPress Plugin Linux Kernel Vulnerability: Host Memory Exhaustion via Unrestricted POSIX File Locks Critical Vulnerability: NULL Pointer Dereference in Homebrew mruby 3.2 and earlier GitHub Repository Vulnerability: Unauthorized Access to Private Personal Information in alextselegidis/easyappointments (prior to 1.4.3) Insecure Folder Permissions in Acronis VSS Doctor (Windows) before Build 53: Local Privilege Escalation Vulnerability URL Validation Bypass in Mirantis Container Cloud Lens Extension v3.1.1 Vulnerability in nbdcopy's Multi-Threaded Copying with Asynchronous NBD Calls Privilege Escalation via Improper File Permissions in Fidelis Network and Deception Components Use-After-Free Vulnerability in rtsx_usb_ms_drv_remove in Linux Kernel Markdown Timeout Vulnerability in GitLab CE/EE GitLab CE/EE Math Feature DOS Vulnerability Privilege Escalation and Namespace Bypass Vulnerability in Linux Kernel's cgroup_release_agent_write Function Arbitrary File Disclosure and Path Traversal Vulnerability in String Locator WordPress Plugin Kernel Information Leak Vulnerability in Linux SCSI IOCTL Function Unauthenticated SQL Injection Vulnerability in KOHA Library Automation System Out-of-Bounds Memory Access Vulnerability in Openscad DXF Import Out-of-Bounds Read Vulnerability in Openscad Parsing of Annotations Arbitrary File Upload Vulnerability in Sermon Browser WordPress Plugin Unrestricted eBPF Usage Vulnerability in Linux Kernel's BPF Subsystem Reflected Cross-site Scripting (XSS) Vulnerability in Packagist ptrofimov/beanstalk_console prior to 1.7.12 Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Reflected Cross-Site Scripting in WordPress Multisite Content Copier/Updater Plugin Sensitive Information Disclosure in Packagist microweber/microweber prior to 1.2.11 CSRF Vulnerability in Packagist Microweber/Microweber prior to 1.2.11 Stored Cross-site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 SQL Injection Vulnerability in Pandora API SSRF Vulnerability in GitHub Repository chocobozzz/peertube Stored Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.3.1 Reflected Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.3.1 Memory Corruption Vulnerabilities in Firefox 96 User-Controlled Key Authorization Bypass in NPM url-parse prior to 1.5.6 SQL Injection Vulnerability in WP Statistics WordPress Plugin Critical Business Logic Errors in Crater Invoice Repository (prior to 6.0.5) CSRF Vulnerability in GitHub Repository Crater-Invoice/Crater Prior to 6.0.4 Unauthorized Memory Write Access Vulnerability in KVM for s390 in Linux Kernel Arbitrary Code Execution Vulnerability in Mozilla VPN Heap-based Buffer Overflow in radareorg/radare2 prior to 5.6.2 Buffer Overflow in radare2 GitHub repository prior to version 5.6.2 Title: Critical Use After Free Vulnerability in NPM radare2.js (<= 5.6.2) Buffer Overflow Vulnerability in radareorg/radare2 prior to 5.6.2 Memory Overread Vulnerability in NPM radare2.js prior to 5.6.2 GitHub Repository radareorg/radare2 Prior to 5.6.2: Use After Free Vulnerability Critical Business Logic Vulnerability in publify/publify Prior to 9.2.7 Critical Out-of-bounds Read Vulnerability in Homebrew mruby prior to 3.2 Stored Cross-site Scripting (XSS) Vulnerability in Chatwoot GitHub Repository (prior to 2.2.0) Stored Cross-site Scripting (XSS) Vulnerability in Chatwoot GitHub Repository (prior to 2.2.0) Server-Side Request Forgery (SSRF) Vulnerability in GitHub Repository transloadit/uppy prior to 3.3.1 Unzip Heap Out-of-Bound Write Vulnerability Unzip Heap Out-of-Bound Write Vulnerability Reflected Cross-Site Scripting in Migration, Backup, Staging WordPress Plugin before 0.9.70 CRI-O Vulnerability: Incorrect Sysctls Validation Allows Unauthorized Host Manipulation Reflected Cross-Site Scripting (XSS) Vulnerability in Ditty WordPress Plugin Stack Out-of-Bounds Read Vulnerability in htmldoc 1.9.15 Unsanitized Settings in E2Pdf WordPress Plugin: Cross-Site Scripting Vulnerability Sensitive Information Exposure in NPM follow-redirects prior to 1.14.8 Arbitrary File Upload and Remote Code Execution in MapPress Maps for WordPress Plugin Unprotected Custom XStream Converters in Jenkins LTS Versions Prior to 2.319.2 and Jenkins Versions Prior to 2.333 (CVE-2021-43859) Stored Cross-site Scripting (XSS) Vulnerability in Packagist ptrofimov/beanstalk_console prior to 1.7.14 Jira Seraph Authentication Bypass Vulnerability Arbitrary Site Installation Vulnerability in flo-launch WordPress Plugin DOM-based Cross-site Scripting (XSS) vulnerability in GitHub repository chatwoot/chatwoot prior to version 2.7.0 Redis Lua Sandbox Escape Vulnerability Integer Underflow in Blender DDS Loader: Out-of-Bounds Read Vulnerability Image Processing Vulnerability in Blender: Integer Overflow and Write-What-Where Exploit Out-of-Bounds Heap Access Vulnerability in Blender 3.x and 2.93.8 Image Loader Authentication Bypass Vulnerability in OpenVPN Privilege Escalation in GitLab REST API: Unauthorized User Addition to Groups Unauthenticated Command Execution via Custom Report Logo Upload in Nozomi Networks Guardian and CMC Unauthenticated Command Execution Vulnerability in Nozomi Networks Guardian and CMC Incomplete Fix for netty-codec-http Vulnerability in OpenShift Logging Container Unencrypted Firmware Retrieval Vulnerability Out-of-range Pointer Offset Vulnerability in vim/vim (prior to 8.2) Subiquity Vulnerability: Exposing Guided Storage Passphrase in Plaintext Zyxel AP Configurator (ZAC) 1.1.4 Local Privilege Escalation Vulnerability Critical OS Command Injection Vulnerability in Packagist microweber/microweber (<=1.2.11) Stored Cross-site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 GitHub Repository radareorg/radare2 Prior to 5.6.2: Use After Free Vulnerability Open Redirect Vulnerability in Packagist microweber/microweber prior to 1.2.11 Denial of Service Vulnerability in libtiff's TIFFFetchStripThing() Function Denial of Service Vulnerability in libtiff's TIFFReadDirectory() Function Privilege Escalation via Readline Library in util-linux User Account Enumeration Vulnerability in Qlik Sense Enterprise on Windows Cross-site Scripting Vulnerability in Packagist pimcore/pimcore prior to 10.3.1 Out-of-Bounds Write Vulnerability in Thunderbird < 91.6.1 Egress Network Policy Bypass Vulnerability in ovn-kubernetes Insecure Dependency Handling in Packagist snipe/snipe-it prior to v5.3.9 Heap-based Buffer Overflow in Homebrew mruby 3.2 and earlier Reflected Cross-site Scripting (XSS) Vulnerability in Phoronix Test Suite GitHub Repository Heap-based Buffer Overflow in Vim prior to version 8.2 Insecure Deserialization Vulnerability in JFrog Artifactory GitHub Repository Access Control Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 22.2.0 Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 22.1.0 GitHub Repository Scrapy/Scrapy Prior to 2.6.1: Unauthorized Access to Sensitive Information Critical Code Injection Vulnerability in publify/publify (prior to 9.2.8) Critical Security Vulnerability: Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9 Authorization Bypass in Packagist librenms/librenms prior to 22.2.0 Denial of Service Vulnerability in Wireshark CMS Protocol Dissector (Versions 3.6.0-3.6.1 and 3.4.0-3.4.11) CSN.1 Protocol Dissector Unaligned Access Vulnerability in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 Denial of Service Vulnerability in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 via Packet Injection or Crafted Capture File in PVFS Protocol Dissector Denial of Service Vulnerability in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11: Large Loop Exploitation in Protocol Dissectors Denial of Service Vulnerability in Wireshark RTMPT Protocol Dissector Improper Authorization in Packagist librenms/librenms: Version Prior to 22.2.0 Unauthenticated Access to Packagist librenms/librenms (prior to 22.2.0) Stored Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 22.1.0 Unsanitized Settings in BulletProof Security WordPress Plugin Allow Cross-Site Scripting Attacks Unvalidated URL Parameter in FormCraft WordPress Plugin Leads to SSRF Vulnerability SQL Injection Vulnerability in MapSVG WordPress Plugin Unauthenticated Remote File Deletion Vulnerability in Login with Phone Number WordPress Plugin Unauthenticated and Author+ Users Can Access Sensitive Information in Professional Social Sharing Buttons Plugin Stored Cross-Site Scripting Vulnerability in Drag and Drop Multiple File Upload WordPress Plugin Insufficient Input Validation in Packagist microweber/microweber prior to 1.2.11 Open Redirect Vulnerability in Packagist microweber/microweber prior to 1.2.11 Cross-Site Scripting Vulnerability in Login with Phone Number WordPress Plugin Reflected Cross-Site Scripting in Mapping Multiple URLs Redirect Same Page WordPress Plugin Reflected Cross-Site Scripting in Conference Scheduler WordPress Plugin Reflected Cross-Site Scripting in Countdown, Coming Soon, Maintenance WordPress Plugin before 2.2.9 Cross-site Scripting (XSS) Vulnerability in TastyIgniter GitHub Repository Remote Code Execution Vulnerability in Google Chrome File Manager Heap Buffer Overflow in Tab Groups in Google Chrome Use After Free Vulnerability in Google Chrome Webstore API ANGLE Use After Free Vulnerability in Google Chrome GPU Use After Free Vulnerability in Google Chrome Mojo Integer Overflow Vulnerability in Google Chrome Animation Use After Free Vulnerability in Google Chrome (CVE-2022-12345) Heap Corruption Vulnerability in Gamepad API in Google Chrome (prior to 98.0.4758.102) Critical Security Vulnerability: Missing Authorization in Packagist snipe/snipe-it (prior to 5.3.11) Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v User-Controlled Key Authorization Bypass in NPM urijs prior to 1.19.8 Out-of-range Pointer Offset Vulnerability in Homebrew mruby 3.2 and Earlier Use-after-free vulnerability in eset_rtp kernel module can lead to denial-of-service in ESET Linux products CSRF Vulnerability in Amelia WordPress Plugin Allows Arbitrary Customer Deletion Linux Kernel UDF File System Null Pointer Dereference Vulnerability Denial of Service Vulnerability in swift-nio-http2 Reflected Cross-Site Scripting in Database Peek WordPress Plugin Reflected Cross-Site Scripting in Delete Old Orders WordPress Plugin Reflected Cross-Site Scripting in dTabs WordPress Plugin Sensitive Information Disclosure in Packagist snipe/snipe-it prior to 5.3.11 Critical Out-of-bounds Read Vulnerability in Homebrew mruby prior to 3.2 User-Controlled Key Authorization Bypass in parse-path prior to 5.0.0 Reflected Cross-Site Scripting in Admin Menu Editor WordPress Plugin Reflected Cross-Site Scripting in Advanced Admin Search WordPress Plugin Reflected Cross-Site Scripting in Amelia WordPress Plugin (<=1.0.47) Reflected Cross-Site Scripting in Mega Menu WordPress Plugin Stack-based Buffer Overflow in Vim prior to 8.2 Critical Out-of-bounds Read Vulnerability in Homebrew mruby prior to 3.2 Heap-based Buffer Overflow in Homebrew mruby 3.2 and earlier Critical Vulnerability: NULL Pointer Dereference in Homebrew mruby 3.2 and earlier Privilege Escalation in UpdraftPlus WordPress Plugin Allows Unauthorized Backup Download Unauthenticated Image Upload and CSRF Vulnerability in ThirstyAffiliates WordPress Plugin BIND 9.18.0 Denial of Service Vulnerability Critical Denial of Service Vulnerability in Lenovo Thin Installer Open Redirect Vulnerability in Pollbot (pollbot.services.mozilla.com) Versions < 1.4.6 CSRF Vulnerability in Packagist Microweber/Microweber (<=1.2.11) User-Controlled Key Authorization Bypass in NPM url-parse prior to 1.5.7 Reflected Cross-Site Scripting in Pricing Table Builder WordPress Plugin Reflected Cross-Site Scripting in Popup Like Box WordPress Plugin Stored Cross-Site Scripting Vulnerability in JivoChat Live Chat WordPress Plugin Reflected Cross-Site Scripting in Bank Mellat WordPress Plugin Open Redirect Vulnerability in GitHub Repository PostHog/PostHog Prior to 1.34.1 via authorize_and_redirect/?redirect= Endpoint Use-After-Free Vulnerability in Linux Kernel MCTP Subsystem Allows Privilege Escalation Reflected Cross-Site Scripting in Bulk Creator WordPress Plugin Reflected Cross-Site Scripting in Team Circle Image Slider With Lightbox WordPress Plugin Unescaped Group Names in AdRotate WordPress Plugin: Cross-Site Scripting Vulnerability Arbitrary Code Execution Vulnerability in TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) Routers SQL Injection Vulnerability in WP Statistics WordPress Plugin Insecure Access Permissions in Confd Log Files Allow Offline Brute-Force Attacks on Password Hashes in Sophos UTM (Before Version 9.710) Cross-Site Scripting (XSS) Vulnerability in Profile Builder WordPress Plugin Unauthorized Access to Sensitive Data in GitHub Repository fgribreau/node-request-retry prior to 7.0.0 Arbitrary File Read Vulnerability in uDraw WordPress Plugin Unauthenticated SQL Injection in 5 Stars Rating Funnel WordPress Plugin Unauthenticated SQL Injection in CommonsBooking WordPress Plugin Unfiltered HTML Capability Bypass in Sync QCloud COS WordPress Plugin Sensitive Information Disclosure in Packagist microweber/microweber prior to 1.2.11 Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) Vulnerabilities in Ad Injection WordPress Plugin Cross-Site Scripting Vulnerability in AdRotate WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in PrintFriendly WordPress Plugin Hard-coded Cryptographic Key Vulnerability in Go github.com/gravitl/netmaker GitHub Repository Path Traversal Vulnerability in pimcore/pimcore (prior to 10.3.2) CRLF Injection Vulnerability in Microweber CMS (Packagist microweber/microweber) prior to 1.2.11 BIND 9.18.0 Vulnerability: Process Exit Triggered Title: Authentication Bypass and Privilege Escalation Vulnerability in JFrog Artifactory (CVE-XXXX-XXXX) Vulnerability: Denial of Service in dpdk due to Exhaustion of File Descriptors Openstack Manila Ceph File System Share Vulnerability Vulnerability in vscode-xml: Blind SSRF or DoS via Large File in Schema Download Insecure Redirect Vulnerability in LemMinX Prior to 0.19.0 Cache Poisoning Vulnerability in LemMinX (Versions Prior to 0.19.0) Allows Directory Traversal Cross-Site Scripting (XSS) Vulnerability in Kunze Law WordPress Plugin 2.1 Unmanaged Rule Vulnerability: Comment Collision Exploit Heap-based Buffer Overflow in radareorg/radare2 prior to 5.6.4 Length Parameter Inconsistency Vulnerability in Bitdefender Update Server and GravityZone Reflected Cross-Site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 Arbitrary File Disclosure and Potential Remote Code Execution in Narnoo Distributor WordPress Plugin Stored Cross-Site Scripting in Plezi WordPress Plugin (Versions before 1.0.3) CSRF Vulnerability in Simple Membership WordPress Plugin Allows Arbitrary Transaction Deletion Cross-Site Scripting (XSS) Vulnerability in Essential Addons for Elementor Lite WordPress Plugin Cross-Site Scripting Vulnerability in WP Home Page Menu WordPress Plugin Out-of-range Pointer Offset Vulnerability in vim/vim (CVE-2021-3770) User-Controlled Key Authorization Bypass in NPM url-parse prior to 1.5.8 Arbitrary PHP File Upload Vulnerability in Amelia WordPress Plugin Critical Business Logic Vulnerability in Packagist microweber/microweber (<= 1.2.11) Multiple Use of One-Time Coupon Vulnerability in Packagist Microweber/Microweber Prior to 1.2.11 Reflected Cross-Site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 User-Controlled Key Authorization Bypass in NPM url-parse prior to 1.5.9 Open Redirect Vulnerability in Rudloff/alltube prior to 3.0.1 Unauthenticated SQL Injection in Master Elements WordPress Plugin through 8.0 Unauthenticated SQL Injection in Advanced Booking Calendar WordPress Plugin Critical Denial of Service Vulnerability in radareorg/radare2 (prior to 5.6.4) Critical NULL Pointer Dereference Vulnerability in vim/vim (prior to 8.2.4428) Open Redirect Vulnerability in GitHub Repository archivy/archivy (prior to 1.7.0) Unauthenticated Account Takeover via XSS in Microweber 1.3.1's 'select-file' Parameter Double-Free Vulnerability in shapelib 1.5.0 and Older Releases Cross-Site Scripting Vulnerability in Simple Tracking WordPress Plugin Unfiltered HTML Capability Bypass in SEO 301 Meta WordPress Plugin Unfiltered HTML Capability Bypass in Petfinder Listings WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in GD Mylist WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Cross-Site Scripting Vulnerability in Easy Digital Downloads WordPress Plugin CSRF Vulnerability in Easy Digital Downloads WordPress Plugin Allows Arbitrary Note Insertion Email Address Disclosure Vulnerability in Mattermost 6.3.0 and Earlier Sensitive Data Disclosure Vulnerability in Booking Package WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Header Footer Code Manager Plugin for WordPress Denial of Service Vulnerability in HAProxy via Crafted HTTP Responses NULL Pointer Dereference Vulnerability in radareorg/radare2 (prior to 5.6.4) Heap-based Buffer Overflow in radareorg/radare2 prior to 5.6.4 Critical Heap-based Buffer Overflow in vim/vim: Patch Prior to 8.2.4436 Required Title: Arbitrary Behavior Change Vulnerability in APC Smart-UPS and SmartConnect Family Out-of-bounds Read Vulnerability in mruby/mruby (prior to 3.2) Improper Parsing in python-oslo-utils Allows Password Leakage in Debug Logs Reflected Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3 Insecure Appointment Management in Amelia WordPress Plugin Sensitive Information Leakage in Debugging Code in Microweber GitHub Repository Unauthorized Access to Sensitive Information in GitHub Repository ionicabizau/parse-url prior to 7.0.0 Reflected Cross-site Scripting (XSS) Vulnerability in Microweber CMS Insecure Storage of Sensitive Information in Microweber GitHub Repository Information Exposure Vulnerability in KeePass: Logging Plain Text Passwords in System Log Unauthenticated Access to GitHub Repository chocobozzz/peertube prior to 4.1.0 GitHub Repository Access Control Vulnerability in chocobozzz/peertube prior to version 4.1.0 Cross-Site Scripting Vulnerability in Easy Smooth Scroll Links WordPress Plugin Out-of-range Pointer Offset Vulnerability in vim/vim (prior to 8.2.4440) LDAP Authentication Bypass Vulnerability in Cacti IDOR Vulnerability in Dolibarr GitHub Repository IDOR Vulnerability Exposes Backend Infrastructure of Mobile Device Monitoring Services Cross-Site Scripting Vulnerability in Zyxel Network Devices Information Disclosure Vulnerability in GitLab CE/EE Allows Unauthorized Access to Runner Registration Tokens Insecure Temporary File Vulnerability in mlflow/mlflow (prior to 1.23.1) Cross-Site Scripting Vulnerability in Text Hover WordPress Plugin GitLab Password Leakage Vulnerability Unauthenticated SQL Injection in BookingPress WordPress Plugin Unauthorized Closure of Asana Tasks via GitLab CE/EE Integration Environment Variable Theft via Email Address in GitLab CE/EE Memory Leak in ICMP6 Implementation in Linux Kernel 5.13+: Remote DoS via ICMP6 Packets Stored Cross-site Scripting (XSS) Vulnerability in Grav CMS GitHub Repository (getgrav/grav) Prior to Version 1.7.31 Arbitrary Email Sending Vulnerability in Like Button Rating WordPress Plugin Critical Business Logic Errors in Dolibarr GitHub Repository Prior to Version 16.0 Unauthenticated SQL Injection in Infographic Maker WordPress Plugin Arbitrary Code Execution Vulnerability in post-loader Package Unrestricted Payload Injection in SinGooCMS.Utility Socket Client Cross-Site Scripting Vulnerability in Photoswipe Masonry Gallery WordPress Plugin Misleading Snippet Content Vulnerability in GitLab CE/EE Cross-site Scripting (XSS) Vulnerability in GitHub Repository hestiacp/hestiacp prior to 1.5.9 Reflected Cross-site Scripting (XSS) Vulnerability in Hestia Control Panel (HestiaCP) Critical SQL Injection Vulnerability in SuiteCRM (salesagility/suitecrm) prior to 7.12.5 Unauthenticated Access to GitHub Repository in SuiteCRM prior to 7.12.5 Unauthenticated Access to GitHub Repository in SuiteCRM prior to 7.12.5 SQL Injection Vulnerability in Rapid7 Nexpose Versions 6.6.93 and Earlier Reflected Cross-Site Scripting Vulnerability in Rapid7 Nexpose Versions 6.6.129 and Earlier Kubeclient Vulnerability: Man-in-the-Middle Attacks via Misconfigured kubeconfig Files Unauthenticated SQL Injection in Simple Link Directory WordPress Plugin GitHub Repository Authorization Vulnerability in Microweber Prior to 1.3 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository microweber/microweber prior to 1.3 Arbitrary Command Injection in Strapi GitHub Repository (prior to 4.1.0) Stored Cross-Site Scripting (XSS) Vulnerability in Loco Translate WordPress Plugin SSRF Vulnerability in janeczku/calibre-web prior to 0.6.17 SSRF Vulnerability in janeczku/calibre-web prior to 0.6.17 Critical SSRF Vulnerability in GitHub Repository rudloff/alltube prior to 3.0.2 SQL Injection in Users Ultra WordPress Plugin CSRF Vulnerability and Information Disclosure in Translate WordPress with GTranslate WordPress Plugin Unauthenticated SQL Injections in SiteSuperCharger WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in LibreNMS GitHub Repository SQL Injection Vulnerability in Documentor WordPress Plugin Arbitrary Comment Deletion Vulnerability in WooCommerce WordPress Plugin DOM-based Cross-site Scripting (XSS) Vulnerability in hakimel/reveal.js prior to 4.3.0 Insecure Password Recovery Mechanism in GitHub Repository Microweber/Microweber Prior to 1.3 Denial of Service Vulnerability in OpenSSL's BN_mod_sqrt() Function Path Traversal Vulnerability in User Meta WordPress Plugin CSRF Nonce Verification Bypass and Cross-Site Scripting Vulnerability in SearchIQ WordPress Plugin SQL Injection Vulnerability in Nirweb Support WordPress Plugin Unauthenticated SQL Injection in Donations WordPress Plugin (Versions 1.8 and below) Unauthenticated SQL Injections in Multiple Shipping Address Woocommerce WordPress Plugin Unauthenticated SQL Injection in Experiments Free WordPress Plugin (before 9.0.1) via wpex_titles AJAX Action Unauthenticated SQL Injection in Daily Prayer Time WordPress Plugin Unsanitized Parameter SQL Injection in KiviCare WordPress Plugin Unsanitized Parameters in Limit Login Attempts WordPress Plugin Allow SQL Injections SQL Injection Vulnerability in WP Fundraising Donation and Crowdfunding Platform WordPress Plugin Heap Buffer Overflow in ANGLE in Google Chrome: Remote Code Execution Vulnerability Use After Free Vulnerability in Cast UI in Google Chrome Remote Code Execution Vulnerability in Google Chrome Omnibox Heap Corruption Vulnerability in ANGLE in Google Chrome Use After Free Vulnerability in Google Chrome Prior to 99.0.4844.51 via Malicious Extension Use After Free Vulnerability in Google Chrome WebShare Type Confusion Vulnerability in Blink Layout Engine Remote Code Execution Vulnerability in Google Chrome Media (CVE-2022-12345) Out of Bounds Memory Write Vulnerability in Mojo in Google Chrome Use After Free Vulnerability in MediaStream in Google Chrome Local Privilege Escalation via Crafted Offline Installer File in Google Chrome on Windows Heap Buffer Overflow in Cast UI in Google Chrome HTML Parser Vulnerability in Google Chrome Allows XSS Bypass (Medium Severity) Omnibox Content Hiding Vulnerability in Google Chrome for Android Remote Code Execution via Omnibox Tampering in Google Chrome Omnibox Content Hiding Vulnerability in Google Chrome for Android Use After Free Vulnerability in Google Chrome Browser Switcher Cross-Origin Data Leak in Canvas via Screen Sharing in Google Chrome Autofill Bypass Vulnerability in Google Chrome (prior to 99.0.4844.51) Use After Free Vulnerability in Chrome OS Shell in Google Chrome on Chrome OS WebXR Heap Corruption Vulnerability in Google Chrome CRI-O Container Escape and Arbitrary Code Execution Vulnerability NFS over RDMA Information Leak Vulnerability Information Disclosure Vulnerability in PhpMyAdmin 5.1.1 and Earlier SQL Injection Vulnerability in Ubigeo de Perú para Woocommerce WordPress Plugin Improper Access Control Vulnerability in McAfee WebAdvisor Chrome and Edge Browser Extensions SQL Injection vulnerability in BadgeOS WordPress Plugin through 3.7.0 Unauthenticated XSS Injection in WooCommerce Affiliate Plugin WordPress Plugin Code Injection Vulnerability in Dolibarr Prior to 15.0.1 Stored Cross-site Scripting (XSS) Vulnerability in Orchard Core CMS GitHub Repository OrchardCMS/OrchardCore Prior to 1.3.0 Improper Authorization Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in Orchard Core CMS Timing Side-Channel Attack Vulnerability in Zyxel GS1200 Series Switches Remote Code Execution Vulnerability in GitHub Repository Webmin/Webmin (prior to 1.990) Insecure Appointment Management in Amelia WordPress Plugin SQL Injection Vulnerability in WP Video Gallery WordPress Plugin Unsanitized Parameters in Bestbooks WordPress Plugin: SQL Injection Vulnerability Unsecure Key Generation in Download Manager WordPress Plugin GitHub Repository Webmin/Webmin Prior to 1.990: Improper Authorization Vulnerability CSRF and XSS Vulnerabilities in FormBuilder WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.3.3 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.3.3 Unauthenticated Remote Backup Disclosure in Church Admin WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Amelia WordPress Plugin (Versions up to 1.0.46) ClearText Storage of Sensitive Information in AVEVA System Platform 2020 SQL Injection Vulnerability in SEMA API WordPress Plugin Amelia WordPress Plugin Unauthorized SMS Service Access Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in Hestia Control Panel (HestiaCP) XML External Entity (XXE) Vulnerability in liquibase/liquibase (prior to 4.8.0) Arbitrary JavaScript Injection in Easy Social Icons WordPress Plugin OS Command Injection in npm-lockfile v2.0.3 and v2.0.4 Blind SQL Injection Vulnerability in McAfee ePO Prior to 5.10 Update 13 Memory Corruption Vulnerabilities in Firefox 97: Potential Arbitrary Code Execution Critical Code Injection Vulnerability in pytorchlightning/pytorch-lightning (prior to 1.6.0) SQL Injection Vulnerability in SpeakOut! Email Petitions WordPress Plugin Privilege Escalation Vulnerability in Linux Kernel's Pipe Buffer Initialization OS Command Injection in part-db/part-db prior to 0.5.11 Title: Use After Free Vulnerability in r_reg_get_name_idx in radare2 prior to 5.6.6 Linux Kernel Vulnerability: Information Leak via ext4_extent_header to Userspace Exposure of Activation Key via Command Line in convert2rhel Vulnerability: Password Exposure in convert2rhel Memory Leak Vulnerability in JBoss-client with UserTransaction Linux Kernel DMA_FROM_DEVICE Memory Leak Vulnerability Path Equivalence Vulnerability in GitHub Repository microweber-dev/whmcs_plugin prior to 0.0.4 Divide By Zero Vulnerability in libcaca's img2txt Leads to Denial of Service Reflected Cross-Site Scripting (XSS) Vulnerability in McAfee ePO Prior to 5.10 Update 13 Cross-Site Scripting (XSS) Vulnerability in McAfee ePO Allows Session Hijacking Arbitrary SQL Server Pointing Vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) GitHub Repository Cobbler/Cobbler Prior to 3.3.2: Improper Authorization Vulnerability XML Extended Entity (XXE) Vulnerability in McAfee ePO Prior to 5.10 Update 13 Password Change Vulnerability in McAfee ePolicy Orchestrator (ePO) API Arbitrary Code Execution via Custom Icon Pack Upload in WP SVG Icons WordPress Plugin Reflected Cross-Site Scripting (XSS) vulnerability in UpdraftPlus WordPress Backup Plugin before 1.22.9 Denial-of-Service Vulnerability in libtiff 4.3.0 via Crafted TIFF File Concurrency Issue in EJBComponent's RunAs Principal Handling SQL Injection Vulnerability in Pricing Table WordPress Plugin Open Redirect Vulnerability in GitHub Repository medialize/uri.js (<= 1.19.10) Open Redirect Vulnerability in GitHub Repository nitely/spirit prior to 0.12.3 Critical SSRF Vulnerability in gogs/gogs Prior to 0.12.5 Unauthenticated Access Control Vulnerability in Gogs Repository Cross-Site Scripting Vulnerability in Gmedia Photo Gallery WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP Social Buttons WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Google Authenticator WordPress Plugin Cross-Site Scripting Vulnerability in Social Comments by WpDevArt WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in bookstackapp/bookstack prior to v22.02.3 Brokenwire: Disrupting Electric Vehicle Charging with Wireless Attacks Reflected Cross-Site Scripting in Caldera Forms WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository star7th/showdoc prior to 2.10.2 GitHub Repository Exposes Sensitive Information: chocobozzz/peertube (prior to 4.1.1) Kernel Log Exposure Vulnerability in Fuchsia OS Windows Unquoted/Trusted Service Paths Security Issue in SLM: Patch Required for Versions 9.x.x Prior to 9.20.1 Unsanitized Form Fields in Profile Builder WordPress Plugin Allow Cross-Site Scripting Attacks Arbitrary PHP Function Execution Vulnerability in Member Hero WordPress Plugin SQL Injection Vulnerability in Easy Social Icons WordPress Plugin Arbitrary File Upload Vulnerability in Ninja Forms - File Uploads Extension WordPress Plugin (Versions up to 3.3.0) Reflected Cross-Site Scripting Vulnerability in Ninja Forms - File Uploads Extension WordPress Plugin NULL Pointer Dereference Vulnerability in mruby/mruby (prior to version 3.2) Heap Buffer Overflow in libtiff Library Version 4.3.0 Reflected Cross-Site Scripting in Export All URLs WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Static Code Injection in Microweber CMS prior to version 1.3 Template Injection Vulnerability in GitHub repository microweber/microweber prior to 1.3 Concurrency Vulnerability in libvirt nwfilter Driver Stored Cross-Site Scripting Vulnerability in IgniteUp WordPress Plugin Reflected Cross-Site Scripting in Header Footer Code Manager WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in NetDataSoft DivvyDrive Reflected Cross-Site Scripting in Ad Inserter WordPress Plugin (Versions before 2.7.12) Arbitrary Code Execution Vulnerability in ABB Flow Computer and Remote Controller Products SAML Login Feature Call Stack Overflow Vulnerability in Mattermost Server (Versions up to 6.3.2) Stack Overflow Vulnerability in Mattermost Server Document Extractor Allows Server Crash via Malicious Apple Pages Document Missing Authorization in GitHub Repository go-gitea/gitea Prior to 1.16.4: Unauthorized Access Vulnerability Unrestricted File Upload Vulnerability in Microweber GitHub Repository (prior to version 1.1.12) Leads to Stored XSS Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 Denial of Service Vulnerability in libtiff's TIFFFetchNormalTag() Function Denial-of-Service Vulnerability in libtiff 4.3.0 via Divide By Zero Error in tiffcrop Downgrade Attack Vulnerability in Zyxel Firewall Firmware: Bypassing Two-Factor Authentication for IPsec VPN Server Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Unrestricted File Upload Vulnerability in Microweber Prior to 1.2.11 Integer Overflow or Wraparound in Microweber prior to 1.3 CSRF Vulnerability in Export All URLs WordPress Plugin Allows Unauthorized Export of Posts and Pages Title: Logitech Sync for Windows TOCTOU Race Condition Vulnerability Allows Privilege Escalation CSRF Vulnerability in Logitech Options OAuth 2.0 Authentication Denial of Service Vulnerability in 389 Directory Server Unauthenticated User Data Leakage in Salon Booking System WordPress Plugins Unauthenticated Access Vulnerability in Salon Booking System WordPress Plugins Remote Code Execution via Backup/Restore Feature in GitHub Repository Microweber/Microweber (<=1.2.12) Critical System Functionality Vulnerability: Lack of Authentication Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Out-of-bounds Read Vulnerability in libtiff 4.3.0's tiffcp Allows Denial-of-Service Stored XSS vulnerability in GitHub repository microweber/microweber prior to version 1.2.12 due to file upload filter bypass Stored Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.2.12 Cross-Site Scripting (XSS) Vulnerability in Dynamic Text Module of Microweber Prior to 1.2.11 Stored XSS vulnerability in GitHub repository microweber/microweber prior to version 1.2.12 due to file upload filter bypass Unauthenticated Access to GitHub Repository in Saleor Prior to 3.1.2 Denial of Service Vulnerability in dnsmasq Critical Host Header Injection Vulnerability in GitHub Repository livehelperchat/livehelperchat Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository autolab/autolab prior to 2.8.0 Stored XSS Vulnerability in showdoc through File Upload in GitHub Repository star7th/showdoc prior to 2.10.4 Stored XSS via File Upload in GitHub Repository Star7th/Showdoc Prior to v2.10.4 SSRF Vulnerability in janeczku/calibre-web prior to 0.6.18 Stored XSS in GitHub repository star7th/showdoc prior to v2.10.4 due to Unrestricted File Upload Stored XSS in GitHub repository star7th/showdoc prior to v2.10.4 due to Unrestricted File Upload Stored XSS Vulnerability in GitHub Repository star7th/showdoc prior to version 2.10.4 Heap-based Buffer Overflow in vim prior to 8.2.4563 Remote Code Execution (RCE) via Template Injection in GitHub Repository sqlpad/sqlpad prior to 6.10.1 Stored XSS and File Upload Vulnerability in star7th/showdoc (GitHub Repository) Stored XSS via CSHtml file upload in GitHub repository star7th/showdoc prior to v2.10.4 Remote Exploitation of ABB ARG600 Wireless Gateway Series via Serial Port Access SQL Injection Vulnerability in Order Listener for WooCommerce WordPress Plugin SQL Injection in Block Bad Bots WordPress Plugin (Version 6.930) Unrestricted File Upload Vulnerability in GitHub Repository star7th/showdoc prior to 2.10.4 Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4 Unauthenticated Remote Code Execution in Sitemap by click5 WordPress Plugin Reflected Cross-Site Scripting in Anti-Malware Security and Brute-Force Firewall WordPress Plugin Stored XSS Vulnerabilities in Microweber Prior to Version 1.2.11 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/data-hub prior to 1.2.4 Stored XSS via File Upload in GitHub Repository Star7th/Showdoc (prior to v.2.10.4) Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4 Unfiltered HTML Capability Bypass in Mark Posts WordPress Plugin (CVE-2021-XXXX) CSRF Exploit Allows Unauthorized File Upload in pgAdmin Stored XSS via .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4 Denial of Service (DoS) Vulnerability in Microweber Application (GitHub Repository microweber/microweber prior to 1.2.12) Stored XSS vulnerability in GitHub repository star7th/showdoc prior to version 2.10.4 via .webma file upload Unrestricted XML Files Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.2.12 Stored XSS vulnerability in GitHub repository star7th/showdoc prior to version 2.10.4 via .webmv file upload Stored XSS vulnerability in GitHub repository star7th/showdoc prior to version 2.10.4 via .ofd file upload Stored XSS via File Upload in star7th/showdoc Stored XSS via File Upload in star7th/showdoc Denial of Service (DoS) Vulnerability in Microweber Application Cross-Site Scripting (XSS) Vulnerability in Optimole WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Grav CMS GitHub Repository (getgrav/grav) prior to version 1.7.31 Use After Free Vulnerability in Blink Layout in Google Chrome on Android Critical Use After Free Vulnerability in Google Chrome Extensions Remote Code Execution Vulnerability in Google Chrome's Safe Browsing (CVE-2022-XXXX) Use After Free Vulnerability in Splitscreen in Google Chrome on Chrome OS ANGLE Use After Free Vulnerability in Google Chrome Heap Buffer Overflow in GPU in Google Chrome: Remote Code Execution Vulnerability Use After Free Vulnerability in Google Chrome Browser UI on Chrome OS ANGLE Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in Safe Browsing in Google Chrome on Android Heap Corruption Vulnerability in Google Chrome New Tab Page (Versions prior to 99.0.4844.74) Quarkus RestEasy Reactive Vulnerability: Privilege Escalation via State Leakage Memory Corruption Vulnerability in telnet_input_char Function SQL Injection Vulnerability in Badges Code: Restricted Access to Configuration Criteria Misconfiguration of Badge Criteria Allows Unauthorized Profile Field Access Vulnerability: Insufficient Capability Checks Allow Unauthorized User Deletion Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository Hestiacp/Hestiacp Prior to 1.5.11 Time-based File Existence Disclosure Vulnerability in PackageKit Cleartext Transmission Vulnerability in Delta Electronics DIAEnergie (Version 1.7.5 and prior) NS WooCommerce Watermark WordPress Plugin Allows Malicious Image Loading and Domain Hiding SSRF Vulnerability in janeczku/calibre-web prior to 0.6.18 Insufficient Session Expiration in Admidio GitHub Repository Authentication Bypass Vulnerability in SiteGround Security Plugin for WordPress Authentication Bypass Vulnerability in SiteGround Security Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Hummingbird WordPress Plugin before 3.3.2 Linux Kernel Watch_Queue Event Notification Subsystem Out-of-Bounds Memory Write Vulnerability Exploitable Vulnerability in 389 Directory Server Allows Expired Passwords to Bypass Authentication Arbitrary Command Execution Vulnerability in Fidelis Network and Deception Components Integer Overflow Vulnerability in Linux Kernel's virtio Device Driver Arbitrary OS Command Injection Vulnerability in mySCADA myPRO Versions 8.25.0 and Prior GitHub Repository Path Traversal Vulnerability in tinyfilemanager prior to 2.4.7 Unsanitized WordPress Target Version Settings in WP Downgrade Plugin Allow Cross-Site Attacks HTML Injection in Mattermost Email Invitations Privilege Escalation Vulnerability in Mattermost API Unintended Display of Accounted Time in Ticket Detail View Cross-Site Scripting (XSS) Vulnerability in WP Statistics WordPress Plugin SQL Injection Vulnerability in Advanced Booking Calendar WordPress Plugin Reflected Cross-Site Scripting in Advanced Booking Calendar WordPress Plugin Arbitrary File Upload Vulnerability in One Click Demo Import WordPress Plugin Reflected Cross-Site Scripting in Smush WordPress Plugin 3.9.9 Stored Cross-Site Scripting Vulnerability in Login using WordPress Users Plugin Use-After-Free Vulnerability in Linux Kernel's FUSE Filesystem Allows Privilege Escalation TCP Source Port Generation Algorithm Vulnerability Blind SQL Injection Vulnerability in Personal Dictionary WordPress Plugin SQL Injection Vulnerability in WP Contacts Manager WordPress Plugin Out-of-Bounds Write Vulnerability in Linux Kernel's nf_tables_api.c Use-after-free vulnerability in nf_tables_core.c allows local attackers to cause a kernel information leak XML External Entity (XXE) Vulnerability in Dynamic Link Library (DLL) Allows Data Leakage Open Redirection Vulnerability in Automated Logic's WebCtrl Server Version 6.1 'Help' Index Pages Arbitrary Function Call Vulnerability in wooproducttable WordPress Plugin GitHub Repository Vulnerability: Insecure Storage of Sensitive Information in chatwoot/chatwoot (prior to 2.6.0) Stored Cross-site Scripting (XSS) Vulnerability in Chatwoot GitHub Repository (prior to 2.5.0) SQL Injection Vulnerability in Podcast Importer SecondLine WordPress Plugin Improper Access Control Vulnerability in Argo CD v1.0.0 and above Sensitive User Information Exposed in Kyocera Multifunction Printer Address Book Export Vulnerability Stored Cross-Site Scripting Vulnerability in Page Restriction WordPress Plugin Cross-Site Scripting Vulnerability in WordPress Security Firewall Plugin Unsanitized Settings in Limit Login Attempts WordPress Plugin: Cross-Site Scripting Vulnerability Command Injection Vulnerability in Okta Advanced Server Access Client for Linux and macOS Use After Free Vulnerability in op_is_set_bp in radareorg/radare2 prior to 5.6.6 GitHub Repository Crater-Invoice/Crater Prior to 6.0.6: Insecure Deserialization of Unvalidated Module File Vulnerability Unrestricted File Upload Vulnerability in GitHub Repository Crater-Invoice/Crater Prior to 6.0.6 Unrestricted File Upload Vulnerability in ShowDoc v2.10.3 Segmentation Fault Vulnerability in MP4Box -lsr (gpac/gpac) prior to 2.1.0-DEV Account Creation Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.2.12 Blind SSRF Vulnerability in EXMAGE WordPress Plugin HP Jumpstart Software Vulnerability: Privilege Escalation Risk Vulnerability: Weak Passwords Enable Unauthorized Access and Privilege Escalation Remote Code Execution Vulnerability in Sophos Firewall v18.5 MR3 and Older Zephyr Bluetooth Mesh Core Stack Out-of-Bound Write Vulnerability during Provisioning Zephyr Bluetooth Mesh Core Stack Out-of-Bound Write Vulnerability during Provisioning Local Privilege Escalation Vulnerability in Linux Kernel's io_uring Implementation Insecure Storage of Profile Images in GitHub Repository: A Sensitive Data Exposure Vulnerability Stored XSS via .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0 Cross-Site Scripting Vulnerability in Visual Form Builder WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Themify Post Type Builder Search Addon WordPress Plugin Use-After-Free Vulnerability in Linux Kernel's Sound Subsystem Allows Privilege Escalation Pacemaker Configuration Tool (pcs) Allows Login for Expired Accounts and Passwords Use-after-free vulnerability in QEMU implementation of VMWare's paravirtual RDMA device Cross-Site Scripting Vulnerability in WPQA Builder Plugin Heap Buffer Overflow in iterate_chained_fixups in radareorg/radare2 prior to 5.6.6 Insecure Agent Registrar Data Validation in Keylime Unauthenticated Data Leakage in RSVP and Event Management Plugin WordPress Plugin Use-After-Free Vulnerability in Linux Kernel's tc_new_tfilter Allows Privilege Escalation Out-of-bounds Read Vulnerability in libtiff 4.3.0 Unauthenticated SQL Injection in Pricing Deals for WooCommerce WordPress Plugin Open Redirect Vulnerability in GitHub Repository go-gitea/gitea prior to 1.16.5 Unauthenticated Access to Hashed User Credentials in Aethon TUG Home Base Server Heap Buffer Overflow in parseDragons in radareorg/radare2 prior to 5.6.8 Cross-Site Scripting Vulnerability in th23 Social WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Thank Me Later WordPress Plugin SQL Injection Vulnerability in ForkCMS Prior to 5.11.1: Bulk Comment Spam Marking Authentication Bypass Vulnerability in Abacus ERP Unauthenticated Access to Hashed User Credentials in Aethon TUG Home Base Server Unauthenticated Access to Lab Reports via URL Manipulation Stack-Based Buffer Overflow in Modbus Slave Registration Field Denial-of-Service Vulnerability in Softing Secure Integration Server V1.22 Unauthenticated Access to Hashed User Credentials in Aethon TUG Home Base Server User-after-free vulnerability in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2 Critical Privilege Escalation Vulnerability in Automatic Question Paper Generator 1.0 HTML Injection Vulnerability in TEM FLEX-1085 1.6.0 WiFi Settings Dashboard Persistent Cross Site Scripting Vulnerability in College Website Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Automatic Question Paper Generator System 1.0 Information Disclosure Vulnerability in TEM FLEX-1080 and FLEX-1085 1.6.0 Critical SQL Injection Vulnerability in SourceCodester College Website Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester One Church Management System Critical SQL Injection Vulnerability in SourceCodester One Church Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Microfinance Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Microfinance Management System 1.0 Login Page Critical SQL Injection Vulnerability in Microfinance Management System Critical Authentication Bypass Vulnerability in SourceCodester One Church Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in CLTPHP up to 6.0 Cross-Site Scripting (XSS) Vulnerability in DolphinPHP User Management Page Persistent Cross-Site Scripting Vulnerability in htmly 5.3 Edit Profile Module Stored Cross-Site Scripting Vulnerability in Page Security & Membership WordPress Plugin Stored Cross-Site Scripting Vulnerability in Bulk Edit and Create User Profiles WordPress Plugin Stored Cross-Site Scripting Vulnerability in Good & Bad Comments WordPress Plugin Bypassing Sanitisation in Safe SVG WordPress Plugin Allows for XSS and XML Attacks Unauthenticated User Enumeration in myCred WordPress Plugin Arbitrary JavaScript Injection in WP Meta SEO WordPress Plugin Stored Cross-Site Scripting Vulnerability in amr users WordPress Plugin Stored Cross-Site Scripting Vulnerability in Mihdan WordPress Plugin Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome Use-after-free vulnerability in NSSToken objects in Thunderbird and Firefox Privilege Escalation Vulnerability in Delta Electronics DIAEnergie (Versions prior to 1.8.02.004) Tag Overload Vulnerability in GitLab CE/EE: Performance Impact via Excessive Tag Addition Exponential Backtracking DOS Vulnerability in GitLab CE/EE Critical Remote Authentication Bypass Vulnerability in SourceCodester Royale Event Management System 1.0 (VDB-195785) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Royale Event Management System 1.0 Arbitrary File Upload Vulnerability in Advanced Uploader WordPress Plugin Stored Cross-Site Scripting Vulnerability in Popup Maker WordPress Plugin Unauthorized Access to Pipeline Analytics in GitLab CE/EE Versions 13.11 to 14.9.2 Use After Free Vulnerability in mrb_vm_exec in mruby/mruby (prior to 3.2) ThinkPad Models Vulnerable to Code Execution Exploit via SmmOEMInt15 SMI Handler Local Privilege Escalation Vulnerability in LenovoFlashDeviceInterface on Thinkpad X1 Fold Gen 1 Default permissions vulnerability in Lenovo Leyun cloud music application allows denial of service. Buffer Overflow Vulnerability in Lenovo Smart Standby Driver Incorrect User Display in Project Import Vulnerability Stored Cross-Site Scripting Vulnerability in Autolinks WordPress Plugin Stored Cross-Site Scripting Vulnerability in Florist One WordPress Plugin Heap-Use-After-Free Vulnerability in ImageMagick's RelinquishDCMInfo() Function Heap-buffer-overflow vulnerability in ImageMagick's PushShortPixel() function Integer Overflow or Wraparound Vulnerability in io_uring of Linux Kernel Allows Local Privilege Escalation to Root Vulnerability in fapolicyd: Pattern Detection Failure in Runtime Linker Arbitrary Code Execution via Deserialization in Connected Components Workbench Arbitrary File Download Vulnerability in Simple File List WordPress Plugin Sensitive Information Exposure in GitLab CI/CD Configuration Include Directive Failure Unlimited Resource Consumption Vulnerability in GitLab Pages Denial of Service Vulnerability in openjpeg2 2.4.0 SQL Injection Vulnerability in Leaflet Maps Marker WordPress Plugin Improper Authorization Vulnerability in GitLab CE/EE Allows Unauthorized Access to Job Trace Logs Use After Free Vulnerability in Portals in Google Chrome Use After Free Vulnerability in Google Chrome QR Code Generator Cross-Origin Data Leakage in Web Share API in Google Chrome on Windows Omnibox Spoofing Vulnerability in Google Chrome on Android Arbitrary Intent Injection in WebOTP on Google Chrome for Android Use After Free Vulnerability in Cast UI in Google Chrome Local Bypass of Navigation Restrictions via Physical Access in Google Chrome Virtual Keyboard WebRTC Perf Use After Free Vulnerability in Google Chrome Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 100.0.4896.60) Heap Corruption Vulnerability in Google Chrome Shopping Cart Use After Free Vulnerability in Google Chrome Tab Strip Information Leakage Vulnerability in Google Chrome Extensions Obscuring Omnibox Contents Vulnerability in Google Chrome Cross-Origin Data Leakage in Background Fetch API in Google Chrome Heap Corruption Exploit via User Gesture in Google Chrome File Manager Heap Buffer Overflow in Google Chrome WebUI via DevTools Interaction Heap Buffer Overflow in Google Chrome WebUI via DevTools Interaction Use After Free Vulnerability in Google Chrome WebUI Allows Remote Code Execution Use After Free Vulnerability in Google Chrome Extensions Cross-Origin Data Leakage in Resource Timing in Google Chrome Unauthorized Access Token Theft in GitLab Pages Reflected Cross-Site Scripting in Menubar WordPress Plugin Cross-Site Scripting Vulnerability in LayerSlider WordPress Plugin Title: Use After Free Vulnerability in utf_ptr2char Function in Vim Prior to 8.2.4646 Session Hijacking Vulnerability in Snipe-IT GitHub Repository Prior to 5.3.10 Unfiltered HTML Capability Bypass in Books & Papers WordPress Plugin Sensitive Data Leakage through Exception Logging in GitLab CE/EE KVM Vulnerability: Privilege Escalation and Kernel Corruption via Page Table Entry Manipulation Undetectable Code Injection Vulnerability in Rockwell Automation Studio 5000 Logix Designer Heap Buffer Overflow in get_one_sourceline in Vim/Vim (CVE-2021-3770) Code Modification Vulnerability in Studio 5000 Logix Designer Hardcoded Password Vulnerability in GitLab CE/EE Versions 14.7-14.9.2 Stored Cross-site Scripting (XSS) Vulnerability in mineweb/minewebcms Repository Reflected XSS Vulnerabilities in Wyzi Theme's Business Search Feature IP Spoofing Vulnerability in Blackhole for Bad Bots WordPress Plugin Vulnerability: Directory Listing Exposes Personal Data in JobMonster Theme Unauthenticated Reflected XSS Vulnerabilities in CareerUp WordPress Theme Cross-Site Scripting Vulnerability in JobSearch WP JobSearch WordPress Plugin Careerfy XSS Vulnerability: Exploiting Cross-Site Scripting in the Platform Unsanitized GET Requests in JobMonster WordPress Theme: XSS Vulnerability Reflected Cross-Site Scripting in Vertical Scroll Recent Post WordPress Plugin Null Pointer Dereference Vulnerability in gpac/gpac prior to 2.1.0-DEV Stored XSS Vulnerability in Grav GitHub Repository (prior to 1.7.33) Gitlab CE/EE DoS Vulnerability: High CPU Usage via Crafted Input XSS Vulnerability in GitLab CE/EE Versions 14.4 - 14.9.2 Multiple Endpoints in GitHub Repository livehelperchat/livehelperchat Prior to 3.96 Vulnerable to IDOR Due to Loose Comparison Unauthenticated User Can Download Patient Reports in openemr Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4: A Potential Security Breach Stored Cross-Site Scripting Vulnerability in GitHub Repository openemr/openemr prior to 6.0.0.4 Reflected Cross Site Scripting Vulnerability in GitHub Repository openemr/openemr prior to 6.0.0.4 Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2: A Potential Security Breach SQL Injection Vulnerability in Visual Slide Box Builder WordPress Plugin Assertion Failure in BIND Daemon due to HTTP Reference in listen-on Statements Use-After-Free Vulnerability in Linux Kernel's fs/ext4/namei.c:dx_insert_block() RDoc File Denial of Service Vulnerability in GitLab CE/EE Be POPIA Compliant WordPress Plugin Exposes Sensitive User Information to Unauthenticated Users Reflected Cross-Site Scripting Vulnerability in WordPress WP YouTube Live Plugin (up to version 1.7.21) via POST Data in ~/inc/admin.php Blind SSRF Vulnerability in GitLab CE/EE Repository Mirroring Feature Unauthorized User Access to Private Project Approval Rules in GitLab CE/EE Stored XSS vulnerability in GitLab CE/EE versions 8.3 to 14.9.2 via multi-word milestone references. SSRF Vulnerability in livehelperchat/livehelperchat prior to 3.96 Reflected Cross-Site Scripting in Turn off all comments WordPress Plugin GitLab CE/EE Privilege Escalation via Merge Requests CSV Injection Vulnerability in Mobile Events Manager WordPress Plugin Use-After-Free Vulnerability in Linux Kernel's drivers/net/hamradio Allows for Denial of Service Use-after-free vulnerability in Thunderbird and Firefox ESR versions < 91.8 Revocation Reason Bypass Vulnerability in Thunderbird < 91.8 Use-After-Free Vulnerability in Linux Kernel's 6pack Driver Allows for Kernel Crash Linux Kernel Vulnerability: Amateur Radio Simulation Exploits Null-Ptr-Deref and Use-After-Free NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby prior to 3.2 CSV Injection Vulnerability in WP-CRM WordPress Plugin Arbitrary Blog Option Modification Vulnerability in Content Mask WordPress Plugin Linux Kernel Amateur Radio AX.25 Protocol Use-After-Free Vulnerability Linux Kernel AX.25 Protocol: Local User Crash Vulnerability GitHub Repository radareorg/radare2 Out-of-Bounds Read Vulnerability Stored Cross-Site Scripting Vulnerability in Ultimate Member WordPress Plugin Arbitrary Redirect Vulnerability in Ultimate Member WordPress Plugin (Versions up to 2.3.1) Denial of Service Vulnerability in LibTIFF 4.3.0's TIFF File Handler Critical Stack-Based Overflow Vulnerability in tildearrow Furnace dev73 FUR to VGM Converter Use-After-Free Vulnerability in str_escape in mruby/mruby GitHub Repository SSRF Filter Bypass Vulnerability in livehelperchat/livehelperchat (prior to 3.67v) Libinput Format String Vulnerability Reflected Cross-Site Scripting in Advanced Image Sitemap WordPress Plugin Reflected Cross-Site Scripting in Custom TinyMCE Shortcode Button WordPress Plugin Reflected Cross-Site Scripting in Domain Replace WordPress Plugin SQL Injection Vulnerability in RecyclebinController.php in Pimcore Prior to 10.3.5: Data Theft Potential Reflected Cross-Site Scripting in FoxyShop WordPress Plugin (before 4.8.2) Reflected Cross-Site Scripting in Gwyn's Imagemap Selector WordPress Plugin Infinite Loop Vulnerability in gpac/gpac Prior to 2.1.0-DEV GitHub Repository Authorization Vulnerability in phpipam/phpipam prior to 1.4.6 GitHub Repository phpipam/phpipam Prior to 1.4.6: Improper Authorization Vulnerability Privilege Escalation in phpipam/phpipam prior to 1.4.6 Privilege Escalation Vulnerability in Podman Allows Unauthorized Access to Host Filesystem Opensea WordPress Plugin 1.0.3 Cross-Site Scripting Vulnerability Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.2.034 via Malicious IFC Files Arbitrary Code Execution via Redirection Vulnerability in Samsung Galaxy S21 (ZDI-CAN-15918) Stored XSS via Embedded SVG in PlantUML GitHub Repository Type Confusion Vulnerability in V8 in Google Chrome prior to 100.0.4896.75 URL Confusion Vulnerability in GitHub repository medialize/uri.js prior to 1.19.11 Cross-Site Scripting (XSS) Vulnerability in livehelperchat/livehelperchat prior to 3.97 Brute-Force Vulnerability in livehelperchat/livehelperchat Repository (prior to 3.96) Insecure Password Policy in GitHub Repository weseek/growi prior to v5.0.0 Heap Buffer Overflow in radareorg/radare2 prior to 5.6.8 Heap Overflow Vulnerability in libr/bin/format/ne/ne.c in radareorg/radare2 (prior to version 5.6.8) Unvalidated Proxy URL in HubSpot WordPress Plugin Allows SSRF Attacks Heap Buffer Overflow in mach0.c in radare2 (GitHub repository radareorg/radare2) prior to version 5.8.6 Reflected Cross-Site Scripting Vulnerability in Ask me WordPress Theme before 6.8.2 Arbitrary Socket Connection Vulnerability in Apport Invalid Protocol Extraction Vulnerability in GitHub Repository Medialize/uri.js (prior to 1.19.11) Allows XSS Heap Buffer Overflow in radareorg/radare2: Inducing Denial of Service Token Exchange Privilege Escalation Vulnerability in Keycloak Race Condition in rose_connect() Function of Linux Kernel Critical Unauthenticated Account Creation Vulnerability in SAP Information System 1.0 NULL Pointer Dereference Vulnerability in pesign's cms_set_pw_data() Function Reflected Cross-Site Scripting in LifterLMS PayPal WordPress Plugin Unauthenticated Profile Information Modification in Ask me WordPress Theme Weak Encryption Algorithm in gnuboard/gnuboard5 (<= 5.5.5) Allows Sensitive Information Exposure Heap-based Buffer Overflow in libde265 1.0.8 and earlier versions URL Redirection Vulnerability in Skyhigh SWG Stored Cross-Site Scripting Vulnerability in Import and Export Users and Customers WordPress Plugin Local Privilege Escalation Vulnerability in MA for Windows Prior to 5.7.6 through Manipulation of Symbolic Links Insecure Storage of Sensitive Information in MA for Linux, macOS, and Windows (prior to 5.7.6) Blind SQL Injection Vulnerability in ePolicy Orchestrator (ePO) Extension of MA Prior to 5.7.6 Undertow HTTP/2 Flow Control Vulnerability Privilege Escalation Vulnerability in Matrikon OPC Server Remote Command Injection Vulnerability in Protest Binary KVM Dirty Ring Support NULL Pointer Dereference Vulnerability Ignition Web Configuration Arbitrary Code Execution Vulnerability Unsanitized CAPTCHA Settings in BulletProof Security WordPress Plugin Allow for Cross-Site Scripting Attacks Cross-Site Scripting (XSS) Vulnerability in Post Grid, Slider & Carousel Ultimate WordPress Plugin Reflected Cross-Site Scripting in BMI BMR Calculator WordPress Plugin Reflected Cross-Site Scripting in Donate Extra WordPress Plugin Reflected Cross-Site Scripting in Fast Flow WordPress Plugin Heap Buffer Overflow Vulnerability in GraphicsMagick's MIFF Parsing Arbitrary File Write Vulnerability in GNU gzip's zgrep Utility Arbitrary File Upload Vulnerability in Import WP WordPress Plugin (CVE-2021-XXXX) Arbitrary HTML Injection in Keycloak's execute-actions-email Endpoint Unsanitized Settings in BannerMan WordPress Plugin Allows Cross-Site Scripting Attacks Out-of-bounds Read Vulnerability in mrb_get_args in mruby/mruby (GitHub Repository) Unauthenticated SQL Injection Vulnerability in Inavitas Solar Log Product WildFly Trace Payload Information Disclosure Vulnerability EBICS-Java/EBICS-Java-Client Encryption Vulnerability Race Condition Vulnerability in Linux Kernel's drm_lease_held Function SQL Injection Vulnerability in Photo Gallery WordPress Plugin Reflected Cross-Site Scripting (XSS) in Photo Gallery by 10Web WordPress Plugin NULL Pointer Dereference in r_bin_ne_get_entrypoints function Heap-use-after-free vulnerability in radareorg/radare2 prior to 5.6.8 leading to denial of service Critical SSRF Vulnerability in gogs/gogs Prior to 0.12.8 Heap Buffer Overflow in mrb_vm_exec in mruby/mruby Critical Privilege Escalation Vulnerability in School Club Application System 1.0 Reflected Cross-Site Scripting Vulnerability in School Club Application System 1.0 Incomplete Fix of CVE-2022-1211 in tildearrow Furnace: Remote Denial of Service Vulnerability Stored XSS in Name, Group Name & Title in GitHub repository polonel/trudesk prior to v1.2.0 Cross-Site Scripting (XSS) Vulnerability in hhurz/tableexport.jquery.plugin prior to 1.25.0: Cookie Leakage and Data Transmission to Third-Party Servers Command Injection Vulnerability in c_rehash Script Bypassing Embedded Neutralization of Script-Related HTML Tag Vulnerability Unsanitized Settings in IMDB Info Box WordPress Plugin Allows for Cross-Site Scripting Attacks Prototype Pollution in fullpage.js prior to 4.0.2 Out-of-bounds Read Vulnerability in `r_bin_ne_get_relocs` Function in Radare2 (CVE-2021-12345) Out-of-bounds Read Vulnerability in r_bin_ne_get_entrypoints Function in Radare2 Cross-Site Scripting Vulnerability in Tabs WordPress Plugin Unsanitized Default Slideshow Settings in Slideshow WordPress Plugin Allow for Cross-Site Scripting Attacks Unauthenticated Service Function Vulnerability in Multiple Versions of TRUMPF TruTops Products Cross-Site Scripting (XSS) Vulnerability in WP Contact Slider WordPress Plugin Unauthenticated Denial of Service Vulnerability in MZ Automation LibIEC61850 Cross-Site Scripting Vulnerability in Slide Anything WordPress Plugin e2fsprogs 1.46.5 Out-of-Bounds Read/Write Vulnerability Heap Corruption Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on Android BFCache Use After Free Vulnerability in Google Chrome Sandbox Escape Vulnerability in Google Chrome Developer Tools Heap Corruption Vulnerability in Google Chrome's Regular Expressions Remote Code Execution Vulnerability in Google Chrome on ChromeOS Sandbox Escape Vulnerability in Google Chrome Prior to 100.0.4896.88 Heap Corruption Vulnerability in Tab Groups in Google Chrome Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome Local Privilege Escalation Vulnerability in GitHub repository zerotier/zerotierone prior to 1.8.8 Weak Communication Channel in Hills ComNav Version 3002-19: Predictable Packet Sizes Expose System State Improper Handling of AJP 400 Response in Undertow Cross-Site Scripting Vulnerability in Sliderby10Web WordPress Plugin Cross-Site Scripting Vulnerability in miniOrange's Google Authenticator WordPress Plugin Cross-Site Scripting Vulnerability in Coming Soon - Under Construction WordPress Plugin Unauthenticated Privilege Escalation in Discy WordPress Theme Cross-Site Scripting Vulnerability in Event Timeline WordPress Plugin Clmg Vulnerability: Buffer Overflow Exploit via Pandore or BMP File Cross-Site Scripting Vulnerability in Form - Contact Form WordPress Plugin Cross-Site Scripting Vulnerability in Image Gallery WordPress Plugin Buffer Overflow in uudecoder in Mutt: Read Past End of Input Line Vulnerability Unauthenticated Remote Code Execution Vulnerability in Elementor Website Builder Plugin for WordPress (Versions 3.6.0 to 3.6.2) Stored XSS vulnerability in fullPage.js GitHub repository prior to version 4.0.4 XML External Entity (XXE) Vulnerability in DMARS (Versions prior to v2.1.10.24) API Permission Bypass Vulnerability in Mattermost 6.4.1 and Earlier Denial of Service Vulnerability in Mattermost Playbooks Plugin v1.24.0 and Earlier Cross-Site Scripting Vulnerability in WP YouTube Live WordPress Plugin Cross-Site Scripting Vulnerability in Slideshow CK WordPress Plugin Cross-Site Scripting Vulnerability in Carousel CK WordPress Plugin Memory Allocation Vulnerability in Mattermost Image Proxy Component Unfiltered HTML Capability Bypass in Easily Generate Rest API Url WordPress Plugin SQL Injection Vulnerability in ElementController.php in Pimcore Prior to 10.3.5: Data Theft Potential Stored Cross-site Scripting (XSS) Vulnerability in YetiForce CRM prior to version 6.4.0 Arbitrary Null Write Vulnerability in bwm-ng v0.6.2 Unmasked Password Vulnerability in Devolutions Remote Desktop Manager Vulnerability: Inconsistent Verification of OCSP Response Signing Certificate Stored XSS vulnerability in GitHub repository causefx/organizr prior to version 2.1.1810 allows remote attackers to execute malicious scripts and potentially compromise user sessions and expose sensitive data. Stored XSS via .svg File Upload in GitHub Repository Multiple Stored XSS Vulnerabilities in GitHub Repository CauseFX/Organizr prior to 2.1.1810 Stored XSS in Username & Email input fields leading to account takeover and privilege escalation in GitHub repository causefx/organizr prior to 2.1.1810 World-readable state file in logrotate allows unprivileged users to stop rotation Arbitrary Profile Picture Deletion Vulnerability in WPQA Builder Plugin Memory Corruption Vulnerability in GhostPCL 9.55.0 Stored XSS vulnerability in Tooltip in GitHub repository pimcore/pimcore prior to 10.4 Insecure Direct Object Reference Vulnerability in Gitlab: Unauthorized Access to Issue Titles Kernel Memory Leak Vulnerability in Linux Kernel's pfkey_register Function Heap Buffer Overflow Vulnerability in Libtiffs' tiffinfo.c Stack Buffer Overflow Vulnerability in Libtiffs' tiffcp.c Local Privilege Escalation Vulnerability in cnMaestro Unauthenticated Remote Code Execution in On-Premise cnMaestro Server SQL Injection Vulnerability in On-Premise Allows Data Exfiltration Arbitrary File-Write Vulnerability in On-Premise cnMaestro Remote Code Execution Vulnerability in On-Premise cnMaestro Hosting Server On-Premise cnMaestro Vulnerability: Pre-Auth SQL Data Exfiltration Arbitrary Command Execution Vulnerability in On-Premise cnMaestro Type Confusion Vulnerability in V8 Turbofan in Google Chrome: Remote Heap Corruption Exploit GitHub Repository Vulnerability: Unauthorized Access to Private Personal Information in lquixada/cross-fetch (prior to 3.1.5) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) CWE-306: Unauthorized Password Change via Websocket Communications in Cognex 3D-A1000 Dimensioning System Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Directory Traversal Vulnerability in Softing Secure Integration Server V1.22's Restore Configuration Feature Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) GitHub Repository PlantUML URL Restriction Bypass Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in Item Name Parameter in GitHub Repository Snipe/Snipe-IT (prior to v5.4.3) - User Cookie Theft Critical Heap Buffer Overflow Vulnerability in Vim Prior to 8.2.4763 NULL Pointer Dereference Vulnerability in radareorg/radare2 (prior to version 5.6.8) Heap-based Buffer Overflow in radareorg/radare2 prior to 5.6.8: Exploiting Data Leakage and Program Crashes Insecure Plugin Version Installation in Mattermost 6.4.x and Earlier Improper Invalidation of Pending Email Invitations in Mattermost 6.4.x and Earlier Arbitrary HTTP Request Vulnerability in Fusion Builder WordPress Plugin Unfiltered HTML Vulnerability in No Future Posts WordPress Plugin Undisclosed Request Bypasses iControl REST Authentication in F5 BIG-IP Versions CSRF Vulnerability in F5 BIG-IP Configuration Utility Allows Limited Command Execution Arbitrary File Read and Remote Code Execution Vulnerability in Admin Word Count Column WordPress Plugin Local File Inclusion vulnerability in Cab fare calculator WordPress plugin before 1.0.4 Local File Inclusion Vulnerability in Videos Sync PDF WordPress Plugin (1.7.4) Unsanitized AJAX Update Allows XSS Exploitation in WP Subtitle Plugin Cross-Site Scripting Vulnerability in Photo Gallery by 10Web WordPress Plugin Unsanitised Settings in Easy FAQ with Expanding Text WordPress Plugin Allows Cross-Site Scripting Attacks Stored Cross-Site Scripting Vulnerability in Donorbox WordPress Plugin GitHub Repository Privilege Escalation Vulnerability: Full System Takeover in alextselegidis/easyappointments (prior to 1.5.0) Unauthenticated Blind SSRF Vulnerability in External Media without Import WordPress Plugin Arbitrary Code Execution Vulnerability in Device42 CMDB Discovery Component Hard-coded Cryptographic Key Vulnerability in Exago Web Reports Allows Session ID Leakage and Privilege Escalation Improper Access Control vulnerability in Device42 CMDB versions prior to 18.01.00 allows unauthorized access to sensitive server files ASDA-Soft Version 5.4.1.0 and Prior Input Sanitization Vulnerability ASDA-Soft Version 5.4.1.0 and Prior: Input Sanitization Vulnerability Out-of-Bounds Read Vulnerability in Delta Electronics CNCSoft (All versions prior to 1.01.32) Stack-Based Buffer Overflow in CNCSoft Versions Prior to 1.01.32 Vulnerability: Unauthorized Access to Protected CI/CD Variables in GitLab CE/EE Vulnerability: Cross-Site Scripting (XSS) via CSRF in VikBooking Hotel Booking Engine & PMS WordPress Plugin Cross-Site Scripting Vulnerability in VikBooking Hotel Booking Engine & PMS WordPress Plugin Arbitrary PHP File Upload Vulnerability in VikBooking Hotel Booking Engine & PMS WordPress Plugin OS Command Injection in db_optimize component of Device42 Asset Management Appliance (CVE-2020-12345) Unrestricted File Upload Vulnerability in YetiForceCRM (prior to 6.4.0) Allows Account Takeover Vulnerability: WP_Mail WordPress Plugin Exposes Sensitive Information through Predictable Filenames Unmasked Integration Properties Disclosure in GitLab CE/EE Insufficient Input Sanitization in 3scale API Management 2 Allows for Script Injection and Potential Data Breach Deserialization Vulnerability in Drools Core Allows Code Execution HTML Injection in GitLab CE/EE Pipeline Error Messages Unauthorized Access to Project Members-only Wikis via Malicious CI Jobs in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in Social Stickers WordPress Plugin Concurrent Refcount Decrease Vulnerability in ioctl$DRM_IOCTL_MODE_DESTROY_DUMB Out-of-range Pointer Offset Vulnerability in vim/vim (prior to 8.2.4774) CSRF Vulnerability in Discy WordPress Theme Allows Arbitrary Settings Modification CSRF Vulnerability in Discy WordPress Theme Allows Site Settings Reset Cache Poisoning Vulnerability in GitLab CE/EE Allows Arbitrary Code Execution in Protected Branches CSRF Vulnerability in Ask me WordPress Theme before 6.8.2 Insecure Direct Object Reference (IDOR) Vulnerability in WPQA Builder Plugin Authentication Bypass Vulnerability in GitLab Out-of-bounds Read Vulnerability in mrb_obj_is_kind_of in mruby/mruby (GitHub Repository) GitLab Authentication Throttling Bypass Vulnerability SQL Injection Vulnerability in GridHelperService.php in Pimcore Prior to 10.3.6: Data Theft Potential DOM-based Cross-site Scripting (XSS) Vulnerability in OctoPrint Prior to 1.8.0 Uncontrolled Resource Consumption Vulnerability in GitLab Cross-site Scripting (XSS) Vulnerability in OctoPrint Repository Persistent XSS Vulnerability in GitLab Vulnerability: Weak MAC Key Generation in OpenSSL 3.0 RC4-MD5 Ciphersuite Cross-Site Scripting (XSS) Vulnerability in WPCargo Track & Trace WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WPCargo Track & Trace WordPress Plugin Heap-based Buffer Overflow in radareorg/radare2 prior to 5.7.0 HTML Entity Sanitization Bypass in Keycloak Impersonation Feature Reflected XSS Vulnerability in Microweber CMS (GitHub Repository microweber/microweber) Prior to Version 1.2.15 Command Injection Vulnerability in git-interface@2.1.1: Remote Code Execution via User Input Buffer Overflow Vulnerability in MP4Box's diST_box_read() Function Vulnerability: Sensitive Information Disclosure in Metform WordPress Plugin Heap-Use-After-Free Vulnerability in radareorg/radare2 (prior to 5.7.0) Inducing Denial of Service Stored Cross Site Scripting (XSS) Vulnerability in GitHub Repository Snipe-IT (snipe/snipe-it) Prior to Version 5.4.3 Out-of-bounds Read Vulnerability in r_bin_java_constant_value_attr_new Function Out-of-bounds Read Vulnerability in r_bin_java_bootstrap_methods_attr_new Function Unauthenticated SQL Injection Vulnerability in RSVPMaker Plugin for WordPress Reflected Cross-Site Scripting in Call Now Button WordPress Plugin before 1.1.2 Unsanitized Settings in Poll Maker WordPress Plugin Allows for Store Cross-Site Scripting Attack Cross-Site Scripting (XSS) Vulnerability in neorazorx/facturascripts (prior to 2022.04) at EditUser and EditProducto Pages Stored XSS Vulnerability in GitHub Repository openemr/openemr prior to 6.1.0.1 Allows Session Hijacking Unauthenticated User Can Access Patient Disclosures in GitHub Repository Unauthorized Execution of Scheduled Pipelines in GitLab GitHub Repository OpenEMR Prior to 6.1.0.1 Allows Non-Privileged Users to Enable or Disable Registration Race condition vulnerability in Linux kernel's TeleTYpe subsystem allows local users to crash the system or read unauthorized random data from memory Vulnerability: PHP Object Injection in Booking Calendar Plugin for WordPress Stored XSS Vulnerability in Gogs GitHub Repository Prior to 0.12.7 Reflected Cross-Site Scripting in WPC Smart Wishlist for WooCommerce WordPress Plugin Improper Authorization in Red Hat Single Sign-On Allows Unauthorized User Actions Windows OS Language Bar Vulnerability Authenticated iControl REST User Processing Delay Vulnerability Stored Cross-Site Scripting Vulnerability in FiboSearch WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Ultimate WooCommerce CSV Importer WordPress Plugin Remote Code Execution Vulnerability in SnakeYaml's Constructor() Class SQL Injection Vulnerability in Better Find and Replace WordPress Plugin Memory Leak and Denial of Service Vulnerability in OPENSSL_LH_flush() Function Reflected Cross-Site Scripting in WP Event Manager WordPress Plugin Integer Overflow Vulnerability in FFmpeg's g729_parse() Function Arbitrary File Deletion Vulnerability in All-in-One WP Migration Plugin Vulnerability Title: Use After Free Heap Corruption in Vulkan in Google Chrome Heap Corruption Vulnerability in SwiftShader in Google Chrome Use After Free Vulnerability in ANGLE in Google Chrome (prior to 101.0.4951.41) Allows Remote Heap Corruption Use After Free Vulnerability in Google Chrome on Mac (prior to version 101.0.4951.41) Allows Remote Code Execution via Crafted HTML Page Heap Corruption Vulnerability in WebGL Implementation in Google Chrome WebGPU Heap Buffer Overflow in Google Chrome Heap Buffer Overflow in Google Chrome Web UI Settings Heap Corruption Vulnerability in Google Chrome File System API Type Confusion Vulnerability in V8: Information Disclosure in Google Chrome Remote Code Execution via Use After Free in Ozone in Google Chrome Cross-Origin Data Leakage via Malicious Chrome Extension Heap Corruption Vulnerability in Google Chrome UI Shelf on Chrome OS Use After Free Vulnerability in Google Chrome Browser Switcher Remote Code Execution via Use After Free in Google Chrome Bookmarks Arbitrary Script Injection Vulnerability in Google Chrome's Blink Editing Use After Free Vulnerability in Google Chrome Dev Tools Bypassing Trusted Types Policy via Insufficient Data Validation in Google Chrome APK Downloads Dialog Spoofing Vulnerability in Google Chrome on Android Heap Corruption Vulnerability in Google Chrome File Manager Cross-Origin Website Spoofing Vulnerability in Google Chrome Cross-Origin Data Leakage in HTML Parser in Google Chrome Same Origin Policy Bypass in Google Chrome WebAuthentication Bypassing Content Security Policy via Insufficient Data Validation in Google Chrome Dev Tools Cross-Origin Data Leakage via Inappropriate iFrame Implementation in Google Chrome Insufficient Permission Verification in Git Version Control API Allows Unauthorized Project Modifications Cross-Site Scripting (XSS) Vulnerability in GetSimple CMS Content Module Cross-Site Scripting (XSS) Vulnerability in GitHub Repository microweber/microweber prior to 1.2.15 Unauthenticated SQL Injection Vulnerability in RSVPMaker Plugin for WordPress Cross-Site Scripting Vulnerability in WP Born Babies WordPress Plugin NULL Pointer Dereference Vulnerability in chafa: Denial of Service via Crafted Input File Linux Kernel io_uring Module Out-of-Bounds Read Vulnerability Sed Injection Vulnerability in Hestia Control Panel (HestiaCP) Prior to 1.5.12 Uncontrolled Resource Consumption Vulnerability in GitLab Unauthenticated Access to GitHub Repository in Snipe-IT Prior to 5.4.4 Cross-Site Scripting Vulnerability in ScrollReveal.js Effects WordPress Plugin Code Execution Vulnerability in Lenovo PCManager Stored XSS Vulnerability in FacturaScripts Plugin Upload Functionality Memory Leak in Mat_VarReadNextInfo5() in mat5.c in matio 1.5.21 and Earlier: Potential DoS Vulnerability Linux Kernel X.25 NULL Pointer Dereference Vulnerability Remote Code Execution and Privilege Escalation Vulnerability in LRM Directory Traversal Vulnerability in LRM Allows Unauthorized File Upload Unrestricted File Upload Vulnerability in LRM Allows for Remote Code Execution Incorrect Encryption and Signature Status Display Vulnerability in Thunderbird Lack of Authentication and Authorization in LRM Paves Way for Data Manipulation and Interception CWE-117: False Password Change Logs Vulnerability in Cognex 3D-A1000 Dimensioning System Write-What-Where Vulnerability in Fuji Electric D300win Prior to Version 3.7.1.17 Unencrypted Data Transmission in LRM Version 2.4 and Lower: Vulnerability to MITM Attacks CWE-602: Bypassing Web Access Controls in Cognex 3D-A1000 Dimensioning System Cross-Site Scripting (XSS) Vulnerability in Emlog Pro up to 1.2.2 Reflected Cross-Site Scripting in WP 2FA WordPress Plugin Reflected Cross-Site Scripting in VikBooking Hotel Booking Engine & PMS WordPress Plugin Prototype Pollution in Firefox ESR, Firefox, Firefox for Android, and Thunderbird XSS Vulnerability in livehelperchat/livehelperchat prior to 3.99v Critical SQL Injection Vulnerability in ARAX-UI Synonym Lookup Functionality Reflected Cross-Site Scripting in Themify WordPress Plugin (<=1.3.8) Buffer Over-read Vulnerability in libmobi GitHub Repository (bfabiszewski/libmobi) Prior to 0.11 Buffer Over-read Vulnerability in libmobi prior to 0.11 Cross-Site Scripting (XSS) Vulnerability in Automad Dashboard Race condition vulnerability in file.copy operations in GruntJS allows arbitrary file write Arbitrary File Upload Vulnerability in Theme Demo Import WordPress Plugin CSV Injection and Data Leakage Vulnerability in Exports and Reports WordPress Plugin Arbitrary File Upload Vulnerability in PostmagThemes Demo Import WordPress Plugin Cross-Site Scripting Vulnerability in Video Slider WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in HPB Dashboard WordPress Plugin GitHub Repository erudika/scoold Prior to 1.49.4 - Memory Corruption Vulnerability CSV Injection in luyadev/yii-helpers prior to 1.2.1 Confidential Note Disclosure Vulnerability in Gitlab CE/EE Reflected Cross-Site Scripting in WooCommerce - Product Importer WordPress Plugin Reflected Cross-Site Scripting in Check & Log Email WordPress Plugin Privilege Escalation in Mattermost Playbooks Plugin 1.25 and Earlier Stored Cross-Site Scripting Vulnerability in WP Athletics WordPress Plugin Insecure File Storage Vulnerability in SP Project & Document Manager WordPress Plugin Privilege Escalation Vulnerability in PostgreSQL Improper Access Control in GitHub Repository Allows Leakage of Password-Protected Article Content Path Traversal Vulnerability in GitHub Repository clinical-genomics/scout prior to 4.52 DOM XSS Vulnerability in Microweber v1.2.15 Allows Arbitrary JS Code Injection and Website Defacement SQL Injection Vulnerability in StaffList WordPress Plugin Stored Cross-Site Scripting Vulnerability in ULeak Security & Monitoring WordPress Plugin Stored Cross-Site Scripting Vulnerability in Curtain WordPress Plugin Stored Cross-Site Scripting Vulnerability in Clipr WordPress Plugin Open Parameter Local File Inclusion Vulnerability in Amministrazione Aperta WordPress Plugin URL Parameter Sanitization Vulnerability in Lura and KrakenD Unsanitized SVG File Upload Vulnerability in Enable SVG WordPress Plugin Unauthenticated Enumeration of Coupon Codes and Values in WPGraphQL WooCommerce Plugin Cross-Site Scripting Vulnerability in Form Maker WordPress Plugin Arbitrary File Upload Vulnerability in WP All Import Plugin (Versions up to 3.6.7) Cross-Site Scripting (XSS) Vulnerability in Quotes Llama WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP-JS Plugin for WordPress Unfiltered HTML Cross-Site Scripting Vulnerability in Team Members WordPress Plugin Cross-Site Scripting Vulnerability in WordPress Plugin before 1.4.9.4 Unauthenticated Users Can Reset Settings in Files Download Delay WordPress Plugin Cross-site Scripting (XSS) Vulnerability in GitHub Repository neorazorx/facturascripts Unauthenticated Arbitrary File Deletion in HTML2WP WordPress Plugin CSRF Vulnerability in HTML2WP WordPress Plugin Allows Unauthorized Settings Modification Unauthenticated File Upload Vulnerability in HTML2WP WordPress Plugin Arbitrary Code Execution and XSS Vulnerabilities in jgraph/drawio Repository CSRF Vulnerability in WP Maintenance Mode & Coming Soon Plugin CSRF Vulnerability in Database Backup for WordPress Plugin CSRF Vulnerability in My wpdb WordPress Plugin Allows Arbitrary SQL Query Execution IP Spoofing Vulnerability in check_is_login_page() Function Bypassing Site Offline or Maintenance Mode Plugin in WordPress Vulnerability: IP Bypass in WP-Polls WordPress Plugin Stored Cross-Site Scripting Vulnerability in External Links in New Window / New Tab WordPress Plugin External Links in New Window / New Tab WordPress Plugin Vulnerability Reflected XSS Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.2.16: Executing JavaScript on Victim's Browser Unprotected Backup Generation and Download Vulnerability in Project Source Code Download WordPress Plugin PCRE2 Library Out-of-Bounds Read Vulnerability in compile_xclass_matchingpath() Function PCRE2 Library Out-of-Bounds Read Vulnerability in get_recurse_data_length() Function Vulnerability: Unauthenticated Settings Modification in Change wp-admin login WordPress Plugin Bludit 3.13.1 New Content Module Cross-Site Scripting Vulnerability CSRF Vulnerability in WordPress Ping Optimizer Plugin Server-Side Request Forgery (SSRF) Vulnerability in scout in GitHub Repository clinical-genomics/scout prior to v4.42 CSRF Vulnerability in Site Offline or Coming Soon WordPress Plugin CSRF Vulnerability in HC Custom WP-Admin URL WordPress Plugin Secret Login URL Leakage Vulnerability in HC Custom WP-Admin URL WordPress Plugin ABB REX640 PCL Vulnerability: Unauthorized Access to User Database and System Control Reflected Cross-Site Scripting Vulnerability in WPQA Builder WordPress Plugin Unauthenticated Access to Private Questions in WPQA Builder WordPress Plugin CSRF Vulnerability in Admin Management Xtended WordPress Plugin YOP Poll WordPress Plugin IP Bypass Vulnerability User Access Manager WordPress Plugin Prioritizes HTTP Headers Over REMOTE_ADDR, Allowing Access to Restricted Content Unresolved Security Vulnerability in HP ThinPro 7.2 SP8: Upgrade to SP9 Ineffective, SP10 Released for Remediation CSRF Vulnerability in Mail Subscribe List WordPress Plugin Reflected Cross-Site Scripting in MailerLite WordPress Plugin CSRF Vulnerability in Email Users WordPress Plugin Allows Unauthorized Notification Settings Modification Unmanaged Object Read Vulnerability in M-Files Server CSRF Vulnerability in ABB Pulsar Plus System Controller NE843_S and ABB Infinity DC Power Plant CSRF Vulnerability in OnePress Social Locker WordPress Plugin Arbitrary PHP Code Execution Vulnerability in School Management WordPress Plugin CSRF Vulnerability in Seamless Donations WordPress Plugin CSRF Vulnerability in Bulk Page Creator WordPress Plugin CSRF Vulnerability in Webriti SMTP Mail WordPress Plugin Bypassing IP-based Limitations in Restricted Site Access WordPress Plugin Vulnerability: IP Spoofing in WP-EMail WordPress Plugin Predictable Random Values Vulnerability in Samba's GnuTLS gnutls_rnd() Function Critical Use After Free Vulnerability in GitHub Repository vim/vim (CVE-2021-xxxx) CSRF and XSS Vulnerabilities in WP-Invoice WordPress Plugin CSRF and XSS Vulnerabilities in Coru LFMember WordPress Plugin Heap-based Buffer Overflow in cmdline_erase_chars function in Vim prior to 8.2.4899 NULL Pointer Dereference in vim_regexec_string function leads to Denial of Service in GitHub repository vim/vim Heap Buffer Overflow in vim_strncpy find_word in vim/vim prior to 8.2.4919: A Critical Vulnerability with Remote Execution Potential Out-of-Bounds Read Vulnerability in LibTIFF's LZWDecode Function Out-of-Bounds Read Vulnerability in LibTIFF's LZWDecode Function CSRF Vulnerability in Latest Tweets Widget WordPress Plugin CSRF Vulnerability in New User Approve WordPress Plugin CSRF and Stored XSS Vulnerabilities in Sharebar WordPress Plugin CSRF Vulnerability in My Private Site WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple SEO Plugin for WordPress Buffer Over-read in find_next_quote function in vim/vim prior to 8.2.4925: Potential for Software Crash, Memory Modification, and Remote Execution CSRF Vulnerability in WP-EMail WordPress Plugin Allows Unauthorized Log Deletion Account Takeover via Email Confirmation Bypass in Microweber Repository Improper Certificate Validation in Openshift Allows for Confidentiality Loss Use After Free Vulnerability in Sharesheet in Google Chrome on Chrome OS Use After Free Vulnerability in Google Chrome Browser UI Use After Free Vulnerability in Google Chrome Permission Prompts Heap Corruption Vulnerability in Google Chrome Performance APIs Cross-Origin Data Leakage Vulnerability in Google Chrome Heap Buffer Overflow in V8 Internationalization in Google Chrome: Remote Code Execution via Crafted HTML Page Use After Free Vulnerability in ANGLE in Google Chrome (prior to 101.0.4951.64) Allows Remote Heap Corruption Use After Free Vulnerability in Google Chrome's Sharing Feature Use After Free Vulnerability in Web UI Diagnostics in Google Chrome on Chrome OS Denial of Service Vulnerability in Swift-Corelibs-Foundation JSONDecoder Stored Cross-Site Scripting Vulnerability in Birthdays Widget WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Call&Book Mobile Bar WordPress Plugin Cross-Site Scripting Vulnerability in Amazon Link WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Real Estate Pack WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in FormCraft WordPress Plugin Relative Path Traversal Vulnerability in Pandora FMS v7.0NG.760 and Below Null Pointer Dereference Vulnerability in radareorg/radare2 Improper Handling of Sensitive Information in GitHub Repository eventsource/eventsource (prior to v2.0.2) Memory Leak Vulnerability in ACRN Device Model Emulation of Virtual NICs in Linux Kernel Concurrency Use-After-Free Vulnerability in Linux Kernel Allows Arbitrary Code Execution CSRF Vulnerability in Social Share Buttons by Supsystic WordPress Plugin Arbitrary Administrative Privilege Escalation in Jupiter Theme and JupiterX Core Plugin Insecure Session Cookie Creation in Horizon on Red Hat OpenStack Arbitrary Plugin Deactivation and API Key Update Vulnerability in JupiterX Theme (<=2.0.6) Path Traversal and Local File Inclusion Vulnerability in Jupiter and JupiterX Themes (<= 6.10.1 / <= 2.0.6) Arbitrary Plugin Deletion Vulnerability in Jupiter Theme (<= 6.10.1) Arbitrary Function Call Vulnerability in JupiterX Core Plugin (<= 2.0.6) Remote Code Execution Vulnerability in Untrusted Data Deserialization Arbitrary File Access Vulnerability Passing Red Hat Subscription Manager User Password via CLI in convert2rhel Playbook Vulnerability Insecure Javascript Access Token Generation in Stop Spam Comments WordPress Plugin Directory Traversal Vulnerability in Dpkg::Source::Archive Vulnerability: Insecure Boot Validation in Red Hat Enterprise Linux for IBM Power Architecture Weak Default Password for Web Application's Root User Vulnerability: Bypassing Client-side JavaScript Controls to Reboot PLC Default Root User Credentials Vulnerability Buffer Overflow Vulnerability in Device Management Web Portal Firewall Function Bypassing User Invitation Code Validity to Create Extra User Accounts NULL Pointer Dereference Vulnerability in rxrpc_preparse_s in Linux Kernel CSRF Vulnerability in Google PageSpeed WordPress Plugin (<=4.0.7) Allows Unauthorized Actions Reflected Cross-Site Scripting Vulnerability in WooCommerce Green Wallet Gateway WordPress Plugin NULL Pointer Dereference in vim_regexec_string function leads to Denial of Service in GitHub repository vim/vim OpenShift Container Platform: Malicious Payload Exploits Route Configuration Vulnerability Improper Update of Sock Reference in TCP Pacing: Remote Memory/Netns Leak Vulnerability Use-After-Free Vulnerability in Linux Kernel's Atheros Wireless Adapter Driver Account Takeover Vulnerability in GitLab EE with Group SAML SSO and SCIM Feature GitHub Repository Authentication Bypass Vulnerability in requarks/wiki (prior to 2.5.281) Critical Reflected XSS Vulnerability in neorazorx/facturascripts GitHub Repository (prior to 2022.07) SQL Injection Vulnerability in amtyThumb WordPress Plugin SQL Injection Vulnerability in Cube Slider WordPress Plugin SQL Injection Vulnerability in Five Minute Webshop WordPress Plugin SQL Injection Vulnerability in Five Minute Webshop WordPress Plugin SQL Injection Vulnerability in Logo Slider WordPress Plugin SQL Injection Vulnerability in Note Press WordPress Plugin SQL Injection Vulnerability in Note Press WordPress Plugin SQL Injection Vulnerability in Note Press WordPress Plugin SQL Injection Vulnerability in Realty Workstation WordPress Plugin SQL Injection Vulnerability in CP Image Store with Slideshow WordPress Plugin CSRF Vulnerability in Useful Banner Manager WordPress Plugin CSRF Vulnerability in WP Simple Adsense Insertion WordPress Plugin Unquoted Path Vulnerability in Okta Active Directory Agent Denial of Service Vulnerability in GitHub Repository CauseFX/Organizr Prior to 2.1.2000 Uncontrolled Resource Consumption Vulnerability in GitHub Repository causefx/organizr prior to 2.1.2000 XML External Entity (XXE) Vulnerability in Forcepoint Data Loss Prevention (DLP) and Related Products Hard-coded Encryption Key Vulnerability in SonicWall SMA1000 Series Firmware Open Redirection Vulnerability in SonicWall SMA1000 Series Firmware 12.4.0 and Earlier Remote Command Execution Vulnerability in SonicWall SSL-VPN SMA100 Series Management Interface XML External Entity (XXE) Vulnerability in Backup/Restore Functionality HTTP Request Smuggling via Acceptance of Invalid Transfer-Encoding Headers Data Confidentiality Vulnerability in Ignition Configs Accessible from Unprivileged Containers in VMware VMs Reflected Cross-Site Scripting Vulnerability in Google Tag Manager for WordPress Plugin CRI-O Memory and Disk Exhaustion Vulnerability CSRF Vulnerability in Throws SPAM Away WordPress Plugin Allows Unauthorized Comment Deletion Cross-Site Scripting Vulnerability in Appointment Hour Booking WordPress Plugin SSRF Vulnerability in jgraph/drawio prior to 18.0.5 CSRF Vulnerability in LiveSync for WordPress Plugin Allows Unauthorized Settings Modification Server-Side Request Forgery (SSRF) Vulnerability in GitHub Repository jgraph/drawio (prior to 18.0.4) Allows Unauthorized Access to Sensitive Information Out-of-bounds Read Vulnerability in radareorg/radare2 (prior to 5.7.0) GitHub Repository Account Takeover in neorazorx/facturascripts (prior to 2022.07) Bypassing Password/PIN Lock in Keep My Notes v1.80.147 Stored Cross-Site Scripting Vulnerability in Custom Share Buttons with Floating Sidebar WordPress Plugin Denial of Service (DoS) Vulnerability in trudesk Application Critical Reflected XSS Vulnerability in GitHub Repository polonel/trudesk (Prior to 1.2.2) Buffer Over-read in grab_file_name function in vim/vim prior to 8.2.4956: Crashing, Memory Modification, and Remote Execution Vulnerability Path Traversal Vulnerability in WellKnownServlet in jgraph/drawio GitHub Repository (CVE-2021-12345) SSRF Vulnerability in GitHub Repository jgraph/drawio: Exploiting IPv6 Link-Local Address for Proxy Access SSRF Vulnerability in jgraph/drawio prior to 18.0.6 Reflected Cross-Site Scripting in Simple Membership WordPress Plugin NULL Pointer Dereference Vulnerability in Vim Prior to 8.2.4959 HTML Injection and Data Exfiltration Vulnerability in Bootstrap Table Export Plug-in Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6: A Potential Security Breach Denial of Service Vulnerability in polonel/trudesk: Exploiting Long Passwords Race Condition in Linux Kernel's perf_event_open() Allows Privilege Escalation Stored Cross-site Scripting (XSS) Vulnerability in jgraph/drawio GitHub Repository (prior to 18.0.4) SQL Injection Vulnerability in Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 CSRF Vulnerability in Rename wp-login.php WordPress Plugin Heap-based Buffer Overflow in Vim prior to 8.2.4968 Use-after-free vulnerability in nfcmrvl_nci_unregister_dev() in Linux Kernel Buffer Overflow Vulnerability in vim/vim (prior to 8.2.4969) Out-of-Bounds Write Vulnerability in Pyramid Solutions' EtherNet/IP Kits Out-of-Bounds Read Vulnerability in Fuji Electric D300win Prior to Version 3.7.1.17 Vulnerability: Lack of Application Signature Validation in Dominion Voting Systems ImageCast X Vulnerability: Self-Attestation Mechanism Exploitation in Dominion Voting Systems ImageCast X Terminal Emulator Application Vulnerability in Dominion Voting Systems ImageCast X Android Safe Mode Reboot Vulnerability in Dominion Voting Systems ImageCast X Arbitrary Code Execution Vulnerability in Dominion Voting System ImageCast X Elevated Privilege Escalation Vulnerability in Dominion Voting Systems ImageCast X Vulnerability: Authentication Forgery in Dominion Voting Systems ImageCast X Allows Unauthorized Administrative Access Vulnerability in Dominion Voting Systems ImageCast X Authentication Mechanism Exposes Cryptographic Secrets and Election Information Forgery Vulnerability in Dominion Voting Systems ImageCast X Authentication Mechanism NULL Pointer Dereference Vulnerability in Softing OPC UA C++ Server SDK and Related Products Cross-Site Request Forgery Vulnerability in WPMK Ajax Finder WordPress Plugin Stored Cross-Site Scripting Vulnerability in Sticky Popup Plugin for WordPress Unrestricted File Upload Vulnerability in GitHub Repository polonel/trudesk prior to 1.2.2 Critical Remote Code Execution Vulnerability in WoWonder Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2: Vulnerability in Ticket Management System Cross-Site Scripting Vulnerability in SVG Support WordPress Plugin Reflected XSS vulnerability in Newsletter WordPress Plugin before 7.4.5 CSRF and Stored XSS Vulnerabilities in Pagebar WordPress Plugin CSRF Vulnerability in Genki Pre-Publish Reminder WordPress Plugin CSRF and Stored XSS Vulnerabilities in RB Internal Links WordPress Plugin CSRF Vulnerability in Core Control WordPress Plugin CSRF Vulnerability in Peter's Collaboration E-mails WordPress Plugin Bypassing IP Block Feature in iQ Block Country WordPress Plugin Vulnerability: CSRF and Stored XSS in Static Page eXtended WordPress Plugin CSRF Vulnerability in WP-chgFontSize WordPress Plugin Allows Stored XSS CSRF Vulnerability in Hot Linked Image Cacher WordPress Plugin Improper Credential Storage in Anchore Enterprise anchorectl Version 0.1.4 SSRF Vulnerability in jgraph/drawio prior to 18.0.7 Unauthenticated SQL Injection Vulnerability in RSVPMaker Plugin for WordPress Buffer Over-read Vulnerability in GitHub Repository vim/vim (CVE-2021-3770) Privilege Escalation in GitHub Repository polonel/trudesk prior to 1.2.2 Uncontrolled Recursion Vulnerability in vim/vim Repository (CVE-2021-3049) Unescaped API Key Vulnerability in Google Places Reviews WordPress Plugin Reflected Cross-Site Scripting in WP Athletics WordPress Plugin Unauthorized Access to Sensitive Information in GitHub Repository jgraph/drawio (prior to 18.0.7) Insecure Password Policy in GitHub Repository polonel/trudesk prior to 1.2.2 Stored Cross-Site Scripting Vulnerability in Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress Plugin Unauthenticated File Upload and Arbitrary File Deletion Vulnerability in Filr WordPress Plugin Buffer-Overflow Vulnerability in Hitachi Energy MicroSCADA X SYS600 CSRF Vulnerability in Auto Delete Posts WordPress Plugin CSRF and Stored XSS Vulnerability in LaTeX for WordPress Plugin CSRF and Stored XSS Vulnerability in postTabs WordPress Plugin Cross-site Scripting (XSS) Vulnerability in GitHub Repository erudika/para prior to v1.45.11 Unauthorized Member Addition Vulnerability in GitLab CE/EE SSRF Vulnerability in jgraph/drawio prior to 18.0.8 Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2.4977 Use-After-Free Vulnerability in Linux Kernel's io_uring Subsystem Allows Privilege Escalation CSRF Vulnerability in Sideblog WordPress Plugin Allows for Stored Cross-Site Scripting CSRF Vulnerability in Change Uploaded File Permissions WordPress Plugin NULL Pointer Dereference Vulnerability in INVPCID Instruction with CR0.PG=0 CSRF Vulnerability in New User Email Set Up WordPress Plugin CSRF Vulnerability in One Click Plugin Updater WordPress Plugin CSRF Vulnerability in Quick Subscribe WordPress Plugin Leading to Stored XSS CSRF Vulnerability in Private Files WordPress Plugin Allows Unauthorized Public Access Insecure Storage of PLC Passwords in CODESYS OPC DA Server Configuration File Use After Free Vulnerability in gpac/gpac prior to v2.1.0-DEV Critical Use After Free Vulnerability in vim/vim Prior to 8.2.4979 Denial-of-Service Vulnerability in Rockwell Automation Logix Controllers Path Traversal Vulnerability in KubeVirt Allows Unauthorized File Access Vulnerability: Incorrect Signature Trust in Google Play services SDK SQL Injection Vulnerability in Export any WordPress data to XML/CSV Plugin Vulnerability: Exposed Captcha Solution in Very Simple Contact Form WordPress Plugin Prototype Pollution in Array Object: Remote Code Execution in Privileged Context UI Layer or Frame Restriction Vulnerability in GitHub Repository polonel/trudesk (prior to version 1.2.2) Unverified SHA256 Vulnerability in PCoIP Zero Clients when Connecting to Amazon Workspaces Reflected Cross-site Scripting (XSS) Vulnerability in rtxteam/rtx Repository SQL Injection Vulnerabilities in Sophos Firewall Webadmin: Privilege Escalation from Admin to Super-Admin Unnecessary Privilege Execution in GitHub Repository polonel/trudesk prior to 1.2.3 Uninitialized Pointer Access Vulnerability in radareorg/radare2 (prior to 5.7.0) GitHub Repository Authorization Bypass Vulnerability in Publify/Publify (prior to 9.2.9) Unrestricted File Upload Vulnerability in GitHub Repository Publify/Publify prior to 9.2.9 Integer Overflow or Wraparound in publify/publify prior to 9.2.10 OS Command Injection in rengine 1.2.0 and earlier versions Stored Cross-Site Scripting Vulnerability in WP Admin Style WordPress Plugin Unauthorized Access to Sensitive Information in GitHub Repository jgraph/drawio (prior to 18.1.2) Authenticated Cross Site Scripting in Zoo Management System 1.0 Authenticated Cross-Site Scripting Vulnerability in Badminton Center Management System CSRF Vulnerability in Multi-page Toolkit WordPress Plugin Allows for Stored Cross-Site Scripting Authenticated Cross Site Scripting in Student Information System 1.0 Reflected Cross-Site Scripting Vulnerability in Keep Backup Daily WordPress Plugin (Versions up to 2.0.2) Subgroup Member Access to Parent Group Members List Vulnerability Reflected Cross-Site Scripting Vulnerability in Zephyr Project Manager Plugin for WordPress Privilege Escalation Vulnerability in McAfee Consumer Product Removal Tool Uncontrolled Search Path Vulnerability in McAfee Consumer Product Removal Tool Allows for Sideloading Attack Reflected Cross-site Scripting (XSS) Vulnerability in collectiveaccess/providence prior to 1.8 CSRF Vulnerability in Cross-Linker WordPress Plugin CSRF Vulnerability in PDF24 Article To PDF WordPress Plugin CSRF Vulnerability in PDF24 Articles To PDF WordPress Plugin CSRF Vulnerability in Inline Google Maps WordPress Plugin Allows for Stored XSS CSRF Vulnerability in Amazon Einzeltitellinks WordPress Plugin Allows Stored XSS CSRF Vulnerability in WPlite WordPress Plugin Allows Unauthorized Settings Modification CSRF Vulnerability in CaPa Protect WordPress Plugin Privilege Escalation Vulnerability in AMQ Broker Operator 7.9.4 Email Spoofing Vulnerability in Thunderbird: Arbitrary Sender Address with Invisible Braille Spaces Remote Code Execution Vulnerability in Home Clean Services Management System 1.0 Critical SQL Injection Vulnerability in Home Clean Services Management System 1.0 Critical SQL Injection Vulnerability in Home Clean Services Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Home Clean Services Management System 1.0 Out-of-Bounds Write Vulnerability in tcp_flags Function CSRF Vulnerability in OpenBook Book Data WordPress Plugin Leads to Stored Cross-Site Scripting CSRF Vulnerability in MailPress WordPress Plugin Allows Unauthorized Settings Changes and Log File Purging CSRF Vulnerability in WP Sentry WordPress Plugin Allows for Stored Cross-Site Scripting CSRF Vulnerability in WP Post Styling WordPress Plugin CSRF Vulnerability in Tiny Contact Form WordPress Plugin CSRF Vulnerability in Rotating Posts WordPress Plugin Critical Business Logic Vulnerability in erudika/para GitHub Repository (prior to 1.45.11) Session Fixation Vulnerability in FileGator GitHub Repository (prior to version 7.8.0) GitHub Repository Path Traversal Vulnerability in FileGator Prior to 7.8.0 Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 NULL Pointer Dereference Vulnerability in Linux Kernel's KVM Module Leads to Denial of Service Indexed DB Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in ANGLE in Google Chrome Remote Code Execution Vulnerability in Google Chrome Messaging Use After Free Vulnerability in User Education in Google Chrome File System API Policy Enforcement Bypass in Google Chrome Out of Bounds Read Vulnerability in Google Chrome DevTools Use After Free Vulnerability in Google Chrome's Performance Manager Use After Free Vulnerability in Google Chrome UI Foundations Use After Free Vulnerability in Google Chrome on Chrome OS Profile Bypass Vulnerability in Google Chrome Extensions Use After Free Vulnerability in Tab Groups in Google Chrome Use After Free Vulnerability in WebApp Installs in Google Chrome Use After Free Vulnerability in Bookmarks in Google Chrome Use After Free Vulnerability in Google Chrome Tablet Mode Bypassing Same Origin Policy via Crafted Clipboard Content in Google Chrome Bypassing Navigation Restrictions via Malicious Extension in Google Chrome Type Confusion Vulnerability in V8: Remote Heap Corruption in Google Chrome Heap Corruption Vulnerability in Google Chrome App Service File System Policy Bypass Vulnerability in Google Chrome Bypassing Downloads Policy via Malicious Extension Installation in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Bypassing Downloads Protection Policy in Safe Browsing on Google Chrome for Mac Cross-Origin Data Leakage in Google Chrome PDF Viewer Heap Buffer Overflow in DevTools in Google Chrome: Exploiting Heap Corruption via Malicious Extension Insecure Direct Object Reference Vulnerability in Octopus Server Allows Unauthorized Project Export Downloads Use-After-Free Vulnerability in Linux Kernel's Pipes Functionality SQL Injection Vulnerability in camptocamp/terraboard prior to 2.2.0 CSRF Vulnerability in Cimy Header Image Rotator WordPress Plugin Heap-based Buffer Overflow in Vim prior to version 8.2 SQL Injection Vulnerability in Firefox for iOS < 101 Stack-Based Buffer Overflow in Alpha7 PC Loader: Arbitrary Code Execution Vulnerability Stored Cross-Site Scripting Vulnerability in Newsletter WordPress Plugin Buffer Overflow Vulnerability in Lenovo Notebook ReadyBootDxe Driver Buffer Overflow Vulnerability in Lenovo Notebook SystemLoadDefaultDxe Driver Buffer Overflow Vulnerability in Lenovo Notebook SystemBootManagerDxe Driver Sensitive Information Exposure in GitHub Repository polonel/trudesk prior to 1.2.3 Stored Cross-Site Scripting Vulnerability in Popup Builder WordPress Plugin CSRF Vulnerability in underConstruction WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in underConstruction WordPress Plugin Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2 Use After Free Vulnerability in GitHub Repository vim/vim (prior to version 8.2) Out-of-bounds Read Vulnerability in radareorg/radare2 (prior to 5.7.0) Cross-Site Request Forgery vulnerability in Copify WordPress Plugin (up to version 1.3.0) allows unauthorized modification of plugin settings Sensitive Variable Unmasking Vulnerability in Octopus Deploy Vulnerability: Unauthorized Access to Notifier Secrets in Red Hat Advanced Cluster Security for Kubernetes ARMember WordPress Plugin Account Takeover Vulnerability Reflected Cross-Site Scripting in Pricing Tables WordPress Plugin SQL Injection Vulnerability in Events Made Easy WordPress Plugin Reflected Cross-Site Scripting in Copyright Proof WordPress Plugin Buffer Over-read Vulnerability in libmobi GitHub Repository (Version 0.11 and earlier) Buffer Over-read Vulnerability in libmobi GitHub Repository (Version 0.11 and earlier) Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository causefx/organizr prior to 2.1.2200 Reflected Cross-Site Scripting in Phlox WordPress Plugin (Versions before 2.9.8) Unauthenticated Access to Operating System Information in M-Files Server Cross-Site Request Forgery Vulnerability in Button Widget Smartsoft Plugin for WordPress CSRF Vulnerability in Add Post URL WordPress Plugin Allows for Stored Cross-Site Scripting CSRF Vulnerability in Clean-Contact WordPress Plugin Allows for Stored XSS Unescaped Settings Vulnerability in WP Zillow Review Slider WordPress Plugin Reflected Cross-Site Scripting in Active Products Tables for WooCommerce Plugin Cross-Site Request Forgery Vulnerability in ToolBar to Share WordPress Plugin (up to version 2.0) Heap Corruption Vulnerability in Google Chrome Codecs Heap Overwrite Vulnerability in matroskademux Element: Potential for Arbitrary Code Execution Heap Overwrite Vulnerability in gst_avi_demux_invert Function Allows Arbitrary Code Execution Potential Heap Overwrite in MKV Demuxing with Zlib Decompression Potential Heap Overwrite Vulnerability in MKV Demuxing with Bzip Decompression Potential Heap Overwrite in MKV Demuxing with LZO Decompression Heap Overflow Vulnerability in Matroska Parsing GitHub Repository polonel/trudesk Prior to 1.2.3: Integer Overflow or Wraparound Vulnerability Buffer Over-read in Vim prior to version 8.2 Stored Cross-site Scripting (XSS) Vulnerability in go-gitea/gitea prior to 1.16.9 Exponential ReDoS Vulnerability in devcert npm Package's certificateFor Method Exponential ReDoS Vulnerability in eth-account PyPI Package's encode_structured_data Method Lack of Synchronization in GitHub Repository polonel/trudesk prior to 1.2.3 Reflected Cross-Site Scripting Vulnerability in Rezgo Online Booking WordPress Plugin Reflected Cross-Site Scripting in CDI WordPress Plugin Use After Free Vulnerability in mruby/mruby prior to version 3.2 GitLab EE Authorization Bypass Vulnerability GitLab EE Authorization Bypass Vulnerability Reflected Cross-Site Scripting in Awin Data Feed WordPress Plugin Stored Cross-Site Scripting Vulnerability in Awin Data Feed WordPress Plugin Unrestricted File Upload Vulnerability in Allow SVG Files WordPress Plugin Stored Cross-Site Scripting Vulnerability in Jira Integration in GitLab EE Parsing Vulnerability in ProtocolBuffers (versions <= 3.21.5 for protobuf-cpp and <= 4.21.5 for protobuf-python) Leading to Out of Memory Failures Heap-based Buffer Overflow in Vim prior to version 8.2 execute arbitrary code. Improper Authorization in Interactive Web Terminal Allows Unauthorized Access to Running Jobs in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in Coming Soon & Maintenance Mode by Colorlib WordPress Plugin Reflected Cross-Site Scripting in Gallery WordPress Plugin before 2.0.0 Improper Operator Usage in polonel/trudesk GitHub Repository (prior to 1.2.3) XSS Vulnerability in GitLab's Quick Actions Critical Access Control Bypass Vulnerability in 389-ds-base Unauthenticated SQL Injection in Youzify WordPress Plugin Reflected Cross-Site Scripting in kitestudio WordPress Plugin Arbitrary File Upload and Remote Code Execution in Free Booking Plugin for WordPress Arbitrary File Deletion Vulnerability in Product Configurator for WooCommerce WordPress Plugin GitLab CE/EE Regular Expression Denial of Service Vulnerability Physical Access Vulnerability: Bypassing Password/PIN Lock on Session 1.13.0 Vulnerability: Lack of Authorization and CSRF Checks in Shortcut Macros WordPress Plugin CSRF Vulnerability in Comment License WordPress Plugin Critical Remote Code Execution Vulnerability in FileCloud's NTFS Handler Biometric Authentication Bypass in AppLock Version 7.9.29 CSRF Vulnerability in MyCSS WordPress Plugin Allows Unauthorized Settings Modification Stored Cross-Site Scripting Vulnerability in Google Tag Manager for WordPress (GTM4WP) Plugin Stack Exhaustion Vulnerability in go/parser GitLab Account Security Vulnerability: Unauthenticated Access to Two-Factor Authentication Status Unsanitized SVG Upload Vulnerability in Easy SVG Support WordPress Plugin Improper Error Handling in CODESYS Products Allows Remote File Deletion CSRF and Stored XSS Vulnerabilities in WP Championship WordPress Plugin Use After Free Vulnerability in GitHub Repository vim/vim (prior to version 8.2) Cross-Site Request Forgery Vulnerability in Mobile Browser Color Select Plugin for WordPress Open Redirect Vulnerability in Keycloak 18.0.0 via redirect_uri Parameter Stored Cross-Site Scripting Vulnerability in NextCellent Gallery WordPress Plugin Use-After-Free Vulnerability in Linux Kernel's NTFS Journal Handling Race Condition in Linux Kernel's NFC Core Functionality Allows Information Leakage Sleep-in-Atomic Bug in /net/nfc/netlink.c: Exploiting NFC Device Simulation to Crash Linux Kernel Use-after-free vulnerability in Linux kernel's IO-URING implementation allows for memory corruption and privilege escalation Blind SSRF Vulnerability in Import Export All WordPress Images, Users & Post Types Plugin Cross-Site Scripting (XSS) Vulnerability in SourceCodester Product Show Room Site 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Product Show Room Site 1.0 Bypassing Domain Allow-List in GitLab Group Invitations Server Crash Vulnerability via Crafted SVG Attachment in Mattermost 6.6.0 and Earlier Unauthorized Access to GitLab Container Registries via Deploy Key or Deploy Token Unsafe Deserialization Vulnerability in HYPR Windows WFA Versions Prior to 7.2 Reflected Cross-Site Scripting Vulnerability in Download Manager Plugin for WordPress OS Command Injection in Gogs GitHub Repository Prior to Version 0.12.9 Buffer Over-read Vulnerability in libmobi GitHub Repository (Version 0.11 and earlier) Cross-site Scripting (XSS) Vulnerability in neorazorx/facturascripts Repository Information Exposure in CODESYS Visualization Login Dialog Stored Cross-Site Scripting Vulnerability in Nested Pages WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Fast Food Ordering System 1.0 GitHub Repository Path Traversal Vulnerability in gogs/gogs prior to 0.12.9 GitHub Repository Path Traversal Vulnerability in gogs/gogs prior to 0.12.9 Cross-Site Scripting (XSS) Vulnerability in Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress Plugin Cross-Site Scripting Vulnerability in Malware Scanner WordPress Plugin GitHub Repository Authorization Bypass Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in francoisjacquet/rosariosis prior to 9.0 Use After Free Vulnerability in Linux Kernel File System Notify Functionality Unauthorized Label Description Modification Vulnerability in GitLab CE/EE Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2 Arbitrary Code Execution in fish Shell via Git Repository Configuration Arbitrary Path Mounting Vulnerability in incfs on Android-12L (A-198657657) Improper Input Validation in checkSlicePermission Allows Unauthorized Access to Slice URIs APK Validation Bypass Vulnerability in PackageInstallerSession Race condition vulnerability in KeyguardServiceWrapper.java allows brief lockscreen bypass Race condition vulnerability allows app overlay and local privilege escalation Uninitialized Data Vulnerability in mmc_blk_read_single of Android Kernel Out of Bounds Write Vulnerability in Android USB Gadget Subsystem Cross-Site Request Forgery Vulnerability in DX Share Selection Plugin for WordPress Out of Bounds Read Vulnerability in l2cble_process_sig_cmd of l2c_ble.cc Notification Leak Vulnerability in getArray Method of NotificationManagerService Integer Overflow Vulnerability in MDP Driver Allows Local Privilege Escalation Race condition vulnerability in Vow Driver allows for local privilege escalation Memory Corruption Vulnerability in Vow Driver Allows Local Privilege Escalation Uninitialized Data in kd_camera_hw Driver Leads to Local Information Disclosure Memory Corruption Vulnerability in Vow Driver: Local Privilege Escalation without User Interaction Information Disclosure Vulnerability in ion driver Uninitialized Data Vulnerability in Seninf Driver: Local Information Disclosure Information Disclosure Vulnerability in libMtkOmxGsmDec Arbitrary Code Execution Vulnerability in GE CIMPICITY Versions 2022 and Prior Information Disclosure Vulnerability in libvcodecdrv Bluetooth Denial of Service Vulnerability Bluetooth Link Disconnection Vulnerability Bluetooth Denial of Service Vulnerability: LMP_AU_rand Packet Flooding Possible Local Privilege Escalation Vulnerability in System Service Bluetooth Out of Bounds Write Vulnerability Bluetooth Out of Bounds Write Vulnerability Bluetooth Out of Bounds Write Vulnerability Bluetooth Out of Bounds Write Vulnerability Out of Bounds Read Vulnerability in cmdq Driver AutomationDirect DirectLOGIC D0-06 Series CPUs Vulnerability: Cleartext Password Disclosure Stack-based Buffer Overflow in Vow Driver Allows for Local Privilege Escalation Possible Memory Corruption Vulnerability in fb driver Race condition vulnerability in Vow Driver allows for local information disclosure Camera Driver Out of Bounds Read Vulnerability Improper Certificate Validation in Preloader XFLASH Allows Local Privilege Escalation Possible Information Disclosure Vulnerability in VCU Driver Information Disclosure Vulnerability in ion driver Incorrect Bounds Check in ion driver leads to Local Information Disclosure Memory Corruption Vulnerability in CCU Driver: Local Privilege Escalation without User Interaction Integer Overflow Vulnerability in CCU Driver Allows for Local Privilege Escalation Denial-of-Service Vulnerability in AutomationDirect DirectLOGIC D0-06 Series CPUs Stack-based Buffer Overflow in power_hal_manager_service Allows Local Privilege Escalation Bluetooth Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Information Disclosure Vulnerability Bluetooth Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Use After Free Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Use After Free Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Memory Corruption Vulnerability Out of Bounds Write Vulnerability in Video Decoder Unbounded Write Vulnerability in Video Decoder Allows Local Privilege Escalation Possible Local Privilege Escalation Vulnerability in VPU Insecure Credential Transport in AutomationDirect C-more EA9 Webserver Possible Local Privilege Escalation Vulnerability in connsyslogger Privilege Assignment Vulnerability in IMS Service Allows Local Denial of Service Possible Memory Corruption Vulnerability in mdp with Use After Free Possible Privilege Escalation Vulnerability in IMS Service AT Command Injection Vulnerability in IMS Service Preloader (USB) Out of Bounds Write Vulnerability: Local Privilege Escalation Preloader (USB) Out of Bounds Write Vulnerability Allows Local Privilege Escalation Possible Memory Corruption Vulnerability in btif with Incorrect Error Handling Preloader (USB) Out of Bounds Write Vulnerability: Local Privilege Escalation Preloader (USB) Out of Bounds Write Vulnerability: Local Privilege Escalation AutomationDirect DirectLOGIC DLL Vulnerability in Installation Process Preloader USB Vulnerability: Local Privilege Escalation via Permission Bypass Possible Memory Corruption Vulnerability: Local Privilege Escalation via Use After Free in mdp Possible Out of Bounds Write Vulnerability in ATF (SPM) Kernel Pointer Leak Vulnerability in ccci with Local Information Disclosure Possible Out of Bounds Read Vulnerability in ccci Potential Information Leak in ATF (HWFDE) with Incorrect Error Handling Out of Bounds Write Vulnerability in mdp Improper Link Resolution Vulnerability in mobile_log_d USB Preloader Integer Overflow Vulnerability Allows Local Privilege Escalation WebGPU Use After Free Vulnerability in Google Chrome Out of Bounds Write Vulnerability in ssmr Missing Certificate Validation Vulnerability in CCU Allows for Privilege Escalation Vulnerability: Local Privilege Escalation via Incorrect Comparison in Search Engine Service USB Preloader Integer Underflow Vulnerability Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Preloader Partition Integer Overflow Vulnerability in ged: Local Privilege Escalation without User Interaction (Patch ID: ALPS05838808; Issue ID: ALPS05838808) Memory Corruption Vulnerability in ged with Incorrect Error Handling Race condition vulnerability in vow allows for local privilege escalation Race condition vulnerability in vow allows for local privilege escalation Uninitialized Data Read Vulnerability in Vow with Local Information Disclosure Double Free Vulnerability in WebGL in Google Chrome Race condition vulnerability in SUB2AF allows for local privilege escalation Improper Certificate Validation in A-GPS Allows for Man-in-the-Middle Attack Race Condition Vulnerability in GPU Allows for Local Privilege Escalation Remote Code Execution Vulnerability in Modem 2G/3G CC Telephony Vulnerability: Unauthenticated Disabling of Emergency Broadcasts Improper Link Resolution Vulnerability in netdiag Possible Out of Bounds Write Vulnerability in CCU Possible Local Privilege Escalation in AEE Driver due to Reference Count Mistake Memory Corruption Vulnerability in AEE Driver with Debug Code Race condition vulnerability in aee driver allows for local privilege escalation Race condition vulnerability in aee driver allows for local privilege escalation Out of Bounds Read Vulnerability in ALAC Decoder SMS Message Disabling Vulnerability in Telephony Out of Bounds Write Vulnerability in imgsensor Out of Bounds Write Vulnerability in imgsensor Uninitialized Data Vulnerability in Camera Software: Local Information Disclosure Race condition vulnerability in aee daemon allows for local information disclosure Missing Permission Check in aee Daemon Allows Local Information Disclosure Out of Bounds Write Vulnerability in aee Daemon Sandbox Escape Vulnerability in Google Chrome's Compositing Possible Information Disclosure in aee Daemon due to Missing Permission Check Path Traversal Vulnerability in aee Daemon Allows Local Information Disclosure Missing Permission Check in aee Daemon Allows Local Information Disclosure Symbolic Link Following Vulnerability in aee Daemon Improper Access Control in aee Daemon Allows Local Information Disclosure Stack-based Buffer Overflow Vulnerability in MM Service Heap-based Buffer Overflow Vulnerability in MM Service Integer Overflow Vulnerability in Subtitle Service Stack-based Buffer Overflow Vulnerability in Voice Service Improper Reference Count Update Vulnerability in ion Use After Free Vulnerability in ANGLE in Google Chrome Race Condition Vulnerability in ion Leading to Local Privilege Escalation Possible Use After Free Vulnerability in ion Possible Privilege Escalation Vulnerability in PrivateDnsPreferenceController.java Possible Local Privilege Escalation in DefaultUsbConfigurationPreferenceController.java Foreground Service Permission Bypass Vulnerability in TelecomManager's placeCall Method Missing Permission Check in broadcastServiceStateChanged of TelephonyRegistry.java Allows Base Station Information Disclosure Intent Redirection Vulnerability in OngoingCallController.kt Allows for Local Privilege Escalation Possible Local Data Disclosure Vulnerability in Android GSC Encryption Race condition vulnerability in ion_ioctl and related functions of ion.c allows for local privilege escalation without additional execution privileges. Uninitialized Data in private_handle_t of mali_gralloc_buffer.h Leads to Local Information Disclosure Android Kernel Vulnerability: A-203213034 Potential ICCID Disclosure Vulnerability in USCCDMPlugin.java PowerVR GPU Driver Vulnerability: Unprivileged App Exploitation for Kernel Memory Corruption Out of Bounds Read Vulnerability in phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp Guest User Privilege Escalation in deletePackageX of DeletePackageHelper.java Sandbox Escape Vulnerability in GBoard Allows Bypassing Factory Reset Protections Potential Local Privilege Escalation in Bluetooth Discovery Mode in Android Double Free Vulnerability in ce_t4t_data_cback of ce_t4t.cc Allows Remote Code Execution Improper Input Validation in registerPhoneAccount of PhoneAccountRegistrar.java Allows Local Denial of Service Script Console Access Vulnerability in Octopus Server (Versions 2022.1.1495 - 2022.1.2647) Heap Buffer Overflow in transportDec_OutOfBandConfig of tpdec_lib.cpp Out-of-Bounds Read Vulnerability in nci_proc_rf_management_ntf of nci_hrcv.cc Out of Bounds Read Vulnerability in lg_probe and Related Functions of hid-lg.c Missing Permission Check in setDiscoverableTimeout of AdapterService.java Improper Input Validation in readArguments of CallSubjectDialog.java Allows for Phone Number Spoofing Possible Parcel Format Mismatch in GateKeeperResponse.java Allows Local Privilege Escalation Potential Local Privilege Escalation in NetworkProviderSettings.java Unprivileged App Can Escalate Privileges via ACTION_MANAGED_PROFILE_PROVISIONED Intent in DevicePolicyManagerService Code Injection Vulnerability in jgraph/drawio (prior to 19.0.2) Out-of-Bounds Write Vulnerability in read_multi_rsp of gatt_sr.cc Use-after-free vulnerability in ip_check_mc_rcu in igmp.c allows local users to gain privileges via crafted system calls that trigger IGMP membership updates in incorrect situations. Possible Arbitrary Code Execution in GeofenceHardwareRequestParcelable.java Possible Permanent Denial of Service Vulnerability in addAutomaticZenRule of ZenModeHelper.java Confused Deputy Vulnerability in AvatarPhotoController.java Allows Unauthorized Access to System Content Providers Possible VPN Credential Retrieval via Protocol Downgrade Attack in Android Possible Local Information Disclosure Vulnerability in FileUploadServiceImpl.java Out of Bounds Write Vulnerability in nfa_dm_check_set_config of nfa_dm_main.cc Race condition vulnerability leading to use-after-free in Android kernel Android Kernel Vulnerability: A-211685939 Stored Cross-site Scripting (XSS) Vulnerability in jgraph/drawio GitHub Repository (prior to version 19.0.2) Android Kernel Vulnerability: A-210712565 Out of Bounds Write Vulnerability in TitanM Chip Allows Local Privilege Escalation Use-after-free vulnerability in rcu_cblist_dequeue of rcu_segcblist.c allows for local privilege escalation Race condition vulnerability in lock_sock_nested in sock.c allows for use after free, leading to local privilege escalation on Android. Race condition vulnerability in ipu_core_jqs_msg_transport_kernel_write_sync in ipu-core-jqs-msg-transport.c allows for local privilege escalation without additional execution privileges needed Arbitrary Code Execution Vulnerability in unflatten of GraphicBuffer.cpp Use-after-free vulnerability in bdi_put and bdi_unregister in backing-dev.c Out-of-bounds Read Vulnerability in asn1_ec_pkey_parse of acropora/crypto/asn1_common.c Reflected Cross-Site Scripting (XSS) Vulnerability in neorazorx/facturascripts (prior to 2022.1) Android Kernel Vulnerability: A-210083655 Out-of-bounds Read Vulnerability in asn1_p256_int of Android Kernel Android Kernel Vulnerability: A-204891956 Out-of-bounds Read Vulnerability in asn1_parse of asn1.c Heap Buffer Overflow in Android Kernel Base Drivers Android Kernel Vulnerability: A-204956204 Android Kernel Vulnerability: A-210594998 Android Kernel Vulnerability: A-211162353 Critical SQL Injection Vulnerability in SourceCodester Prison Management System 1.0 Android Kernel Vulnerability: A-209421931 Android Kernel Vulnerability: A-215565667 Missing Permission Check in onbind of ShannonRcsService.java Allows for Local Information Disclosure Android Kernel Vulnerability: A-207116951 Out of Bounds Read Vulnerability in exynos_secEnv_init of mach-gs101.c Android Kernel Vulnerability: A-209252491 Uninitialized Memory Read Vulnerability in auth_store of sjtag-driver.c Android Kernel Vulnerability: A-209906686 Integer Overflow Vulnerability in ioctl_dpm_qos_update and ioctl_event_control_set of (TBD) Android Kernel Vulnerability: A-211683760 Critical SQL Injection Vulnerability in SourceCodester Prison Management System 1.0 Arbitrary Code Execution Vulnerability in mali_gralloc_reference.cpp Android Kernel Vulnerability: A-210936609 Missing Permission Check in handle_ramdump of pixel_loader.c Allows for Non-Secure Memory Ramdump and Local Information Disclosure Out-of-bounds Write Vulnerability in hypx_create_blob_dmabuf of faceauth_hypx.c Android Kernel Vulnerability: A-209153114 Possible Use After Free Bug in Android Kernel (A-208842348) Allows Local Escalation of Privilege Arbitrary Code Execution in kbase_mem_alias of mali_kbase_mem_linux.c Android Kernel Vulnerability: A-207254598 Critical Remote Code Execution Vulnerability in SourceCodester Prison Management System 1.0 Android Kernel Vulnerability: A-208744915 Android Kernel Vulnerability: A-209324757 Potential Local Privilege Escalation in Android-12L: GrantEmbeddedWindowFocus Vulnerability Incorrect Permission Attribution in getUniqueUsagesWithLabels of PermissionUsageHelper.java Possible Permission Bypass in ChooseLockGeneric.java in Android-12L Unsafe Deserialization in Keystore Library Allows for Local Denial of Service in Android-12L Permission Bypass Vulnerability in Gallery3D and Photos: Local Information Disclosure Permission Bypass Vulnerability in Parcel.java Allows Foreground Activity Start Out of Bounds Read Vulnerability in llcp_dlc_proc_connect_pdu of llcp_dlc.cc NFC Tag Disclosure Vulnerability in Android's NfcService.java Cross-Site Scripting (XSS) Vulnerability in SourceCodester Prison Management System 1.0 Potential Information Disclosure Vulnerability in SoftApManager.java Out of Bounds Read Vulnerability in getAppSize of InstalldNativeService.cpp Heap Buffer Overflow in ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c Memory Corruption Vulnerability in Nanopb Library Potential Local Privilege Escalation via Falsified Bug Reports in DevicePolicyManagerService.java Improper Input Validation in isFileUri of FileUtil.java Allows Local Information Disclosure Missing Permission Check in setPackageOrComponentEnabled of NotificationManagerService.java Insecure Default Value in GattServiceConfig.java Allows Permission Bypass and Privilege Escalation Out-of-bounds Read Vulnerability in parseRecursively of cppbor_parse.cpp Possible Heap Buffer Overflow in hme_add_new_node_to_a_sorted_array of hme_utils.c Remote Code Execution Vulnerability in Android SoC Modem Parsing Code Possible EoP Vulnerability in wifi.RequestToggleWifiActivity of AndroidManifest.xml Possible Denial of Service (DoS) Vulnerability in ApplicationsDetailsActivity of AndroidManifest.xml Tapjacking Vulnerability in Car Settings App Allows Unauthorized Modification of System Settings Possible Factory Reset Vulnerability in MasterClearConfirmFragment.java Android Exported Setting Allows Unauthorized Access to com.sprd.firewall Unauthorized Broadcast Vulnerability in SprdContactsProvider Permission Bypass Vulnerability in PermissionController Unencrypted User Directories Vulnerability in Android Storage and User Manager Services Stored Cross-site Scripting (XSS) Vulnerability in nocodb/nocodb prior to 0.91.7 Path Traversal Vulnerability in openFile of CallLogProvider.java Out-of-Bounds Read Vulnerability in avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc Out of Bounds Write Vulnerability in read_attr_value of gatt_db.cc Potential Local Privilege Escalation in AppRestrictionsFragment.java Out-of-bounds Read Vulnerability in AT_SKIP_REST of bta_hf_client_at.cc Missing Permission Check in getSubscriptionProperty of SubscriptionController.java Allows Local Information Disclosure Tapjacking Vulnerability in Android's WindowManagerService Heap Buffer Overflow in USB Driver: Local Information Disclosure Vulnerability Use-after-free vulnerability in C2DmaBufAllocator.cpp allows for remote information disclosure Out-of-Bounds Write Vulnerability in bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc Privilege Escalation Vulnerability in polonel/trudesk prior to 1.2.4 Improper Input Validation in choosePrivateKeyAlias of KeyChain.java Allows Local Information Disclosure Out-of-bounds Write Vulnerability in smc_intc_request_fiq of arm_gic.c Out-of-Bounds Write Vulnerability in param_find_digests_internal Function of Titan-M Source Misleading Notification Access Permission Vulnerability Memory Corruption Vulnerability in PowerVR GPU Kernel Driver Out-of-Bounds Vulnerability in Android DRM Driver: System Crash and Elevation of Privilege (EOP) Out of Bounds Write Vulnerability in BuildDevIDResponse of miscdatabuilder.cpp Kernel Memory Mapping Vulnerability in 'remap_pfn_range' Function Kernel Memory Mapping Vulnerability in Android's 'remap_pfn_range' Function OS Command Injection in Gogs GitHub Repository Prior to Version 0.12.11 Location Information Leak in sOpAllowSystemRestrictionBypass of AppOpsManager.java Improper Input Validation in Messaging App Allows Unauthorized File Attachment and Information Disclosure Telephony App Installation Information Disclosure Vulnerability Possible Log Information Disclosure in Core Utilities on Android Android Bluetooth Vulnerability: Local Privilege Escalation via Out of Bounds Write Insecure Default Value in WindowManager Allows Lock Screen Recording Incorrect UID/Permission Check in WindowManager Allows Privilege Escalation Android Heap Buffer Overflow Vulnerability Allows Remote Information Disclosure Logic Error in Android Settings Allows Bypassing DISALLOW_CONFIG_WIFI Restriction Side Channel Information Disclosure in LocaleManager Allows App Installation Detection without Query Permissions Stack Overflow Vulnerability in Grandstream GSD3710 (1.0.11.13): Unauthorized Shell Access Improper Input Validation Allows Unauthorized File Attachment in Android Messaging Side Channel Information Disclosure in LocaleManager Allows App Installation Detection without Query Permissions Side Channel Information Disclosure in PackageManager Allows Unprivileged App Detection Bluetooth Cleanup Failure Vulnerability Android Wi-Fi Permissions Bypass Vulnerability Allows Local Privilege Escalation Missing Permission Check in SettingsProvider Allows Unauthorized Access to Default Ringtone Race condition vulnerability in Audio HAL allows for local privilege escalation Bluetooth Pairing Vulnerability: Display Only Device Pairing Without PIN Confirmation Bluetooth Configuration Error Allows Local Privilege Escalation in Android Telephony Vulnerability: Unauthorized ICCID and EID Disclosure Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository kromitgmbh/titra prior to 0.77.0 Android Phone App Resource Exhaustion Vulnerability Location Information Disclosure Vulnerability in LocationManager Missing Permission Check in ActivityManager Allows for Unauthorized Capability Check Missing Permission Check in ActivityManager Allows Local Information Disclosure Side Channel Information Disclosure in Usage Stats Service Allows App Installation Detection without Query Permissions Android Factory Reset Permissions Bypass Vulnerability Allows Local Privilege Escalation Improper Input Validation in Companion App Allows Local Privilege Escalation Bluetooth Connection Control Vulnerability Permissions Bypass in RestrictionsManager Allows Privilege Escalation on Android Devices Android Bluetooth Out of Bounds Write Vulnerability CSV Injection Vulnerability in GitHub Repository kromitgmbh/titra prior to 0.77.0 Android Content App Vulnerability: Unauthorized Access to Gmail Account Name Misleading UI in PermissionController allows for unauthorized permission grants and local privilege escalation Misleading Text in PermissionController Allows for Local Information Disclosure Android Bluetooth Heap Buffer Overflow: Remote Information Disclosure Vulnerability Missing Permission Check in Keyguard: Local Privilege Escalation and Screen Timeout Prevention Vulnerability Side Channel Information Disclosure in DevicePolicyManager Allows Unauthorized App Detection Side Channel Information Disclosure in DevicePolicyManager Allows Unprivileged App Detection Side Channel Information Disclosure in DevicePolicyManager Allows Unprivileged App Detection Insufficient Log Filtering in Android Accounts Allows for Local Information Disclosure Side Channel Information Disclosure in DevicePolicyManager Allows Unprivileged App Detection Cross-site Scripting (XSS) Vulnerability in GitHub Repository kromitgmbh/titra prior to 0.77.0 Improper Input Validation in MMSProvider Allows for Local Information Disclosure Missing Permission Check Allows Background Activity Start in Android Core (CVE-2021-12345) AppWidget Background Activity Start Vulnerability Critical Bluetooth Vulnerability Allows Remote Code Execution on Android Devices Telephony Information Disclosure Vulnerability in Android-13 (A-231986341) Side Channel Information Disclosure in PackageManager Allows Unauthorized App Detection Possible Bypass of Background Activity Restriction in Android Connectivity AppSearchManagerService Information Disclosure Vulnerability AppSearchManagerService Information Disclosure Vulnerability PackageInstaller Vulnerability: Unauthorized App Installation Detection via Side Channel Information Disclosure Cross-site Scripting (XSS) Vulnerability in GitHub Repository kromitgmbh/titra prior to 0.77.0 Android MIDI Permissions Bypass Vulnerability Allows Unauthorized Access to Private Devices App Installation Status Disclosure Vulnerability in AppOpsService Logic Error in Factory Reset Protections Allows Local Privilege Escalation on Android Side Channel Information Disclosure in LauncherApps Allows App Installation Detection without Query Permissions Local Information Disclosure Vulnerability in Android Account Existence Disclosure Vulnerability in ContentService Account Existence Disclosure Vulnerability in ContentService Logic Error in Factory Reset Protections Allows Local Privilege Escalation on Android Account Existence Disclosure Vulnerability in ContentService Missing Permission Check in ContentService Allows for Local Information Disclosure Directory Traversal Vulnerability in Zyxel USG FLEX and Other Firmware Versions Account Existence Disclosure Vulnerability in Android Account Existence Disclosure Vulnerability in Android Sandbox Escape Vulnerability Allows Bypass of Factory Reset Protections in Android Account Enumeration Vulnerability in ContentService Side Channel Information Disclosure Vulnerability in Android Missing Permission Check in ContentService Allows Disclosure of Available Account Types Use-after-free vulnerability in Camera Provider HAL allows for local privilege escalation Side Channel Information Disclosure in AlarmManagerService Allows Unprivileged App Installation Detection Insecure Default Configuration in hostapd Allows Remote Denial of Service PackageInstaller Side Channel Information Disclosure Vulnerability Samba Vulnerability: Ticket Decryption Exploit Telecomm Vulnerability: Local Information Disclosure in Android-13 Telecomm Vulnerability: Local Information Disclosure in Android-13 Potential Local Information Disclosure Vulnerability in WifiP2pManager Android Bluetooth Vulnerability: Local Privilege Escalation via Out of Bounds Write Improper Input Validation in KeyChain Allows for Local Privilege Escalation Missing Permission Check in ActivityManager Allows Disclosure of Installed Packages Side Channel Information Disclosure in ContentResolver Allows Unprivileged App Detection Logic Error in SystemUI Allows Unexpected Activation of External Speaker, Leading to Local Information Disclosure PackageInstaller Vulnerability: Unauthorized App Installation Detection via Side Channel Information Disclosure Arbitrary Protected Activity Launch Vulnerability in DreamServices Stored Cross-Site Scripting Vulnerability in Pandora FMS v7.0NG.761 and Below Unauthenticated App Installation Detection Vulnerability in ActivityManager Missing Permission Check in WiFi QR Code Reader Missing Permission Check in PackageManager Allows Installed Package Disclosure Missing Permission Check in PackageManager Allows Package Installation Disclosure Side Channel Information Disclosure Vulnerability in Android Android Use After Free Vulnerability Allows Local Privilege Escalation Telephony Vulnerability: Local Information Disclosure via Missing Permission Check in Android-13 Android Wi-Fi SSID Disclosure Vulnerability Unauthenticated App Presence Disclosure in PackageManager Android Wifi Vulnerability: Local Privilege Escalation via Missing Permission Check Bluetooth Device Connection Vulnerability Allows Unauthorized Access on Android Tapjacking/Overlay Attack in Android Framework Allows Unauthorized Work Profile Activation Side Channel Information Disclosure in PackageManager Allows Unauthorized App Detection Bluetooth Null Check Vulnerability in Android Bluetooth Null Pointer Dereference Vulnerability in Android Android Wi-Fi Settings Vulnerability Allows Unauthorized Adjustment of Wi-Fi Settings Android VPN Lockdown Mode Vulnerability: Unauthorized Application Disclosure Improper Input Validation in HierarchicalUri.readFrom of Uri.java Allows for Local Privilege Escalation Insecure SEpolicy Configuration Allows Unauthorized Access to Network Neighbor Table Information in Android Unauthenticated Access to Private Messages in Sensei LMS WordPress Plugin Missing Permission Check in SELinux Policy Allows for Local Information Disclosure Missing Permission Check in ConnectivityService Allows for Local Information Disclosure Insecure Default Value in WiFi Password Disclosure Vulnerability Race condition vulnerability in stealReceiveChannel of EventThread.cpp allows for local escalation of privilege without additional execution privileges needed Out of Bounds Write Vulnerability in l2cble_process_sig_cmd of l2c_ble.cc Out-of-bounds Read Vulnerability in MPEG4Extractor.cpp Possible Permission Bypass Vulnerability in onAttach of ConnectedDeviceDashboardFragment.java Admin Restriction Bypass in LocationServicesWifiScanningPreferenceController.java Admin Restriction Bypass in WifiScanningPreferenceController and BluetoothScanningPreferenceController Reflected Cross-Site Scripting (XSS) Vulnerability in SCORM Engine Improper Input Validation in NotificationAccessConfirmationActivity Allows Unauthorized Notification Access SQL Injection Vulnerability in CallLogProvider.java Allows Unauthorized Access to Voicemail Information Location Information Disclosure Vulnerability in LocationManagerService Improper Input Validation in DefaultRingtonePreference.java Allows Inappropriate File Read Possible VPN Disabling Vulnerability in onDefaultNetworkChanged of Vpn.java Improper Input Validation in PacProxyService.java Allows for Local Denial of Service Improper Input Validation Allows Unauthorized Foreground Service Start in Android Uninitialized Data Information Disclosure in writeToParcel of SurfaceControl.cpp Missing Permission Check in startSync of AbstractThreadedSyncAdapter Allows Local Information Disclosure Stored Cross-site Scripting (XSS) Vulnerability in francoisjacquet/rosariosis prior to 9.0.1 Missing Permission Check in setChecked of SecureNfcPreferenceController Allows Local Privilege Escalation Cross-Transport Key Derivation Vulnerability in btif_dm_auth_cmpl_evt of btif_dm.cc Critical Bluetooth Vulnerability Allows Remote Code Execution on Android Devices Out-of-bounds Write Vulnerability in sysmmu_unmap of Android Kernel Android Kernel Vulnerability: A-229632566 Integer Overflow in ioctl_dpm_clk_update of lwis_ioctl.c Integer Overflow in construct_transaction of lwis_ioctl.c Allows for Local Privilege Escalation in Android Kernel Android Kernel Vulnerability: A-224546354 Out-of-bounds Write Vulnerability in v4l2_m2m_querybuf of v4l2-mem2mem.c Critical Vulnerability: Excessive Attack Surface in tooljet/tooljet prior to v1.16.0 Android Kernel Vulnerability: A-215730643 Race condition leading to use after free vulnerability in dm_bow_dtr and related functions of dm-bow.c Out of Bounds Write Vulnerability in exynos5_i2c_irq Race condition vulnerability in st21nfc_loc_set_polaritymode of fc/st21nfc.c allows for local escalation of privilege with System execution privileges needed Out of Bounds Read Vulnerability in LteRrcNrProAsnDecode of LteRrcNr_Codec.c Possible Use After Free Vulnerability in trusty_log_seq_start of trusty-log.c Possible Local Privilege Escalation in Android Keymaster IPC Android Kernel Vulnerability: A-234657153 Use-after-free vulnerability in lwis_buffer_alloc of lwis_buffer.c allows for arbitrary code execution Android Kernel Vulnerability: A-212625740 Android Kernel Vulnerability: A-188935887 Possible Out of Bounds Write Vulnerability in Android Kernel Integer Overflow Vulnerability in AllocateInternalBuffers of g3aa_buffer_allocator.cc Android Kernel Vulnerability: A-211727306 Out-of-Bounds Access Vulnerability in 'nla_parse' Function Title: Android SoC Vulnerability (A-238227328) Title: Android SoC Vulnerability (A-238227324) Title: Android SoC Vulnerability (A-238227323) Title: Android SoC Vulnerability (A-238257004) Cross-Site Request Forgery Vulnerability in Free Live Chat Support Plugin for WordPress Title: Android SoC Vulnerability (A-238257002) Title: Android SoC Vulnerability (A-238257000) Improper Input Validation in declareDuplicatePermission of ParsedPermissionUtils.java Allows Unauthorized Acquisition of Dangerous Permission Integer Overflow Vulnerability in extract3GPPGlobalDescriptions of TextDescriptions.cpp Missing Permission Check in getInputMethodWindowVisibleHeight of InputMethodManagerService.java Allows Local Information Disclosure Path Traversal Vulnerability in MediaProvider.java Allows Local Privilege Escalation Bluetooth Discoverability Permissions Bypass Vulnerability in Android Out of Bounds Write Vulnerability in SitRilClient_OnResponse of SitRilSe.cpp Guest User Wi-Fi Configuration Permissions Bypass Vulnerability Insecure Default Value in SEPolicy Configuration Allows Unauthorized Access to 'ip' Utility Stored Cross-Site Scripting Vulnerability in Brizy WordPress Plugin Out of Bounds Write Vulnerability in cd_CodeMsg of cd_codec.c Out-of-Bounds Read Vulnerability in SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c Android Kernel Vulnerability: A-218701042 Android Kernel Vulnerability: A-207975764 Android Kernel Vulnerability: A-205714161 Android Kernel Vulnerability: A-216363416 Android Kernel Vulnerability: A-184676385 Android Kernel Vulnerability: A-210916981 Android Kernel Vulnerability: A-204782372 Use After Free Vulnerability in io_identity_cow of io_uring.c Stored Cross-Site Scripting Vulnerability in Brizy WordPress Plugin Integer Overflow Vulnerability in avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc Out-of-Bounds Write Vulnerability in avdt_msg_asmbl of avdt_msg.cc Out-of-bounds Read Vulnerability in fdt_next_tag of fdt.c Possible Audio Recording Vulnerability in Threads.cpp Uncaught Exception in setImpl of AlarmManagerService.java Leads to Local Denial of Service Vulnerability Possible bypass of background activity start restriction in handleFullScreenIntent of StatusBarNotificationActivityStarter.java Out-of-bounds Write Vulnerability in audioTransportsToHal of HidlUtils.cpp Out-of-bounds Write Vulnerability in audioTransportsToHal of HidlUtils.cpp Out of Bounds Read Vulnerability in pickStartSeq of AAVCAssembler.cpp Arbitrary Code Execution Vulnerability in setOptions of ActivityRecord.java GitHub Repository vim/vim Prior to 8.2 Use After Free Vulnerability Bypassing Device Policy Restrictions in getBackgroundRestrictionExemptionReason of AppRestrictionController.java Use-after-free vulnerability in binder_inc_ref_for_node in binder.c allows local attackers to gain privileges via a crafted application. Race condition vulnerability in emulation_proc_handler in armv8_deprecated.c allows for local privilege escalation without additional execution privileges. Integer Overflow Vulnerability in rndis_set_response of rndis.c in Android Kernel Possible Permanent Performance Degradation Due to Resource Exhaustion in addAutomaticZenRule of ZenModeHelper.java Phone Account Resource Exhaustion Vulnerability Memory Corruption Vulnerability in Android Kernel Possible Out of Bounds Write Vulnerability in Android Kernel (A-239555411) Permission Bypass Vulnerability in CarSettings App Package Allows Local Privilege Escalation in Bluetooth Settings Out-of-Bounds Write Vulnerability in MOXA NPort 5110 Firmware Versions 2.10 Missing Authorization in Android SoC Service Allows Local Elevation of Privilege Missing Authorization in Android SoC Service Allows Local Elevation of Privilege Missing Authorization in Android SoC Service: Local Elevation of Privilege Vulnerability Missing Authorization in Android SoC Service Allows Local Elevation of Privilege Missing Authorization in Android SoC Service Allows Local Elevation of Privilege Android SoC Unauthorized Service Vulnerability: System Reboot Exploit Local Elevation of Privilege Vulnerability in Android SoC Unauthorized Broadcast Vulnerability in Android Messaging Unauthorized Broadcast Vulnerability in Android Messaging Unauthorized Provider Vulnerability in Android Messaging: Local Denial of Service Out-of-Bounds Write Vulnerability in MOXA NPort 5110 Firmware Versions 2.10 Unauthorized Broadcast Vulnerability in Android Messaging Unexported Intent Handler Launch Vulnerability in navigateUpTo of Task.java Tapjacking/Overlay Attack Vulnerability in ReviewPermissionsActivity.java Possible Tapjacking/Overlay Attack in Layer.cpp Allows Local Privilege Escalation without User Interaction Out-of-Bounds Read Vulnerability in sdp_discovery.cc Allows Remote Information Disclosure Missing Permission Check in AlwaysOnHotwordDetector Allows Unauthorized Microphone Access Out of Bounds Read Vulnerability in PAN_WriteBuf of pan_api.cc Permissions Bypass Vulnerability in NotificationManagerService Allows Data Sharing Across Users Path Traversal Vulnerability in writeApplicationRestrictionsLAr of UserManagerService.java Missing Permission Check in restorePermissionState of PermissionManagerServiceImpl.java Allows Local Privilege Escalation Missing Permission Check in onCallRedirectionComplete of CallsManager.java Arbitrary Code Execution Vulnerability in BaseBundle.java's initializeFromParcelLocked Method Path Traversal Vulnerability in MmsProvider.java Allows Local Denial of Service of SIM Recognition Integer Overflow in fdt_next_tag of fdt.c Allows for Local Privilege Escalation Persistent Denial of Service Vulnerability in addAutomaticZenRule of ZenModeHelper.java Resource Exhaustion Vulnerability in AutomaticZenRule of AutomaticZenRule.java Improper Input Validation in getMountModeInternal of StorageManagerService.java Allows Local Privilege Escalation Sensitive Information Leakage in CarNotificationListener.java Improper Input Validation in Android Kernel Allows for Local Privilege Escalation Unrestricted Plugin Download Vulnerability in Directorist WordPress Plugin Memory Mapping Corruption Vulnerability in mprot_unmap Out-of-Bounds Read Vulnerability in pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp Out-of-bounds Write Vulnerability in phNxpNciHal_write_unlocked of phNxpNciHal.cc Possible Audio Recording Vulnerability in Android Kernel Lockscreen Bypass Vulnerability in KeyguardHostViewController.java and Related Files Insecure Default Value in applyKeyguardFlags Allows Password Observation on Secondary Display Possible Incorrect File Read Vulnerability in BluetoothOppUtility.java Out-of-Bounds Read Vulnerability in BNEP_ConnectResp of bnep_api.cc Out of Bounds Write Vulnerability in avct_lcb_msg_asmbl of avct_lcb_act.cc Improper Parsing of Authority Segment in Jetty HttpURI Class Improper Input Validation in bindRemoteViewsService of AppWidgetServiceImpl.java Allows Local Privilege Escalation Out-of-bounds Read Vulnerability in SendIncDecRestoreCmdPart2 of NxpMfcReader.cc Out-of-bounds Read Vulnerability in toLanguageTag of LocaleListCache.cpp Out-of-bounds Read Vulnerability in toLanguageTag of LocaleListCache.cpp Arbitrary Code Loading Vulnerability in readLazyValue of Parcel.java Possible Hijacking of Apps with allowTaskReparenting Vulnerability Infinite Reboot Loop Vulnerability in PackageManager.setEnableSetting Possible Local Escalation of Privilege in KeyguardNotificationVisibilityProvider.kt Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Denial of Service Vulnerability in Eclipse Jetty HTTP/2 Server Implementation Resource Exhaustion Vulnerability in NotificationChannel Persistence WiFi Settings Residual Data Disclosure Vulnerability Resource Exhaustion Vulnerability in createNotificationChannel of NotificationManager.java Integer Overflow Vulnerability in avrc_pars_ct.cc and Related Files Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in AutomaticZenRule.java Regex Denial of Service Vulnerability in Octopus Deploy Package Upload Function Resource Exhaustion Vulnerability in AutomaticZenRule.java Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in AutomaticZenRule.java Improper Input Validation in Condition.java Allows for Notification Access Granting Persistent DoS Vulnerability in AutomaticZenRule of AutomaticZenRule.java Possible Local Escalation of Privilege in getEnabledAccessibilityServiceList of AccessibilityManager.java Arbitrary Code Execution Vulnerability in setDataSource of initMediaExtractor.cpp Incorrect State Transition in updatePublicMode of NotificationLockscreenUserManagerImpl.java Allows Sensitive Notification Disclosure on Lockscreen Out-of-bounds Read Vulnerability in fdt_path_offset_namelen of fdt_ro.c Uncaught Parsing Errors in PasspointConfiguration.java Could Lead to Local Persistent Denial of Service Stored Cross-Site Scripting Vulnerability in WP-Paginate WordPress Plugin Uncaught Exception in loadFromXml of ShortcutPackage.java Leads to Local Denial of Service Vulnerability Tapjacking/Overlay Attack Vulnerability in EnableAccountPreferenceActivity Use-after-free vulnerability in GetResolvedMethod in entrypoint_utils-inl.h allows for local information disclosure in Android. Potential Local Privilege Escalation in WifiDppConfiguratorActivity Missing Permission Check in DreamManagerService.java Allows Local Privilege Escalation and Dismissal of System Dialogs Possible Path Traversal Vulnerability in openFile of CallLogProvider.java Missing Permission Check in onCreate of WifiDialogActivity.java Allows Local Privilege Escalation Arbitrary Code Execution Vulnerability in UwbEventManager.java Guest User Privilege Escalation via Permissions Bypass in ConfigureWifiSettings.java Out-of-Bounds Write Vulnerability in mapGrantorDescr of MessageQueueBase.h Permissions Bypass in getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java Missing Permission Check in getNearbyAppStreamingPolicy of DevicePolicyManagerService.java Improper Input Validation in navigateUpTo of Task.java Allows for Local Privilege Escalation Possible Out of Bounds Read in decrypt_1_2 of CryptoPlugin.cpp Leading to Local Information Disclosure Out of Bounds Write Vulnerability in Idmap2Service.cpp Local Information Disclosure Vulnerability in AccountTypePreferenceLoader Integer Overflow Vulnerability in rw_t3t_act_handle_check_ndef_rsp of Android SQL Injection Vulnerability in getMessagesByPhoneNumber of MmsSmsProvider.java SQL Injection Vulnerability in MmsSmsProvider.java Allows Access to Restricted Tables Potential Local Privilege Escalation in AddAppNetworksActivity.java Default Privileged Windows Users and Passwords in Multiple Trumpf Products: A Gateway for Remote System Access Possible Tapjacking/Overlay Attack in Android's onCreate Method Null Pointer Dereference in sdpu_find_most_specific_service_uuid of sdp_utils.cc Missing Permission Check in getSlice of ProviderModelSlice.java Allows Local Escalation of Privilege in Android Out-of-bounds Read Vulnerability in IncFs_GetFilledRangesStartingFrom of incfs.cpp Use-after-free vulnerability in Vibrator.cpp allows for arbitrary code execution Possible Local Privilege Escalation Vulnerability in Android's enforceVisualVoicemailPackage Out of Bounds Write Vulnerability in CanvasContext::draw of CanvasContext.cpp Out of Bounds Read Vulnerability in HalCoreCallback of Android NFC Firmware Out of Bounds Read Vulnerability in HevcUtils.cpp Limited Lockscreen Bypass Vulnerability in WifiDialogActivity.java Undertow AJP POST Request DoS Vulnerability Misleading String Vulnerability Allows Remote Information Disclosure of Call Logs in Android Telecom App Installation Detection Vulnerability: Side Channel Information Disclosure Integer Overflow Vulnerability in parseTrackFragmentRun() of MPEG4Extractor.cpp in Android Potential Local Privilege Escalation in getSlice of WifiSlice.java Information Disclosure Vulnerability in registerLocalOnlyHotspotSoftApCallback of WifiManager.java Missing Permission Check in registerBroadcastReceiver of RcsService.java Allows Local Privilege Escalation Potential Local Privilege Escalation in createDialog of WifiScanModeActivity.java Possible Information Disclosure Vulnerability in RoleService.java Out of Bounds Write Vulnerability in Effect.cpp Could Lead to Local Privilege Escalation Code Injection Vulnerability in Nuitka Prior to Version 0.9 Arbitrary Code Execution Vulnerability in SurfaceFlinger::doDump of Android Out of Bounds Read Vulnerability in phNxpNciHal_ioctl of phNxpNciHal.cc Out-of-bounds Write Vulnerability in parseParamsBlob of types.cpp Title: Android Display Crash Loop Vulnerability Allows Local Denial of Service Bypass of Profile Owner Restrictions in ManageApplications.java Remote Denial of Service Vulnerability in bindArtworkAndColors of MediaControlPanel.java Out of Bounds Write Vulnerability in getCurrentConfigImpl of Effect.cpp Missing Permission Check in AdapterService.java Allows for Bluetooth State Manipulation Out-of-Bounds Write Vulnerability in setParameter of EqualizerEffect.cpp Out of Bounds Write Vulnerability in KeyMintUtils.cpp Arbitrary Protected Activity Launch Vulnerability in Android Possible Local Escalation of Privilege in AudioFlinger's createTrack Vulnerability Out of Bounds Read and Use After Free Vulnerability in btif_a2dp_sink_command_ready of btif_a2dp_sink.cc Tapjacking/Overlay Attack Vulnerability in LogAccessDialogActivity.java Possible OOB Read Vulnerability in removeEventHubDevice of InputDevice.cpp Out-of-bounds Read Vulnerability in ufdt_get_node_by_path_len of ufdt_convert.c Potential Local Privilege Escalation in NetworkProviderSettings Out of Bounds Read Vulnerability in MessageQueueBase of Android Potential Privilege Escalation via Permissions Bypass in DeviceCapabilityListener.java Side Channel Information Disclosure in revokeOwnPermissionsOnKill of PermissionManager.java Divide By Zero Denial-of-Service Vulnerability in libtiff 4.4.0 Android Kernel Vulnerability: A-212623833 Use-after-free vulnerability in aud_hal_tunnel.c allows for local privilege escalation Possible audio recording vulnerability in Android kernel Out of Bounds Read Vulnerability in ufdt_convert Function Out of Bounds Write Vulnerability in ufdt_output_strtab_to_fdt of ufdt_convert.c Use-after-free vulnerability in l2cap_chan_put in l2cap_core allows for local privilege escalation Race condition vulnerability in pppol2tp_create in l2tp_ppp.c allows for use after free, leading to local privilege escalation Use after free vulnerability in Android kernel allows for local privilege escalation Out-of-bounds Write Vulnerability in thermal_cooling_device_stats_update of thermal_sysfs.c Divide By Zero Denial-of-Service Vulnerability in libtiff 4.4.0 Android Kernel Vulnerability: A-230660904 Use-after-free vulnerability in extract_metadata of dm-android-verity.c allows local attackers to corrupt kernel memory and potentially escalate privileges. Missing Permission Check in dm-verity-target.c Allows for Modification of Read-Only Files Out-of-bounds Read Vulnerability in sec_sysmmu_info of drm_fw.c Out-of-bounds Read Vulnerability in read_ppmpu_info of drm_fw.c Out of Bounds Write Vulnerability in rilapplication.cpp Out of Bounds Write Vulnerability in OemSimAuthRequest::encode of wlandata.cpp Possible Stack Clash Vulnerability in RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp Possible Stack Clash Vulnerability in RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp Divide By Zero Denial-of-Service Vulnerability in libtiff 4.4.0 Out of Bounds Write Vulnerability in ufdt_do_one_fixup of ufdt_overlay.c Possible Use After Free Vulnerability in Pixel Camera Driver Out-of-Bounds Write Vulnerability in ppmp_unprotect_mfcfw_buf of drm_fw.c Out-of-Bounds Write Vulnerability in ppmp_unprotect_mfcfw_buf of drm_fw.c Improper Input Validation in shared_mem.c Allows Local Privilege Escalation Improper Input Validation in drm_access_control.c Allows for Local Escalation of Privilege in Android Kernel Improper Input Validation in drm_access_control.c Allows for Local Escalation of Privilege in Android Kernel Possible EoP Vulnerability in ppmp_validate_wsm of drm_fw.c in Android Kernel Possible EoP Vulnerability in sysmmu_map of sysmmu.c Improper Input Validation in valid_va_secbuf_check of drm_access_control.c in Android Kernel Allows for Local Information Disclosure Stored Cross-Site Scripting Vulnerability in Pandora FMS v7.0NG.761 and Below Information Disclosure in valid_va_sec_mfc_check of drm_access_control.c Information Disclosure in ppmpu_set of ppmpu.c in Android Kernel Information Disclosure in ppmp_validate_secbuf of drm_fw.c Out-of-bounds Read Vulnerability in pop_descriptor_string of BufferDescriptor.h Potential Out of Bounds Write Vulnerability in WirelessCharger.cpp Possible Out of Bounds Read in getWpcAuthChallengeResponse of WirelessCharger.cpp Out of Bounds Write Vulnerability in sendChunk of WirelessCharger.cpp Integer Overflow Vulnerability in ppmpu_set of ppmpu.c Integer Overflow Vulnerability in sec_media_protect of media.c Missing Bounds Check in Pixel Firmware Allows Local Privilege Escalation Stored Cross-site Scripting (XSS) Vulnerability in Dolibarr GitHub Repository (prior to version 16.0) Out of Bounds Write Vulnerability in Android Kernel Android Kernel Vulnerability: A-204541506 Android Kernel Vulnerability: A-211081867 Out of Bounds Write Vulnerability in SetDecompContextDb of RohcDeCompContextOfRbId.cpp Out-of-bounds Read Vulnerability in SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c Out of Bounds Read Vulnerability in SAECOMM_CopyBufferBytes of SAECOMM_Utility.c Out-of-bounds Read Vulnerability in SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c Out of Bounds Write Vulnerability in Pixel Cellular Firmware Allows Remote Code Execution Out of Bounds Read Vulnerability in Pixel Cellular Firmware Out of Bounds Read Vulnerability in Pixel Cellular Firmware Heap-based Buffer Overflow in Chafa GitHub Repository Out of Bounds Read Vulnerability in Cellular Modem Firmware Allows Remote Code Execution Carrier Restrictions Bypass Vulnerability in DeletePackageHelper.java CSRF Vulnerability in Jenkins Allows Unauthorized Job Build Triggering Jenkins Mailer Plugin CSRF Vulnerability Allows DNS Resolution Hijacking Vulnerability: Unauthorized DNS Resolution in Jenkins Mailer Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Matrix Project Plugin 1.19 and Earlier Jenkins Credentials Binding Plugin Vulnerability: Unauthorized Validation of Secret File Credentials Jenkins Docker Commons Plugin OS Command Execution Vulnerability Vulnerability: Enumeration of Credentials IDs in Jenkins Bitbucket Branch Source Plugin Jenkins Bitbucket Branch Source Plugin CSRF Vulnerability Sensitive Information Disclosure in GitHub repository nocodb/nocodb prior to 0.91.7+. Credential Enumeration Vulnerability in Jenkins SSH Agent Plugin Unencrypted Access Key Vulnerability in Jenkins Metrics Plugin Denial of Service Vulnerability in Cisco Embedded Wireless Controller with Catalyst Access Points Software Cisco NX-OS Software BFD Rate Limiter Logic Error Vulnerability Cisco NX-OS Software CFSoIP Denial of Service Vulnerability Cisco Discovery Protocol Service Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Privilege Escalation Vulnerability in nocodb/nocodb prior to 0.91.7+ Unsecured Logging Vulnerability in Cisco DNA Center Allows Unauthorized Access to Sensitive Information Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface GitHub Repository NocoDB Prior to 0.91.7+: Insufficient Session Expiration Vulnerability Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Stored Cross-Site Scripting (XSS) Vulnerability in neorazorx/facturascripts Repository (prior to 2022.06) Arbitrary Command Execution Vulnerability in Cisco NX-OS Software's NX-API Unencrypted Credentials Exposure Vulnerability in Cisco ASDM Logging Component Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) DNS-based Authentication of Named Entities (DANE) Email Verification Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco Unified Contact Center Management Portal and Domain Manager Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Reflected Cross-Site Scripting (XSS) Vulnerability in neorazorx/facturascripts (prior to 2022.06) Unencrypted Storage Vulnerability in Cisco IP Phones: Confidential Information Extraction Persistent Code Execution and Permanent Denial of Service Vulnerabilities in Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Smart Card Authentication Bypass Vulnerability in Cisco Duo for macOS Sensitive Information Retrieval Vulnerability in Cisco Secure Email and Web Manager Privilege Escalation Vulnerability in Cisco StarOS CLI Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Critical SQL Injection Vulnerability in francoisjacquet/rosariosis (prior to 9.0) Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Denial of Service (DoS) Vulnerability in Cisco Email Security Appliance, Web Security Appliance, and Secure Email and Web Manager Privilege Escalation Vulnerability in Cisco IOS XE Tcl Interpreter Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOS XE Software AppNav-XE Feature Denial of Service Vulnerability IPSec Decryption Routine Buffer Exhaustion Vulnerability Command Injection Vulnerability in c_rehash Script Improper Privilege Enforcement in Cisco Prime Service Catalog Web Interface Privilege Escalation Vulnerability in Cisco Catalyst 9000 Family Switches and Wireless Controllers CAPWAP Protocol Processing Denial of Service Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family Denial of Service Vulnerability in Cisco Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family Vulnerability in Cisco ATA 190 Series Analog Telephone Adapter Firmware Allows Remote Code Execution and Denial of Service Cisco ATA 190 Series Analog Telephone Adapter Firmware LLDP Remote Code Execution Vulnerability Cisco ATA 190 Series Analog Telephone Adapter Firmware Remote Code Execution Vulnerability Cisco ATA 190 Series Analog Telephone Adapter Firmware Cisco Discovery Protocol Memory Corruption Vulnerability Out of Bounds Write Vulnerability in Siemens JT2Go and Teamcenter Visualization Cisco ATA 190 Series Analog Telephone Adapter Firmware Cisco Discovery Protocol Memory Corruption Vulnerability Cisco ATA 190 Series Adaptive Telephone Adapter Firmware DoS Vulnerability NETCONF over SSH Denial of Service Vulnerability in Cisco IOS XE Software Command Injection Vulnerability in Cisco IOS XE Software Web UI Denial of Service (DoS) Vulnerability in Cisco IOS XE Software's RPKI Implementation Authentication Bypass Vulnerability in Cisco Wireless LAN Controller (WLC) Software Vulnerability: Unauthenticated Access to Messaging Service Ports in Cisco SD-WAN vManage Software Containers Cisco IOS and IOS XE Software Web Services Interface Denial of Service Vulnerability Denial of Service Vulnerability in ClamAV Software's OOXML Parsing Module Multiple Vulnerabilities in Cisco Small Business RV Series Routers Stack Overflow Vulnerability in Grandstream GSD3710 (Version 1.0.11.13) Allows Remote Code Execution Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers CSRF and XSS Vulnerabilities in Name Directory WordPress Plugin Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Cross-Site Scripting (XSS) Vulnerability in Cisco ASA and FTD VPN Web Client Services Lightspeed-Plus Line Card Reset Vulnerability Denial of Service Vulnerability in Cisco ASA and FTD Software Privilege Escalation Vulnerability in Cisco SD-WAN Software Memory Exhaustion Vulnerability in Cisco SD-WAN vEdge Routers Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Reflected and Stored Cross-Site Scripting Vulnerability in Name Directory WordPress Plugin Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities VLAN Bypass Vulnerability in Cisco Access Points XML Injection Vulnerability in Cisco Firepower Threat Defense (FTD) Software Code Injection in Grav CMS prior to 1.7.34 Bypassing Security Intelligence DNS Feed in Cisco Firepower Threat Defense Software Persistent Code Execution and Permanent Denial of Service Vulnerabilities in Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Improper Access Permissions Vulnerability in Cisco VIM Configuration Files Unauthenticated Access to All Roles in Cisco ISE Login Page Insufficient File System Restrictions in Cisco SD-WAN vManage Software Allows Unauthorized Access to Sensitive Information Title: Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability Unauthorized Access to Administrative Console in Cisco AppDynamics Controller Software Vulnerability in Cisco ASA Software's HTTP Authentication Handler Cisco Umbrella Secure Web Gateway: File Inspection Bypass Vulnerability Privilege Escalation Vulnerability in Cisco SD-WAN vManage Software Regex Denial of Service Vulnerability in Octopus Deploy's Variable Project Template Cross-Site Scripting Vulnerability in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerability in Cisco Secure Network Analytics GCM Cipher Implementation Vulnerability in Cisco ASA and FTD Software Cisco Firepower Management Center (FMC) Software: File Upload Vulnerability Input Protection Bypass Vulnerability in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco ASA and FTD Software Cisco Firepower Threat Defense (FTD) Software TCP Proxy Denial of Service Vulnerability Insufficient API Authorization Checking in Cisco SD-WAN vManage Software Cisco Firepower Threat Defense (FTD) Software Local Malware Analysis Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Small Business RV Series Routers Regex Denial of Service Vulnerability in Octopus Deploy Build Information Request Validation Cisco Redundancy Configuration Manager (RCM) Checkpoint Manager Process Restart Vulnerability Unauthenticated Remote Attackers Can Cause Denial of Service in Cisco Firepower Threat Defense Software Timing Attack Vulnerability in Cisco Unified Communications Manager, Unified CM SME, and Cisco Unity Connection Arbitrary Code Execution Vulnerability in Cisco Small Business RV340 and RV345 Routers Arbitrary Code Execution and File Write Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS Arbitrary Code Execution and File Write Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS Cisco Identity Services Engine (ISE) RADIUS Processing Denial of Service Vulnerability Cisco Firepower Threat Defense (FTD) Software Denial of Service Vulnerability Cisco IOS XR Software BGP EVPN Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco ASA and FTD Software Cisco ASA and FTD Software DNS Inspection DoS Vulnerability Cisco 1000 Series Connected Grid Router (CGR1K) Integrated AP Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) Software Arbitrary Java Code Injection Vulnerability in Cisco Webex Meetings Multiple Vulnerabilities in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software Cross-Site Scripting Vulnerability in Cisco UCS Director Web Applications Cisco FTD Snort Rule Evaluation Function Denial of Service Vulnerability Clear Text Credential Exposure Vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) AireOS Software with FIPS Mode Enabled CHM File Parser Denial of Service Vulnerability in ClamAV TIFF File Parser Denial of Service Vulnerability in ClamAV HTTP Response Splitting Vulnerability in Cisco Email Security Appliance and Secure Email and Web Manager Static SSH Host Key Vulnerability in Cisco Umbrella Virtual Appliance Cross-Site Request Forgery Vulnerability in Cisco IP Phone Series with Multiplatform Firmware Privilege Escalation Vulnerabilities in Cisco SD-WAN Software CLI Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Escape from Guest VM to Host Machine and Command Injection Vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Meetings Authentication Component Escape from Guest VM to Host Machine and Command Injection Vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) Buffer Overflow Vulnerability in Linux Kernel's nft_set_desc_concat_parse() Function Escape from Guest VM to Host Machine and Command Injection Vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) Stored XSS Vulnerability in Cisco Web Security Appliance (WSA) Management Interface Improper Privilege Enforcement in Cisco Identity Services Engine (ISE) Web Interface Allows Information Disclosure Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software Denial of Service Vulnerability Web-Based Reputation Score (WBRS) Engine Bypass Vulnerability in Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) HTML File Parser Denial of Service Vulnerability in ClamAV SQL Injection Vulnerability in Cisco Unified Communications Manager IM & Presence Service Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Unity Connection Arbitrary File Write Vulnerability in Cisco Unified Communications Manager and Session Management Edition Stored Cross-site Scripting (XSS) Vulnerability in nocodb/nocodb prior to 0.91.7+ in GitHub Repository Arbitrary File Read Vulnerability in Cisco Unified Communications Manager Insufficient File Permission Restrictions in Cisco Unified Communications Manager: Arbitrary File Read Vulnerability Heap Buffer Overflow Vulnerability in ClamAV Signature Database Load Module Multiple Vulnerabilities in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software DTLS Protocol Implementation Denial of Service Vulnerability Denial of Service Vulnerability in ClamAV Versions 0.103.5 and Earlier and 0.104.2 and Earlier Arbitrary Command Execution Vulnerability in Cisco Secure Network Analytics Authentication Bypass Vulnerability in Cisco Secure Email and Web Manager Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV340 and RV345 Routers Arbitrary Private Message Sender Vulnerability in Sensei LMS WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Unity Connection Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV340 and RV345 Routers Cross-Site Scripting (XSS) Vulnerability in Cisco Enterprise Chat and Email (ECE) Web Interface Double-Free Vulnerability in ClamAV OLE2 File Parser Cisco Discovery Protocol Denial of Service Vulnerability Cisco Umbrella SWG SSL Decryption Bypass Vulnerability Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS: File Writing and Information Disclosure Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS: File Writing and Information Disclosure Cisco Smart Software Manager On-Prem (SSM On-Prem) Denial of Service Vulnerability Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS: File Writing and Information Disclosure HCI Modbus TCP Function Vulnerability: Remote Reboot Exploit SNMP Information Disclosure Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Arbitrary File Overwrite and Null Byte Poisoning Vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server Arbitrary File Overwrite and Null Byte Poisoning Vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager Web Interface Arbitrary File Deletion Vulnerability in Cisco Unified Communications Manager and Session Management Edition Manufacturing Key Duplication Vulnerability in Cisco Unified IP Phones Privilege Escalation Vulnerabilities in Cisco SD-WAN Software CLI Cisco Identity Services Engine (ISE) Web Management Interface Information Disclosure Vulnerability Cross-Site Scripting (XSS) and Frame Hijacking Vulnerabilities in Cisco Webex Meetings Web Interface Vulnerability: Unauthenticated Remote Access to Redis Instance in Cisco IOS XR Software Cisco Identity Services Engine (ISE) Web Management Interface File Read and Delete Vulnerability OSPFv3 Denial of Service Vulnerability in Cisco NX-OS Software Vulnerability in Cisco Discovery Protocol Allows Remote Code Execution and DoS Arbitrary Code Execution and DoS Vulnerability in Cisco Small Business RV Routers Secure Boot Bypass Vulnerability in Cisco Secure Firewalls 3100 Series Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Arbitrary Command Execution Vulnerability in Cisco FirePOWER Software for ASA FirePOWER Module Vulnerability in Cisco ASA Software Allows Remote Code Execution via Malicious ASDM Image OAuth client_secret leakage vulnerability in Simple Single Sign On WordPress plugin Unauthenticated Access to Cisco SD-AVC GUI Vulnerability Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco IOS XE Software DNS Application Layer Gateway Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Vulnerability: Exposing Hashed Passwords in World Readable Logs of cloud-init Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Default Static Username and Password Vulnerability in Cisco SD-AVC on vManage Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family: DHCP Processing Denial of Service Vulnerability Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points: UDP Processing Denial of Service Vulnerability Ghostscript NULL Pointer Dereference Vulnerability Arbitrary File Deletion Vulnerability in Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software Arbitrary Command Injection Vulnerability in Cisco IOS XE Software Web UI Cross-Site Scripting (XSS) and Frame Hijacking Vulnerabilities in Cisco Webex Meetings Web Interface Cisco Firepower Software SSH Denial of Service Vulnerability Escape from Restricted Controller Shell: Arbitrary Command Execution Vulnerability in Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Cisco IOS XE Wireless Controller Software Denial of Service Vulnerability in CAPWAP Mobility Messages Multiple Remote Code Execution and File Upload Vulnerabilities in Cisco Nexus Dashboard Multiple Remote Code Execution and File Upload Vulnerabilities in Cisco Nexus Dashboard Insufficient Access Control Vulnerability in Cisco Unified Communications Manager and Unity Connection Critical SQL Injection Vulnerability in SourceCodester Bank Management System 1.0 Unauthenticated Remote Attackers Can Alter Communications and View Sensitive Information in Cisco Nexus Dashboard Multiple Remote Code Execution and File Upload Vulnerabilities in Cisco Nexus Dashboard Arbitrary File Read Vulnerability in Cisco Unified Communications Manager Cisco Webex App Messaging Interface Link Manipulation Vulnerability Vulnerability in Cisco Catalyst Switches' Password-Recovery Disable Feature Arbitrary Command Injection Vulnerability in Cisco FXOS Software Vulnerability: RSA Private Key Retrieval in Cisco ASA and FTD Software SQL Injection Vulnerability in Cisco Email Security Appliance and Cisco Secure Email and Web Manager Privilege Escalation Vulnerability in Cisco Email Security Appliance and Secure Web Manager Cross-Site Scripting Vulnerability in Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting (XSS) Vulnerability in SourceCodester Bank Management System 1.0 Denial of Service Vulnerability in Cisco Catalyst Switches' MPLS Packet Processing Function Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Privilege Escalation Vulnerability in Elcomplus SmartICS v2.3.4.0 Allows Unauthorized Process Termination Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Cross-Site Scripting (XSS) Vulnerability in Bold Page Builder WordPress Plugin Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Reflected Cross-Site Scripting in Discount Rules for WooCommerce WordPress Plugin Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Privilege Escalation Vulnerabilities in Cisco Nexus Dashboard Privilege Escalation Vulnerabilities in Cisco Nexus Dashboard Privilege Escalation Vulnerabilities in Cisco Nexus Dashboard Privilege Escalation Vulnerabilities in Cisco Nexus Dashboard CSRF Vulnerability in Cache Images WordPress Plugin Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Arbitrary File Write Vulnerability in Cisco Nexus Dashboard Excessive Verbosity in Cisco ISE ERS API Allows Information Disclosure Denial of Service (DoS) Vulnerability in Cisco IOS XE Software with IPv6 VPN over MPLS (6VPE) and Zone-Based Firewall (ZBFW) Cross-Site Scripting (XSS) Vulnerability in Cisco IoT Control Center Web Interface Manipulation of XMPP Messages in Cisco Jabber: A Remote Vulnerability Default Credential Vulnerability in Cisco FirePOWER Software and Cisco NGIPS Software Denial of Service Vulnerability in Cisco IOS Software and Cisco IOS XE Software Reflected Cross-Site Scripting Vulnerability in WooCommerce PDF Invoices & Packing Slips WordPress Plugin Remote Code Execution Vulnerability in Cisco IOS and IOS XE SSH Implementation Privilege Escalation Vulnerability in Cisco ACI Multi-Site Orchestrator (MSO) API Implementation Vulnerabilities in SMB2 Processor of Snort Detection Engine on Cisco Products Title: Cisco Small Business RV Series Routers Vulnerability: Bypassing IPSec VPN Server Authentication Cisco ASA and FTD Software SNMP DoS Vulnerability Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Software Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco ASA and FTD SSL/TLS Client Authentication Bypass Vulnerability in Cisco ASA and FTD Software Allows Unauthorized Access Insufficient Cryptographic Signature Verification in Cisco NFVIS Upgrade Process Cross-Site Scripting Vulnerability in WP Duplicate Page WordPress Plugin Arbitrary File Overwrite Vulnerability in Cisco SD-WAN Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cisco AnyConnect VPN Server Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Insufficient Resource Management in Cisco ISE Software: RADIUS Traffic Exploit XML Syntax Validation Vulnerability in Cisco Firepower Management Center Software Reflected Cross-Site Scripting in Yellow Yard Searchbar WordPress Plugin Unauthenticated Remote Access Vulnerability in Cisco Firepower Threat Defense (FTD) Software Unauthenticated Remote Access Vulnerability in Cisco Firepower Management Center Software Unauthorized Access Vulnerability in Cisco Email and Web Security Appliances Vulnerabilities in SMB2 Processor of Snort Detection Engine on Cisco Products Vulnerability: Unsigned Code Execution at System Boot Time in Cisco Catalyst 9200 Series Switches Denial of Service Vulnerability in Cisco Catalyst 9100 Series Access Points Cisco Firepower Threat Defense (FTD) Software GRE Tunnel Decapsulation DoS Vulnerability Cisco ASA and FTD Software Denial of Service Vulnerability in Dynamic Access Policies (DAP) Functionality Cisco Firepower Threat Defense (FTD) Software Management Web Server Remote Configuration Execution Vulnerability Improper Access Control Check in GitLab CE/EE Allows Unauthorized Viewing of Deploy Key Information SIP-Snort 3 Interaction Vulnerability in Cisco Firepower Threat Defense Software Server-Side Request Forgery (SSRF) Vulnerability in Cisco BroadWorks CommPilot Application Bypass of Configured Rule in Cisco Secure Web Appliance Scanning Engines Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Cisco Identity Services Engine (ISE) Web-Based Management Interface Authorization Bypass Vulnerability Cisco BroadWorks CommPilot Application: Server-Side Request Forgery (SSRF) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Software Denial of Service Vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance Cisco Identity Services Engine (ISE) Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability Cisco Identity Services Engine (ISE) Localdisk Management Feature Allows Unauthorized File System Changes Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Arbitrary Command Injection Vulnerability in Cisco Identity Services Engine Privilege Escalation in Cisco Identity Services Engine Web Management Interface Cisco Identity Services Engine Cross-Site Scripting Vulnerability Cisco Identity Services Engine Cross-Site Scripting Vulnerability Stack Overflow Vulnerability in Cisco IP Phone 7800 and 8800 Series Firmware Cross-Site Scripting (XSS) Vulnerability in Cisco Umbrella Management Dashboard Vulnerability: Incomplete Encryption in AES OCB Mode on 32-bit x86 Platforms Insecure Password Policy in GitHub Repository kromitgmbh/titra prior to 0.78.1 Stored HTML Injection in WooCommerce Payment Gateway Titles Cross-Site Scripting (XSS) Vulnerability in Page Generator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Download Manager Plugin for WordPress Arbitrary File Upload Vulnerability FTP Port Vulnerability: Unauthorized Access and File Manipulation Apache Web Server Account Vulnerability: Unrestricted Sudo Access to Critical Commands Bypassing Client-side JavaScript Controls to Gain Unauthorized Access and Modify User Credentials and Permissions Path Traversal Vulnerability in Elcomplus SmartICS v2.3.4.0 Hard-coded Master Password Vulnerability in MiCODUS MV720 GPS Tracker API Server Vulnerability: Unauthorized Modification of Reviews and Settings in Wbcom Designs – BuddyPress Group Reviews Plugin Unrestricted File Upload Vulnerability in inventree/inventree prior to 0.7.2 CSV Formula Injection Vulnerability in inventree/inventree prior to 0.7.2 Arbitrary Code Execution Vulnerability in metacalc Package Intel(R) Processors Incomplete Cleanup Vulnerability: Local Access Information Disclosure CX-Programmer v9.76.1 Out-of-Bounds Write Vulnerability Intel(R) Processors: Incomplete Cleanup of Microarchitectural Fill Buffers Vulnerability Insecure Temporary Directory Creation in com.github.samtools:htsjdk Intel Processor Vulnerability: Incomplete Cleanup in Special Register Read Operations Privilege Escalation Vulnerability in Intel(R) Advisor Software Command Injection Vulnerability in nemo-appium before 0.0.9 Stored Cross-site Scripting (XSS) vulnerability in inventree/inventree prior to 0.7.2 Intel Xeon Processors: Local Access Information Disclosure Vulnerability Directory Traversal Vulnerability in pfSense-pkg-WireGuard Denial of Service Vulnerability in Intel(R) Trace Analyzer and Collector (before version 2021.5) Firmware Update Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Intel Xeon Processors Stack-Based Buffer Overflow in Omron CX-One Versions 4.60 and Prior Weak Encryption Strength in Intel(R) PROSet/Wireless WiFi Products: Potential Privilege Escalation via Adjacent Access Stored Cross-Site Scripting Vulnerability in Data Tables Generator by Supsystic WordPress Plugin Local Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Multiple API Functions Vulnerability Authentication Bypass Vulnerability in a-blog cms Versions Prior to 2.11.41 Arbitrary Command Injection Vulnerability in MMP, PTP C-series, and PTMP C-series and A5x Devices Vulnerability: V8 Crash in libxmljs.parseXml with Non-Buffer Argument Stored Cross-Site Scripting Vulnerability in Lansweeper 9.1.20.2 WebUserActions.aspx Persistent Cross-Site Scripting Vulnerability in ipDIO Web Interface Out of Bounds Read Vulnerability in ESTsoft Alyac 2.5.7.7 Malware Scan Functionality Privilege Escalation Vulnerability in Intel(R) Edge Insights for Industrial Software Cross-site Scripting (XSS) Vulnerability in s-cart/s-cart and s-cart/core Packages (Versions before 6.9) Reflected Cross-Site Scripting in Popup Anything WordPress Plugin Intel Processor Optimization Vulnerability: Local Access Information Disclosure Improper Access Control in Intel(R) Edge Insights for Industrial Software: Local Information Disclosure Vulnerability Improper Access Control in Intel(R) Capital Global Summit Android App: Potential Information Disclosure via Local Access Integer Overflow and Buffer Overflow Vulnerability in Leadtools 22's fltSaveCMP Functionality Fernhill SCADA Server Version 3.77 and Earlier Exception Vulnerability Uninitialized Pointer Access Vulnerability in Intel(R) Trace Analyzer and Collector Improper Access Control in Intel(R) Smart Campus Android App: Potential Information Disclosure via Local Access Stored Cross-Site Scripting Vulnerability in marktext v0.17.0 and Earlier Denial of Service Vulnerability in libiec61850 1.5.0's parseNormalModeParameters Functionality Reflected Cross-Site Scripting in Contact Form DB WordPress Plugin Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products Uncontrolled Search Path Vulnerability in Intel(R) HDMI Firmware Update Tool for NUC Improper Access Control in Intel(R) SGX Crypto API Toolkit: Potential Privilege Escalation via Local Access Denial of Service (DoS) Vulnerability in node-lmdb Package Before 0.9.7 Arbitrary Command Injection Vulnerability in font-converter Package Incomplete Cleanup in Special Register Write Operations on Intel Processors: Potential Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in masuit.tools.core's SocketClient.cs Component Invalid Pointer Initialization Vulnerability: Risk of Information Disclosure Prototype Pollution in express-xss-sanitizer before 1.1.3 via allowedTags attribute allows XSS bypass Sensitive Information Disclosure in GiveWP WordPress Plugin Certificate Revocation Check Bypass Vulnerability in i-FILTER and D-SPA Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi Products Hidden functionality vulnerability in ELECOM LAN routers: Remote OS command execution Privilege Escalation Vulnerability in Intel Quartus Prime Pro Edition SQL Injection Vulnerability in MMP, PTP C-series, and PTMP C-series and A5x Devices Path Traversal Vulnerability in Yokogawa Electric CAMS for HIS Log Server OS Command Injection Vulnerability in TCL LinkHub Mesh Wifi MS1G_00_01.00_14 CSRF Vulnerability in EC-CUBE Mail Magazine Management Plugin Cross-Site Scripting (XSS) Vulnerability in 404s WordPress Plugin before 3.5.1 Intel(R) Processors: Local Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Privilege Escalation Vulnerability in InHand Networks InRouter302 V3.5.4 Router Configuration Import Functionality Information Disclosure Vulnerability in Bachmann Visutec GmbH Atvise 3.5.4, 3.6, and 3.7: Login Credentials Disclosure via Plaintext HTTP Request Arbitrary Command Injection Vulnerability in @acrontum/filesystem-template (before 0.0.2) Command Injection Vulnerability in libvcs before 0.11.1 via Argument Injection Prototype Pollution in Dexie.setByKeyPath(obj, keyPath, value) Function Path Traversal Vulnerability in OFFIS DCMTK's Service Class Provider (SCP) Allows Remote Code Execution Bypass of Path Check in convict Package (CVE-2022-22143) Command Injection in global-modules-path getPath function Directory Traversal Vulnerability in serve-lite Package Arbitrary File Retrieval Vulnerability in TransmitMail 2.5.0 to 2.6.1 Unchanged Default Password Vulnerability in Yokogawa Electric Products ReDoS Vulnerability in url-regex Package: CPU Crash Risk API Authorization and Authentication Bypass Vulnerability Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products BIOS Firmware Time-of-Check Time-of-Use Race Condition Vulnerability Hardcoded TLS Key Information Disclosure Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Relative Path Traversal Vulnerability in OFFIS DCMTK SCU: Remote Code Execution Stack-based Buffer Overflow in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Out-of-Bounds Read Vulnerability Exposes Sensitive Information Privilege Escalation Vulnerability in SafeNet Sentinel Driver for Intel(R) Quartus(R) Prime Standard Edition Privilege Escalation Vulnerability in Intel(R) Quartus(R) Prime Pro Edition (Before Version 21.3) XML External Entity (XXE) Vulnerability in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition Unlimited Chunk Denial of Service (DoS) Vulnerability in node-opcua Arbitrary Code Execution via Out-of-Bounds Read in Project File Processing NULL Pointer Dereference Vulnerability in OFFIS DCMTK (All versions prior to 3.6.7) SQL Injection Vulnerability in Lansweeper 9.1.20.2: AssetActions.aspx Functionality Vulnerability: Crash and Type-check Failure in Package Posix's toString Method Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products Unvalidated Recursive Object Access Vulnerability in mout Package Heap-Based Buffer Overflow Vulnerability in Affected Product Server-side Request Forgery (SSRF) Vulnerability in Mimosa MMP Server and PTP/PTMP C-series Devices Insufficient Granularity of Access Control in Out-of-Band Management: Potential Privilege Escalation Vulnerability in Intel Processors Out-of-Bounds Write Vulnerability in reolink RLC-410W v3.0.0.136_20121102 TestEmail Functionality Information Disclosure Vulnerability in Intel(R) Trace Analyzer and Collector CX-Programmer v9.76.1 Out-of-Bounds Read Vulnerability Potential Heap Overwrite Vulnerability in qtdemux using zlib Decompression XML External Entity (XXE) Vulnerability in Intel(R) Quartus(R) Prime Pro Edition Directory Traversal Vulnerability in fasthttp ServeFile Function (Windows Only) Regular Expression Denial of Service (ReDoS) in css-what before 2.1.3 via insecure regular expression in re_attr variable of index.js Command Injection Vulnerability in cocoapods-downloader before 1.6.2 via hg Argument Injection Privilege Escalation Vulnerability in Intel(R) Data Center Manager Software Intel(R) Trace Analyzer and Collector: Local Information Disclosure Vulnerability Vulnerability: Denial of Service (DoS) in sqlite3 Package Stack-Based Buffer Overflow Vulnerability in [Product Name]: Arbitrary Code Execution Risk Buffer Overflow Vulnerability in Intel(R) NUC 9 Extreme Laptop Kit Drivers CSRF Vulnerability in WP Opt-in WordPress Plugin Allows Unauthorized Settings Changes and Spam Email Sending Insecure File Permissions in org.nanohttpd:nanohttpd Prototype Pollution in deep-get-set's 'deep' function Intel(R) Processors Vulnerability: Improper Isolation of Shared Resources Enables Local Information Disclosure SQL Injection Vulnerability in Lansweeper 9.1.20.2's EchoAssets.aspx Functionality Command Injection Vulnerability in github.com/masterminds/vcs Package (Versions before 1.13.3) Reolink RLC-410W v3.0.0.136_20121102 Web Server Misconfiguration Information Disclosure Vulnerability Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows for Local Privilege Escalation Cross-Site Scripting (XSS) Vulnerability in InHand Networks InRouter302 V3.5.4 info.jsp Functionality Out-of-bounds Read Vulnerability in Intel QAT Driver for Windows Buffer Over-read Vulnerability in GitHub Repository vim/vim prior to 8.2 Intel(R) PROSet/Wireless WiFi Products: Local Privileged User Information Disclosure Vulnerability CSV+ Prior to 0.8.1 Cross-Site Scripting Vulnerability Vulnerability in Primavera Portfolio Management Web Access Vulnerability in Primavera Portfolio Management: Unauthorized Partial Denial of Service Unauthenticated Remote Code Execution Vulnerability in Primavera Portfolio Management Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Oracle Database Server Core RDBMS Unauthorized Read Access Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Serialization Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service (DOS) via Multiple Protocols Heap-based Buffer Overflow in Vim prior to version 8.2 Oracle Trade Management Product Vulnerability: Unauthorized Data Access and Modification Oracle Installed Base Denial of Service Vulnerability Oracle WebLogic Server Samples Unauthenticated Access Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Server Hang or Crash Oracle Configurator UI Servlet Vulnerability Vulnerability in Oracle MySQL Server: Group Replication Plugin allows for Denial of Service (DoS) Attacks Vulnerability in Oracle WebLogic Server Samples Component: Unauthorized Data Access and Manipulation Vulnerability in Oracle WebLogic Server Samples Component (CVE-2021-2109) Oracle WebLogic Server Samples Component Vulnerability Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim (prior to 8.2) Vulnerability in Oracle WebLogic Server Samples Component: Unauthorized Data Access and Manipulation Oracle WebLogic Server Samples Component Vulnerability Oracle WebLogic Server Samples Component Vulnerability Oracle Solaris Fault Management Architecture Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation and Partial Denial of Service Oracle Communications Billing and Revenue Management Unauthenticated Remote Access Vulnerability Oracle Communications Billing and Revenue Management Unauthorized Data Access Vulnerability Oracle Communications Billing and Revenue Management Unauthorized Data Access Vulnerability Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Samba Winbind NTLM Authentication Out-of-Bounds Read Vulnerability MySQL Server Federated Component Denial of Service Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in Oracle Project Costing: Unauthorized Data Access and Modification Oracle Sourcing Product Vulnerability: Unauthorized Access and Data Manipulation Critical Vulnerability in Oracle Communications Billing and Revenue Management: Unauthorized Takeover Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition ImageIO Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service MySQL Cluster Takeover Vulnerability Unrestricted File Upload Vulnerability in GitHub Repository polonel/trudesk prior to 1.2.4 MySQL Cluster Takeover Vulnerability Vulnerability in Primavera Portfolio Management Web Access Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-10092) Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2 MySQL Cluster Takeover Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Data Access via Multiple Protocols Oracle WebLogic Server Samples Unauthenticated Remote Code Execution Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service Vulnerability in Oracle VM VirtualBox Prior to 6.1.32: Unauthorized Data Access Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-10092) MySQL Server Denial of Service Vulnerability Oracle Solaris Install Component Vulnerability Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-10092) Reflected Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.2.17 Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise CS SA Integration Pack Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation and Denial of Service Vulnerability in Oracle MySQL Server: Unauthorized Denial of Service (DoS) MySQL Server Stored Procedure Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Data Access via Multiple Protocols Critical Vulnerability in Oracle WebLogic Server: Unauthenticated Takeover via T3 MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability XML External Entity (XXE) Injection Vulnerability in OpenKM Community Edition 6.3.10 and Earlier MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Takeover of Infrastructure MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service DPDK Vulnerability: Denial of Service via Crafted Vhost Header MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability Vulnerability in Oracle MySQL Cluster: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability Unvalidated OAuth Access Token Requests in WordPress OAuth Single Sign On Plugin MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability Vulnerability in Oracle Communications Convergence 3.0.2.2.0: Unauthorized Data Access and Manipulation MySQL Server Vulnerability: Unauthorized Hang and Crash Unrestricted Resource Allocation in GitHub Repository inventree/inventree prior to 0.8.0 Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service Oracle Java SE and Oracle GraalVM Enterprise Edition Serialization Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Critical Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Access to Critical Data Oracle BI Publisher Unauthenticated Access Vulnerability Oracle WebLogic Server T3 Unauthenticated Remote Code Execution Vulnerability Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Oracle Java SE and Oracle GraalVM Enterprise Edition 2D Component Denial of Service Vulnerability Multiple SQL Injection Vulnerabilities in Affected Product: Risk of Unauthorized Information Disclosure Oracle WebLogic Server T3 Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Oracle WebLogic Server T3 Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle iStore User Interface: Unauthorized Data Access and Manipulation MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-2021-2345) Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Low-Privilege SQL Injection Vulnerability Exposes Sensitive Information Oracle Java SE and Oracle GraalVM Enterprise Edition ImageIO Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability MySQL Server Information Schema Denial of Service Vulnerability MySQL Connectors Product Takeover Vulnerability Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Oracle Java SE and Oracle GraalVM Enterprise Edition ImageIO Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition ImageIO Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle MySQL Server: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation High-Privilege SQL Injection Vulnerability Exposes Sensitive Information MySQL Server Denial of Service Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service (DOS) via Encryption Component Vulnerability in Oracle Partner Management of Oracle E-Business Suite: Unauthorized Data Access and Manipulation MySQL Server Information Schema Denial of Service Vulnerability Oracle Solaris Kernel Denial of Service Vulnerability Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Vulnerability in Primavera Portfolio Management Web API: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle MySQL Server: Group Replication Plugin allows for Denial of Service (DoS) Attacks Missing Authentication Vulnerability: Potential Data Breach and Code Execution MySQL Cluster Takeover Vulnerability Vulnerability in Oracle Enterprise Session Border Controller WebUI (CVE-2021-2345) Vulnerability in Oracle Enterprise Session Border Controller WebUI (CVE-2021-12345) Oracle Enterprise Session Border Controller Log Vulnerability Oracle Linux Kernel Vulnerability: Local Users Can Crash Machine via net_rds_alloc_sgs() Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle Commerce Platform Unauthenticated Read Access Vulnerability Oracle Communications Pricing Design Center: Unauthorized Data Access Vulnerability Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Directory Traversal Vulnerability: Unauthorized File Access and Code Execution Critical Vulnerability in Oracle Communications Billing and Revenue Management: Remote Takeover via Webservices Manager Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Oracle Database Server Java VM Component Denial of Service Vulnerability Vulnerability in Oracle VM VirtualBox Prior to 6.1.32: Unauthorized Access to Critical Data Oracle Communications Operations Monitor Mediation Engine Remote Code Execution Vulnerability Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Access and Partial Denial of Service Arbitrary Code Injection Vulnerability in Elcomplus SmartICS v2.3.4.0 Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Access and Partial Denial of Service Helidon Reactive WebServer Vulnerability: Unauthenticated Takeover Critical Vulnerability in Oracle Support Tools: Unauthorized Access to Critical Data Vulnerability in Oracle JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Unauthenticated SMS-based GPS Command Execution Vulnerability in MiCODUS MV720 GPS Tracker Oracle Database - Enterprise Edition Sharding Component Privilege Escalation Vulnerability Vulnerability in Oracle Database Server RDBMS Gateway / Generic ODBC Connectivity Component MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Replication Vulnerability Oracle Solaris Utility Vulnerability Allows Unauthorized Data Access MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Highly Complex SQL Injection Vulnerability Exposes Sensitive Information Oracle Coherence Remote Code Execution Vulnerability Oracle Business Intelligence Enterprise Edition Unauthenticated Access Vulnerability Vulnerability in Oracle Communications Billing and Revenue Management: Connection Manager Takeover MySQL Server InnoDB Component Vulnerability: Unauthorized Partial Denial of Service Vulnerability in Oracle Communications Billing and Revenue Management: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition MySQL Server Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Oracle Communications Billing and Revenue Management Takeover Vulnerability Critical Command Injection Vulnerability in Affected Product Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Oracle Database - Enterprise Edition RDBMS Security Partial Denial of Service Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Multiple Protocol Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Solaris Kernel Denial of Service Vulnerability CSRF Vulnerability in Jquery Validation For Contact Form 7 WordPress Plugin Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Oracle WebLogic Server Unauthenticated Remote Denial of Service Vulnerability Oracle GoldenGate Prior to 23.1 Vulnerability: Unauthorized Takeover Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthenticated Network Access Compromises Partial Denial of Service MySQL Server Denial of Service Vulnerability Oracle JDeveloper ADF Faces Unauthenticated Remote Code Execution Vulnerability Oracle Solaris Utility Vulnerability: Unauthorized Access and Data Manipulation Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement (9.2) Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Data Access and Modification Privilege Escalation and File Overwrite Vulnerability in Cloudflare WARP Client for Windows Vulnerability in Oracle PeopleSoft Enterprise PRTL Interaction Hub (9.1) Allows Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle WebLogic Server Console Unauthenticated Remote Code Execution Vulnerability MySQL Server Group Replication Plugin Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle MySQL Server Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Reflected Cross-Site Scripting in Import CSV Files WordPress Plugin MySQL Server Logging Vulnerability Oracle Solaris Kernel Vulnerability: Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability Oracle Solaris Kernel Denial of Service Vulnerability JD Edwards EnterpriseOne Tools Prior to 9.2.6.3: Unauthorized Access and Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.34 Vulnerability: Unauthorized Access and Denial of Service Oracle Commerce Guided Search Unauthenticated Remote Access Vulnerability Oracle Agile PLM Attachment Vulnerability Vulnerability in Oracle Applications Framework: Unauthorized Data Access and Manipulation Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Data Manipulation Unquoted Service Path Vulnerability in Cloudflare Warp for Windows Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Oracle VM VirtualBox Prior to 6.1.34 Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Treasury Management: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Payments: Unauthorized Data Access and Partial Denial of Service Oracle Java SE and Oracle GraalVM Enterprise Edition Multiple Protocol Vulnerability Vulnerability in Oracle Applications Framework: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Cross-Site Scripting (XSS) Vulnerability in LinkedIn Company Updates WordPress Plugin Oracle Transportation Management User Interface Vulnerability Vulnerability in Oracle PeopleSoft Enterprise FIN Cash Management: Unauthorized Data Access and Manipulation MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle VM VirtualBox Prior to 6.1.34 Allows Unauthorized Data Access Vulnerability in Oracle VM VirtualBox Prior to 6.1.34: Unauthorized Data Manipulation MySQL Cluster Takeover Vulnerability Cross-Site Scripting (XSS) Vulnerability in Very Simple Breadcrumb WordPress Plugin MySQL Cluster Takeover Vulnerability Oracle VM VirtualBox Prior to 6.1.34 Windows Vulnerability: Unauthorized Takeover Vulnerability in Oracle Business Intelligence Enterprise Edition 5.9.0.0.0: Unauthorized Data Access and Manipulation Oracle Solaris Kernel Vulnerability: Unauthorized Hang and Crash Attacks Oracle Solaris Kernel Vulnerability: Unauthorized Hang and Crash Attacks Vulnerability in Oracle Java SE and Oracle GraalVM: Unauthorized Data Manipulation Vulnerability in Oracle Web Services Manager Allows Unauthorized Access and Data Manipulation Critical Vulnerability in Java VM Component of Oracle Database Server (Versions 12.1.0.2, 19c, and 21c) Kernel Debugger (KGDB and KDB) Allows Unauthorized Access to Kernel Memory Vulnerability in Oracle E-Business Suite: Unauthorized Access to Critical Data Oracle Cloud Infrastructure Vulnerability: Unauthorized Access to Data (CVE-2022-21503) Kernel Vulnerability: Local Denial of Service via Improper File Descriptor Handling Oracle Essbase Security and Provisioning Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Cross-Site Scripting Vulnerability in Best Contact Management Software WordPress Plugin Vulnerability in Oracle Database - Enterprise Edition Sharding Component Vulnerability in Oracle Database - Enterprise Edition Recovery Component Vulnerability in Oracle PeopleSoft Integration Broker: Unauthorized Access to Critical Data Oracle ZFS Storage Appliance Kit 8.8 Vulnerability: High Privileged Takeover Oracle Solaris Remote Administration Daemon Vulnerability: Unauthorized Hang and Crash Exploitation MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Partial Denial of Service MySQL Server InnoDB Component Denial of Service Vulnerability Oracle Health Sciences Data Management Workbench User Interface Vulnerability MySQL Cluster Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Duplicate Page and Post WordPress Plugin Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation XML Publisher Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Stored Procedure Denial of Service Vulnerability Oracle BI Publisher Unauthorized Read Access Vulnerability Oracle Solaris Filesystem Vulnerability: Unauthorized Access and Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash MySQL Server Denial of Service Vulnerability Vulnerability: Denial of Service in Linux Kernel's KVM due to SynIC IRQ Handling Flaw MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthorized Read Access Vulnerability in JD Edwards EnterpriseOne Orchestrator Oracle Solaris SMB Server Denial of Service Vulnerability MySQL Server Stored Procedure Denial of Service Vulnerability MySQL Shell Unauthenticated Remote Code Execution Vulnerability Critical Vulnerability in Oracle Enterprise Manager Base Platform: Policy Framework Compromise MySQL Server InnoDB Component Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Partial Denial of Service Vulnerability in Oracle MySQL Server (InnoDB Component) Allows Unauthorized Data Access and Partial Denial of Service Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Read Access Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Access and Data Manipulation Title: Critical Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Takeover Oracle iRecruitment Product Vulnerability: Unauthorized Data Access MySQL Server Federated Component Denial of Service Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability in Lumada APM's User Asset Group Feature Allows Unauthorized Access to Power BI Reports MySQL Cluster Takeover Vulnerability Oracle GoldenGate Remote Code Execution Vulnerability Oracle WebCenter Content Search Vulnerability MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.36 Denial of Service Vulnerability Vulnerability in MySQL Shell for VS Code: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle WebLogic Server: Unauthorized Access and Data Manipulation Vulnerability in Oracle Crystal Ball Installation Allows Takeover Oracle Commerce Platform: Unauthorized Access Vulnerability Use After Free Vulnerability in Google Chrome Allows Remote Code Execution Oracle WebLogic Server Vulnerability: Unauthorized Partial Denial of Service via T3 and IIOP Vulnerability in JD Edwards EnterpriseOne Tools Allows Unauthorized Access to Critical Data Oracle SOA Suite Fabric Layer Unauthenticated Access Vulnerability Oracle ZFS Storage Appliance Kit 8.8 Vulnerability: Unauthorized Data Manipulation and Partial Denial of Service Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Critical Vulnerability in Java VM Component of Oracle Database Server (Versions 12.1.0.2, 19c, and 21c) Oracle Applications Framework Unauthenticated Remote Code Execution Vulnerability Oracle Workflow Product Vulnerability: Unauthorized Access to Critical Data Oracle iReceivables Access Request Vulnerability MySQL Server Denial of Service Vulnerability Use After Free Vulnerability in Google Chrome's Interest Groups Oracle Coherence Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.36 Vulnerability: High Privileged Takeover Vulnerability in Oracle Communications Billing and Revenue Management Allows Unauthorized Data Access and Manipulation Oracle Communications Billing and Revenue Management Denial of Service Vulnerability Oracle Communications Billing and Revenue Management Partial Denial of Service Vulnerability Vulnerability in Oracle WebCenter Sites Support Tools: Unauthorized Access and Data Compromise Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Access and Data Compromise Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Modification Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Modification Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome Vulnerability in Oracle Financial Services Revenue Management and Billing: Unauthorized Access and Data Compromise Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Partial Denial of Service Oracle Banking Trade Finance Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle Banking Trade Finance Product of Oracle Financial Services Applications (Version 14.5): Unauthorized Data Access and Modification Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Partial Denial of Service Critical Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Modification Oracle Web Applications Desktop Integrator Upload Vulnerability Privilege Escalation Vulnerability in Oracle MySQL Server Oracle BI Publisher Core Formatting API Vulnerability Oracle Transportation Management UI Infrastructure Unauthorized Access and Partial Denial of Service Vulnerability MySQL Server Encryption Vulnerability Vulnerability in Oracle HTTP Server: Unauthorized Access and Data Compromise MySQL Server Vulnerability: Unauthorized Hang and Crash MySQL Server Denial of Service Vulnerability Oracle Database - Advanced Queuing Vulnerability: Unauthorized Takeover Unauthenticated Unauthorized Read Access Vulnerability in Oracle GraalVM Enterprise Edition Vulnerability in Oracle Siebel CRM: Unauthorized Data Manipulation in Siebel Core - DB Deployment and Configuration MySQL Server Stored Procedure Denial of Service Vulnerability DevTools Insufficient Policy Enforcement Vulnerability in Google Chrome MySQL Server Vulnerability: Remote Takeover via Optimizer Component Oracle Communications Billing and Revenue Management Unauthenticated Network Access Vulnerability Unauthenticated Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Oracle Database - Sharding Component Takeover Vulnerability MySQL Server InnoDB Component Denial of Service Vulnerability MySQL Server Data Dictionary Denial of Service Vulnerability Vulnerability in Oracle Services for Microsoft Transaction Server in Oracle Database Server 19c MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Critical Vulnerability in Oracle Business Intelligence Enterprise Edition (OBIEE) 5.9.0.0: Unauthorized Data Access Use After Free Vulnerability in Google Chrome WebApp Provider Oracle Solaris LDoms Vulnerability: Unauthorized Data Access and Partial Denial of Service Vulnerability in MySQL Server: Unauthorized Hang and Crash Oracle Enterprise Data Quality Dashboard Vulnerability Oracle Enterprise Data Quality Dashboard Vulnerability Oracle Enterprise Data Quality Dashboard Unauthenticated Access Vulnerability Vulnerability in Oracle Enterprise Data Quality Dashboard (CVE-2021-12345) Oracle WebLogic Server Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Java SE and Oracle GraalVM: Unauthorized Data Access via Kerberos Oracle Java SE and Oracle GraalVM Enterprise Edition Unauthenticated Network Access Vulnerability File System Access Bypass Vulnerability in Google Chrome on Windows Oracle VM VirtualBox Prior to 6.1.40 Vulnerability: High Privileged Takeover Oracle VM VirtualBox Prior to 6.1.40 Denial of Service Vulnerability Oracle SOA Suite Adapters Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Enterprise Manager Base Platform Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-0001) High-Privilege Network Access Vulnerability in Oracle MySQL Server (Versions 8.0.30 and Prior) Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Oracle VM VirtualBox Prior to 6.1.40 Denial of Service Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Lightweight HTTP Server Vulnerability Vulnerability in JD Edwards EnterpriseOne Tools Allows Unauthorized Data Access and Manipulation Use After Free Vulnerability in Cast UI and Toolbar in Google Chrome Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Vulnerability in JD Edwards EnterpriseOne Tools Allows Unauthorized Data Access and Manipulation MySQL Server Privilege Escalation Vulnerability MySQL Server Replication Vulnerability Oracle GraalVM Enterprise Edition: Multiple Protocol Denial of Service Vulnerability Vulnerability in Oracle MySQL Server (InnoDB Component) Allows Unauthorized Data Manipulation and Server Crash Oracle Applications Framework Session Management Vulnerability MySQL Server InnoDB Component Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Bypassing Discretionary Access Control via Insecure Extensions API Implementation in Google Chrome MySQL Server Vulnerability: Unauthorized Hang and Crash MySQL Server Denial of Service Vulnerability Whisper Participant Disclosure Vulnerability in Discourse SQL Injection Vulnerability in USOC CMS register.php SQL Injection Vulnerability in USOC CMS Usersearch.php Wildcard Ignored in Exclusion Vulnerability Deserialization of Untrusted Data in CodeIgniter4's `old()` Function: Remote Code Execution Vulnerability Sandbox Escape Vulnerability in Latte Template Engine Stored XSS Vulnerability in Convos Allows for Execution of Malicious Scripts Domain Spoofing Vulnerability in Google Chrome Stored XSS Vulnerability in Convos Allows Execution of Malicious Scripts Open Redirect Vulnerability in Shopware Router Session Invalidation Vulnerability in Shopware Vulnerability: Hash Collision Attack in Jawn JSON Parser Vulnerability: Re-use of TLS Cert Validation Settings in Envoy Denial of Service Vulnerability in Envoy Common Router Type Confusion Vulnerability in Envoy's Default Certificate Validation Vulnerability: Envoy Accepts Improper TLS Certificates Race condition vulnerability in Rust's `std::fs::remove_dir_all` function enables symlink following (CWE-363) User Enumeration Vulnerability in Flask-AppBuilder Excessive Authentication Attempts Vulnerability in GitHub Repository Mastodon/Mastodon (prior to 4.0.0) Privilege Escalation in Gin-vue-admin SQL Injection Vulnerability in WP_Query Stored XSS Vulnerability in WordPress Core WordPress Multisite Super Admin Object Injection Vulnerability Unintended SQL Query Execution Vulnerability in WordPress SQL Injection Vulnerability in USOC CMS Usersearch.php Unauthenticated POST Request Crash Vulnerability in Soketi WebSockets Server Arbitrary Remote Code Execution in pipenv via Requirements File Parsing Exposure of Bot Token in PuddingBot v0.0.6-b933652 and Prior Versions Reflected Cross-Site Scripting in Newspaper WordPress Theme Markdown-it Prior to Version 1.3.2 Denial of Service Vulnerability Exposure of Sensitive Information in @replit/crosis Library (CVE-2021-12345) Vulnerability: Misinterpretation of Mozilla certdata.txt in make-ca OAuth Identity Leakage in Grafana Arbitrary File Write via Archive Extraction (Zip Slip) Vulnerability in Bytecode Viewer (BCV) Engine.IO Server Denial of Service Vulnerability Discourse Group Visibility and Members Visibility Disclosure Vulnerability User Bios Exposed in Meta Tags on Private Profiles in Discourse Authorization Bypass Vulnerability in Istio 1.12.0/1.12.1 Reflected Cross-Site Scripting in Download Manager WordPress Plugin Regular Expression Denial of Service (ReDoS) in Marked Markdown Parser (prior to version 4.0.10) Catastrophic Backtracking Vulnerability in Marked Markdown Parser (CVE-2021-12345) Path Traversal Vulnerability in Flatpak Builder Allows for Potential Code Execution Improper Notification Filtering in Wagtail Comment Threads User Bypasses Approval Process and Gains Unauthorized Access in Discourse Integer Underflow Vulnerability in Frontier's MODEXP Precompile Implementation Twig Code Injection Vulnerability in PrestaShop 1.7.0.0 - 1.7.8.3 Arbitrary File Read Vulnerability in gh-ost (Versions prior to 1.1.3) OnionShare Desktop Application Denial of Service Vulnerability OnionShare Vulnerability: Denial of Service Attack on File Uploads Cross-Site Scripting (XSS) Vulnerability in Loading Page with Loading Screen WordPress Plugin HTML Injection Vulnerability in OnionShare OnionShare Vulnerability: Chatroom Spoofing in Affected Versions OnionShare Chat Vulnerability: Impersonation Exploit Vulnerability: Unauthorized Access to Sensitive Files in OnionShare Limited Security Enhancement for Websites Using JavaScript or External Resources OnionShare 2.5 Vulnerability: Unlisted Chat Participants Username Impersonation Vulnerability in OnionShare Jupyter Server Proxy 3.2.1 - Server-Side Request Forgery (SSRF) Vulnerability Denial of Service Vulnerability in client_golang's promhttp Package Arbitrary Code Execution Vulnerability in IPython Cross-Site Scripting (XSS) Vulnerability in Microsoft Advertising Universal Event Tracking (UET) WordPress Plugin Memory Leak in DefaultArgumentConversionContext due to Invalid Content Type Header in Micronaut Privilege Escalation Vulnerability in Istio Gateway API Cross-site Scripting (XSS) Vulnerability in Grafana Datasource and Plugin Proxy Cross-Site Request Forgery Vulnerability in Grafana Allows Privilege Escalation World-readable log files in log4js-node Arbitrary Code Execution via Unsafe Input Sanitization in OctoberCMS Insufficient Access Control with Multi-Use Invitations in Zulip Server Unverified Capability Authorization in wasmCloud Host Runtime GraphQL-Go Prior to 1.3.0: Denial of Service (DoS) Vulnerability CSRF and Stored XSS Vulnerabilities in Progressive License WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in ShortDescription Extension for MediaWiki Out-of-Bounds Read Vulnerability in elfspirit Prior to Version 1.1 Exposure of Cookies and Authorization Headers in Twisted Cross-Origin Redirects Unauthenticated Data Exposure in Grafana API Endpoints Cross-Site Scripting (XSS) Vulnerability in CodeIgniter4's API\ResponseTrait Twisted SSH Version Identifier Buffer Overflow Vulnerability Unauthenticated Access to Bluetooth Devices in Electron Framework Reflected Cross-Site Scripting Vulnerability in GLPI Versions Prior to 9.5.7 CSRF Vulnerability in LinkWorth WordPress Plugin SQL Injection Vulnerability in GLPI Prior to Version 9.5.7 Denial of Service Vulnerability in Next.js i18n Functionality Out-of-Bound Read Access Vulnerability in PJSIP 2.11.1 and Prior Out-of-Bound Read Access Vulnerability in PJSIP Multipart Parsing Vulnerability: Code Execution via Insecure Plugin Instantiation in pgjdbc Division by 0 vulnerability in TensorFlow convolution operations Heap OOB Access Vulnerability in TensorFlow's `Dequantize` Implementation Integer Overflow Vulnerability in TensorFlow's `Dequantize` Shape Inference Heap OOB Read Vulnerability in TensorFlow's `ReverseSequence` Shape Inference Implementation Integer Overflow Bug in `UnravelIndex` Function in TensorFlow Reflected Cross-Site Scripting in Advanced Database Cleaner WordPress Plugin Heap Overflow Vulnerability in TensorFlow's FractionalAvgPoolGrad Implementation Denial of Service Vulnerability in TensorFlow's `ConcatV2` Shape Inference Denial of Service Vulnerability in TensorFlow's `ThreadPoolHandle` Denial of Service Vulnerability in TensorFlow's StringNGrams Implementation Vulnerability in `MapStage` Implementation in TensorFlow Division by 0 vulnerability in FractionalMaxPool implementation in TensorFlow Null Pointer Dereference in SparseTensorSliceDataset Implementation Denial of Service Vulnerability in TensorFlow's *Bincount Operations Integer Overflow Vulnerability in TensorFlow's `SparseCountSparseOutput` Implementation Vulnerability: User-Controlled Inputs Trigger Null Pointer Reference in `QuantizedMaxPool` Implementation Reflected Cross-site Scripting (XSS) Vulnerability in microweber/microweber prior to 1.2.18 Heap Overflow Vulnerability in TensorFlow's `SparseCountSparseOutput` Implementation Division by Zero Vulnerability in TensorFlow's TFLite Model Implementation of Depthwise Convolutions Buffer Overflow Vulnerability in Realtek USB Driver Allows for Service Disruption Title: Ion Integer Overflow Use-After-Free Vulnerability Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Modem 2G RR Remote Privilege Escalation via Use After Free in WIFI Firmware Possible Out of Bounds Read Vulnerability in imgsensor Possible Out of Bounds Read Vulnerability in imgsensor Telephony Vulnerability: Local Information Disclosure via Missing Permission Check Telephony Vulnerability: Local Information Disclosure without User Interaction Buffer Over-read in Vim prior to version 8.2 Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Read Vulnerability in WLAN Driver Out of Bounds Read Vulnerability in WLAN Driver Remote Denial of Service Vulnerability in WIFI Firmware Double Free Vulnerability in CCU: Local Privilege Escalation without User Interaction Critical Vulnerability in Power Service Allows Local Privilege Escalation Integer Overflow Vulnerability in Apusys Driver: Local Denial of Service Exploit Integer Overflow Vulnerability in Apusys Driver: Local Denial of Service Exploit Integer Overflow Vulnerability in Apusys Driver: Local Denial of Service Exploit Telecom Service Vulnerability: Local Information Disclosure via Missing Permission Check Telecom Service Vulnerability: Local Information Disclosure without User Interaction Possible Out of Bounds Write Vulnerability in CCCI Possible Out of Bounds Write Vulnerability in CCCI Bluetooth Out of Bounds Write Vulnerability Bluetooth Out of Bounds Write Vulnerability Possible Out of Bounds Read Vulnerability in CCCI Unauthenticated SQL Injection Vulnerability in Kayrasoft Product (Before Version 2) Sound Driver Symlink Following Vulnerability Allows Local Information Disclosure Race condition vulnerability in GED driver allows for local privilege escalation Race condition vulnerability in TEEI driver allows for local privilege escalation Race condition vulnerability in TEEI driver allows for local privilege escalation Race condition vulnerability in TEEI driver allows for local privilege escalation Use-after-free vulnerability in sched driver allows for local privilege escalation Race condition vulnerability in MDP allows for local privilege escalation Autoboot Vulnerability: Local Privilege Escalation via Permission Bypass Possible Information Disclosure Vulnerability in VPU with Local Privilege Escalation Out of Bounds Write Vulnerability in WLAN Driver Cross-Site Scripting (XSS) Vulnerability in Starcities: before 1.1 Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Memory Corruption Vulnerability in Audio DSP with Local Privilege Escalation Audio DSP Out of Bounds Write Vulnerability Possible Local Privilege Escalation Vulnerability in SCP Race condition vulnerability in audio ipi allows for local privilege escalation Missing X-Frame-Options Header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and Prior: Clickjacking Vulnerability Camera ISP Out of Bounds Read Vulnerability Camera ISP Out of Bounds Read Vulnerability Out of Bounds Write Vulnerability in Camera ISP Denial of Service Vulnerability in Intel Ethernet Controller Drivers for VMWare Vulnerability: Privilege Escalation via Local Access in Intel NUC Boards and Kits Out-of-Bounds Write Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Arbitrary Code Execution Vulnerability in joblib's Parallel() Class CIMPLICITY Network Vulnerability: Cleartext Credential Transmission Allows Unauthorized System Access Cross-Site Scripting Vulnerability in ELECOM LAN Router WRC-300FEBK-R Firmware v1.13 and Earlier Arbitrary File Upload and Remote Code Execution (RCE) in GREYD.SUITE WordPress Theme Unsalted MD5 Password Hash Vulnerability Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Cross-site Scripting (XSS) vulnerability in grapesjs before 0.19.5 Prototype Pollution vulnerability in nconf before 0.11.4 allows modification of Object.prototype Escalation of Privilege Vulnerability in Intel QAT Driver for Windows Reflected Cross-Site Scripting Vulnerability in php_mailform Versions Prior to 1.40 Use-After-Free Vulnerability in Anker Eufy Homebase 2 2.1.8.5h Allows Remote Code Execution Uncontrolled Search Path Elements in Intel(R) VTune(TM) Profiler Software: Privilege Escalation Vulnerability Path Traversal Vulnerability in Yokogawa Electric CAMS for HIS Server Arbitrary File Upload Vulnerability in InHand Networks InRouter302 V3.5.4 Reflected Cross-Site Scripting in Advanced WordPress Reset WordPress Plugin Command Injection Vulnerability in smartctl Package via info Method Improper Access Control in Intel(R) HAXM Software: Potential Privilege Escalation via Local Access NVIDIA GPU Display Driver for Linux: Local User Write Access Vulnerability NVIDIA GPU Display Driver for Linux: Local User Write Access Vulnerability NVIDIA GPU Display Driver for Windows Kernel Mode NULL Pointer Dereference Vulnerability Denial of Service Vulnerability in NVIDIA vGPU Software NVIDIA Omniverse Launcher Cross-Origin Resource Sharing (CORS) Vulnerability NVIDIA License System Installation Script Vulnerability Vulnerability: Privilege Escalation and System Compromise via IOMMU Misconfiguration in NVIDIA Jetson Linux Heap-based Buffer Overflow in Vim prior to version 8.2 Vulnerability in NVIDIA DCGM's nvhostengine Allows for Code Execution and Privilege Escalation Integer Overflow Vulnerability in NVIDIA CUDA Toolkit SDK's cuobjdump NVIDIA FLARE Admin Interface Vulnerability: Resource Allocation Without Limits Insecure Storage of Sensitive Information Vulnerability in Ivanti Workspace Control <2021.2 (10.7.30.0) Prototype Pollution in console.table() Function in Node.js Local Privilege Escalation Vulnerability in Citrix Workspace App for Linux 2012 - 2111 with App Protection HTTP Request Smuggling Vulnerability in Pulse Secure Version 9.115 and Below Local Privilege Escalation Vulnerability in Citrix Gateway Plug-in for Windows Remote Code Execution Vulnerability in Incapptic Connect Web Console HTTP Zip File Code Execution Vulnerability in Concrete CMS Versions 9.0.0 - 9.0.2 and 8.5.7 and below Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 Blind Self XSS Vulnerability in RocketChat LiveChat <v1.9 Active Storage Code Injection Vulnerability via Image Processing Arguments Virtual Machine IDE Drive Privilege Escalation Vulnerability Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Secure Your System: Microsoft Cryptographic Services Elevation of Privilege Vulnerability Windows Certificate Forgery Vulnerability SharePoint Server Remote Code Execution Vulnerability Windows Cleanup Manager Privilege Escalation Vulnerability Windows Event Tracing Service Denial of Service Vulnerability Arbitrary Code Execution via Cross-Site Request Forgery in CAPTCHA 4WP WordPress Plugin Exploiting the Microsoft Office Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word IKE Protocol Extensions Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Kernel Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Hyper-V DoS Vulnerability: Disrupting Windows Virtualization IKE Extension Denial of Service Vulnerability IKE Protocol Extensions Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in GitLab: Unauthorized Project Import Exploit Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Windows DWM Core Library Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services Windows Bind Filter Driver Privilege Escalation Vulnerability Windows Account Control Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in Simple Post Notes WordPress Plugin Windows AppContracts API Server Elevation of Privilege Vulnerability Task Flow Data Engine Privilege Escalation Vulnerability Windows Application Model Core API Privilege Escalation Vulnerability Windows StateRepository API Server File Privilege Escalation Vulnerability Windows UI Immersive Server API Privilege Escalation Vulnerability Exploiting the Connected Devices Platform Service for Privilege Escalation Windows System Launcher Privilege Escalation Vulnerability Windows Push Notifications Apps Privilege Escalation Vulnerability Windows Devices Human Interface Elevation of Privilege Vulnerability: Exploiting User Interfaces for Unauthorized Access Clipboard User Service Privilege Escalation Vulnerability Reflected Cross-Site Scripting Vulnerability in Contact Form 7 Captcha WordPress Plugin Windows Tablet UI Application Core Privilege Escalation Vulnerability Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Privilege Escalation in Tile Data Repository Windows Security Center API Remote Code Execution Vulnerability: A Critical Threat to System Security Windows Storage Privilege Escalation Vulnerability Win32k Information Disclosure Vulnerability Exposes Sensitive Data Exposed Storage Spaces Controller Vulnerability GeoHack: Exploiting Windows Geolocation Service for Remote Code Execution Windows Kernel Privilege Escalation Vulnerability DXL Broker for Windows Prior to 6.0.0.280 Local Privilege Escalation Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Windows Kernel Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability IKE Extension Denial of Service Vulnerability Local Security Authority Subsystem Service Privilege Escalation Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Modern Execution Server RCE Vulnerability IKE Extension Denial of Service Vulnerability Reflected Cross-Site Scripting Vulnerability in WP Video Lightbox WordPress Plugin IKE Extension Denial of Service Vulnerability Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability: Impersonation Risk for Users ReFS Remote Code Execution Vulnerability in Windows Critical Remote Desktop Protocol Vulnerability Allows Remote Code Execution BootGuard Bypass Vulnerability Windows User Profile Service Privilege Escalation Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Exploiting the DirectX Graphics Kernel for Remote Code Execution Windows EFI Security Bypass Vulnerability Reflected Cross-Site Scripting Vulnerability in Gallery Plugin for WordPress Hyper-V Security Feature Bypass Vulnerability in Windows Hyper-V Privilege Escalation Vulnerability in Windows Windows DWM Core Library Privilege Escalation Vulnerability Windows GDI Privilege Escalation Vulnerability Windows GDI Information Leakage Vulnerability Hyper-V Security Feature Bypass Vulnerability in Windows Windows Defender Application Control Security Feature Bypass Vulnerability: A Critical Security Flaw in Windows Defender HTTP Protocol Stack RCE Vulnerability Windows Installer Privilege Escalation Vulnerability ByteBufferPool Leak in Eclipse Jetty SslConnection Critical Vulnerability: Microsoft Cluster Port Driver Elevation of Privilege .NET Framework Denial of Service Vulnerability: Exploiting System Resource Exhaustion Exploiting the DirectX Graphics Kernel for Remote Code Execution Domain Policy Remote Protocol Security Bypass Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Windows Common Log File System Driver Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions DirectX Graphics Kernel File Denial of Service Vulnerability: Exploiting System Crashes Windows User Profile Service Privilege Escalation Vulnerability Forced Browsing Vulnerability in HYPR Server: Privilege Escalation via Magic Link Path Tampering Kerberos Privilege Escalation Vulnerability in Windows Windows Defender Credential Guard Security Feature Bypass Vulnerability: A Critical Flaw in Credential Guard Protection RPC Runtime RCE Vulnerability Remote Protocol Security Feature Bypass Vulnerability in Workstation Service Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions ReFS Remote Code Execution Vulnerability in Windows Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1: Unauthorized Addition of FIDO2 Authenticator to Arbitrary Accounts Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Uncovering the Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 Customer Engagement Improper Input Validation Vulnerability in ASUS VivoMini/Mini PC Devices Account Takeover Vulnerability in Metasys ADS/ADX/OAS Server Versions Prior to 10.1.5 and 11.0.2 Unverified Password Change Vulnerability in Metasys ADS/ADX/OAS Unauthenticated Execution of Validated Actions in Metasys ADX Server 12.0 Code Injection Vulnerability in Metasys ADS/ADX/OAS Web Interface Code Injection Vulnerability in Metasys MUI Graphics Web Interface Cookie Vulnerability in Johnson Controls System Configuration Tool (SCT) Allows Unauthorized Access Cross-Site Scripting (XSS) Vulnerability in Accept Stripe Payments WordPress Plugin Insecure Cookie Handling in Johnson Controls System Configuration Tool (SCT) Versions 14 and 15 Command Injection Vulnerability in iSTAR Ultra Local Privilege Escalation Vulnerability in openSUSE Backports SLE-15-SP3 and Factory Watchman Insecure Temporary File Vulnerability in cscreen of openSUSE Factory Incorrect Permission Assignment in cscreen Allows Unauthorized Access and Manipulation of Running Sessions Rancher Desktop Vulnerability: Local Network Attackers Exploit Resource Exposure to Dashboard API Cross-Site Scripting (XSS) Vulnerability in openSUSE Paste Allows Remote Code Execution via SVG Files XML External Entity (XXE) Reference Vulnerability in SUSE Open Build Service Allows Remote Information Disclosure and Privilege Escalation Improper Access Control vulnerability in systemd service of canna in openSUSE Backports SLE-15-SP3 and SLE-15-SP4 Cleartext Transmission of Sensitive Information Vulnerability in SUSE Rancher Disk Exhaustion Denial of Service Vulnerability in SUSE Manager Server 4.1 and 4.2 Unauthorized Shell Pod Creation and Kubectl Access Vulnerability in SUSE Rancher Edge Chromium Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 On-Premises ReFS Remote Code Execution Vulnerability in Windows ReFS Remote Code Execution Vulnerability in Windows KVM nVMX Regression: Spectre v2 Attack on L1 via L2 ReFS Remote Code Execution Vulnerability in Windows ReFS Remote Code Execution Vulnerability in Windows ReFS Remote Code Execution Vulnerability in Windows ReFS Remote Code Execution Vulnerability in Windows Remote Desktop Licensing Diagnoser Information Disclosure Teams Service Disruption Vulnerability Xbox Live Auth Manager Windows Elevation of Privilege Vulnerability SharePoint Server Security Feature Bypass Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Authentication Bypass Vulnerability Edge Chromium Elevation of Privilege Vulnerability Windows Runtime Remote Code Execution Vulnerability: A Critical Security Flaw Pervasive Windows PPTP Remote Code Execution Vulnerability Windows Media Center Update DoS Vulnerability Roaming Security Rights Management Services RCE Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Exposed Secrets: Media Foundation Information Disclosure Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Exposed Secrets: Microsoft Exchange Server Information Disclosure Vulnerability Unauthenticated Access to Private Messages in WPQA Builder WordPress Plugin Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Windows Common Log File System Driver Privilege Escalation Vulnerability Stream Enumeration Remote Code Execution Vulnerability in Win32 Critical Remote Code Execution Vulnerability in Windows DNS Server Windows Remote Access Connection Manager Information Disclosure Vulnerability .NET Framework Denial of Service Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Windows Kernel Privilege Escalation Vulnerability Reflected Cross-Site Scripting Vulnerability in MiCODUS MV720 GPS Tracker Web Server Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Visual Studio Code Remote Development Extension RCE Vulnerability Windows Mobile Device Management RCE Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows Windows Kernel Win32k Elevation of Privilege Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Common Log File System Driver Information Leakage Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Prototype Pollution Vulnerability in Firefox and Thunderbird Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Profile Picture DoS Vulnerability in Windows User Accounts Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability ClickToRun Remote Code Execution Vulnerability in Microsoft Office SharePoint Server Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Hyper-V Remote Code Execution Vulnerability in Windows Hyper-V Remote Code Execution Vulnerability in Windows Exposed Secrets: Media Foundation Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Exposed Secrets: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows PlayToManager Privilege Escalation Vulnerability Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Critical Remote Code Execution Vulnerability in HEVC Video Extensions RPC Runtime RCE Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Print Spooler Privilege Escalation Vulnerability in Windows Windows Portable Device Enumerator Service Security Bypass Vulnerability Faxploit: Remote Code Execution Vulnerability in Windows Fax Service IIS Cachuri Module Denial of Service Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Faxploit: Remote Code Execution Vulnerability in Windows Fax Service Windows Network File System (NFS) Information Disclosure Vulnerability Windows Network File System RCE Vulnerability Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Pervasive PPTP Vulnerability: Remote Code Execution on Windows Windows Performance Counters Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability RPC Runtime RCE Vulnerability Windows Network File System RCE Vulnerability IIS Dynamic Compression Module Denial of Service Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Hyper-V Data Exposure Vulnerability Windows Fast FAT File System Driver Privilege Escalation Vulnerability Windows.Devices.Picker.dll Elevation of Privilege Vulnerability Windows CSRSS Elevation of Privilege Vulnerability BitLocker Security Feature Bypass: A Critical Vulnerability in Data Encryption Windows CSRSS Elevation of Privilege Vulnerability Windows Fax Service Privilege Escalation Vulnerability Path Traversal Vulnerability in ASUS RT-AX56U Router Allows Unauthorized Access and File Download SQL-Injection Vulnerability in Le-yan Dental Management System Hard-coded Credentials Vulnerability in Le-yan Dental Management System Race condition vulnerability in graphics fence leading to use after free in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Use-after-free vulnerability in Snapdragon Kernel: Memory Corruption Exploit Critical Memory Corruption Vulnerability in Snapdragon Platforms: Out-of-Bound Read during Video File Parsing Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 Improper Validation in Reconfiguration Message Processing Leads to Assertion Vulnerability Improper Length Check in Device ID Verification Leads to Out of Bounds Writing in Snapdragon Compute, Connectivity, and Mobile Improper Length Check Vulnerability in Snapdragon Platforms Boot Remapper Vulnerability: Memory Corruption in Core Configuration Buffer Over Read Vulnerability in Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms: Potential for Denial of Service (DoS) Improper Length Check Vulnerability in Snapdragon Platforms Critical Memory Leak Vulnerability in Snapdragon Modem Processing NSA RRC Reconfiguration Unintended Content Injection Vulnerability in Snapdragon Platforms Unencrypted Keybox Storage Vulnerability in Snapdragon Devices Heap-based Buffer Overflow in Vim prior to version 8.2 Invalid Routing Address Vulnerability in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Widespread Memory Corruption Vulnerability in Snapdragon Platforms during WMA File Playback GPU Context Switch Vulnerability: Exposing Sensitive Graphics Information Cryptographic Vulnerability in Core: RPMB Read Request Information Disclosure Exploiting Use-After-Free Vulnerability in Snapdragon Mobile Graphics Dispatcher Logic Leads to Memory Corruption Integer Overflow Vulnerability in Snapdragon Platforms: Denial of Service in BOOT Partition Size Calculation Fastboot Flash Command Buffer Over Read Vulnerability Critical NULL Pointer Dereference Vulnerability in vim/vim Backend ID Validation Vulnerability in Snapdragon Platforms Critical Vulnerability: Integer Overflow Leads to Memory Corruption in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in Snapdragon Platforms Critical Memory Corruption Vulnerability in Snapdragon Platforms: Exploiting QCP Audio File Extraction Buffer Overflow Vulnerability in Snapdragon Platforms: Corrupting Video Memory through DTS File Parsing Double Free Vulnerability in Snapdragon Platforms: Corrupted Video Memory Exploit Critical Memory Corruption Vulnerability in Snapdragon Platforms: Buffer Overflow Exploitation in Video Parsing Buffer Overflow Vulnerability in Bluetooth HOST Audio Memory Corruption Vulnerability in Snapdragon Connectivity, Snapdragon Mobile, and Snapdragon Wearables Audio Memory Corruption Vulnerability in Snapdragon Compute, Connectivity, and Mobile Replayed LTE Security Mode Command Vulnerability in Snapdragon Platforms Kernel Memory Corruption: Use After Free Vulnerability in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile Concurrent Hypervisor Operations Vulnerability in Snapdragon Platforms Race condition vulnerability leading to memory corruption in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile Kernels Use-after-free vulnerability in synx driver leads to memory corruption in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile platforms Stack-based buffer overflow vulnerability in Snapdragon Connectivity and Snapdragon Mobile allows for memory corruption in Bluetooth HOST Critical Memory Corruption Vulnerability in Snapdragon Consumer IOT Graphic Driver Critical Memory Corruption Vulnerability in Snapdragon Auto Multimedia Driver Critical Vulnerability: Memory Corruption in Snapdragon Auto's Multimedia Component Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2 Exploitable Memory Corruption Vulnerability in Snapdragon Auto's Multimedia Component Critical Vulnerability: Denial of Service Exploit in Snapdragon Auto's Multimedia Parsing of HAB Messages Critical Memory Corruption Vulnerability in Snapdragon Auto's Multimedia Component Double Free Vulnerability in Snapdragon Auto Multimedia Driver Critical Memory Corruption Vulnerability in Snapdragon Auto Multimedia Critical Vulnerability: Integer Overflow in Bluetooth HFP-UNIT Profile Processing Critical Memory Corruption Vulnerability in Snapdragon Auto's Multimedia Component Missing Authorization Vulnerability in Daybyday CRM Allows Unauthorized Access to User Appointments Missing Authorization Vulnerability in Daybyday CRM Versions 2.0.0 - 2.2.0: Unauthorized Access to User Absences Stored Cross-Site Scripting (XSS) Vulnerability in Daybyday CRM 2.2.0 Denial of Service Vulnerability in libguestfs get_keys() Function Weak Password Enforcement in Daybyday CRM User Update Functionality Missing Authorization Allows Unauthorized Password Changes in DayByDay CRM DayByDay CRM Application-Wide Client-Side Template Injection (CSTI) Vulnerability Insufficient Session Expiration in DayByDay CRM Versions 2.2.0 - 2.2.1 Reflected Cross-Site Scripting (XSS) Vulnerability in Teedy v1.5 - v1.9 Stored Cross-Site Scripting (XSS) Vulnerability in Teedy v1.5 - v1.9 Stored Cross-Site Scripting (XSS) Vulnerability via SVG File Upload in Directus Media Upload Functionality Unrestricted File Upload in Directus Media Upload Functionality Leads to Cross-Site Scripting Vulnerability Unrestricted Upload Vulnerability in SourceCodester Library Management System 1.0 Observable Discrepancy in Password-Reset Feature Allows Email Enumeration in NocoDB CSV Injection Vulnerability in NocoDB User Management Endpoint Halo v1.0.0 to v1.4.17 Vulnerability: Stored Cross-Site Scripting (XSS) in Article Titles Stored Cross-Site Scripting (XSS) Vulnerability in Halo Profile Image Upload Stored Cross-Site Scripting (XSS) Vulnerability in Halo v1.0.0 to v1.4.17 Stored XSS vulnerability in Openmct versions 1.3.0 to 1.7.7 via Web Page element URL field Tableau Server Broken Access Control Vulnerability Path Traversal Vulnerability in Tableau Server Administration Agent's File Transfer Service Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in SourceCodester Library Management System 1.0 Accusoft ImageGear 19.10 Memory Corruption Vulnerability Denial of Service (DoS) Vulnerability in fast-string-search Package Uncontrolled Search Path Vulnerability in Intel(R) XTU Software Critical SQL Injection Vulnerability in SourceCodester Library Management System 1.0 OS Command Injection Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Improper ACL Configuration in Yokogawa Electric Products' Long-term Data Archive Package Service Reflected Cross-Site Scripting Vulnerability in php_mailform Checkbox Prototype Pollution in convict Package (Versions before 6.2.2) via Missing ParentKey Validation Hard-coded Root Password Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Uncontrolled Resource Consumption Vulnerability in Yokogawa Electric CAMS for HIS Log Server Arbitrary Script Injection Vulnerability in TransmitMail 2.5.0 to 2.6.1 Improper ACL Configuration in Yokogawa Electric Products' Root Service SQL Injection Vulnerability in Lansweeper HelpdeskEmailActions.aspx Stored Cross-Site Scripting Vulnerability in GiveWP WordPress Plugin Memory Corruption Vulnerability in Foxit PDF Reader 11.1.0.52543 Log Output Neutralization Failure in Yokogawa Electric Products Confidential Information Leakage Vulnerability in Juniper Networks Contrail Service Orchestration REST API Insufficient Algorithmic Complexity and Resource Allocation Vulnerability in Juniper Networks Junos OS Junos Fusion External Control of Critical State Data Vulnerability Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS on ACX5448 Router Improper Certificate Validation in Juniper Networks Junos OS Allows Person-in-the-Middle Attacks Traffic Classification Bypass Vulnerability in Juniper Networks Junos OS on SRX Series Services Gateways Vulnerability in Juniper Networks Junos OS NETISR Network Queue Functionality SSRF Vulnerability in ionicabizau/parse-url prior to 7.0.0 Unauthenticated DoS Vulnerability in Juniper Networks Junos OS Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS Generation of Error Message Containing Sensitive Information Vulnerability in Juniper Networks Junos OS CLI Improper Input Validation in Juniper DHCP Daemon (jdhcpd) Allows DoS Improper Initialization Vulnerability in Juniper Networks Junos OS Evolved Allows Telnet Service to Remain Enabled Improper Validation of Specified Quantity in Input Vulnerability in Juniper Networks Junos OS Traffic Classification Bypass Vulnerability in Juniper Networks Junos OS on SRX Series Services Gateways Improper Validation of Specified Type of Input in Juniper Networks Junos OS Kernel Leading to Denial of Service (DoS) Improper Initialization Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Cross-site Scripting (XSS) Vulnerability in ionicabizau/parse-url prior to 7.0.0 Missing Release of Resource after Effective Lifetime vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Memory Leak Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Memory Consumption DoS Vulnerability in Juniper Networks Junos OS PKI Daemon (pkid) IPv6 Packet DMA Memory Leak Vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Switches Improper Locking Vulnerability in Juniper Networks Junos OS SIP ALG Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS DHCP Daemon Memory Vulnerability in Juniper Networks Junos OS and Junos OS Evolved SNMP Daemon Allows for Denial of Service Stack-based Buffer Overflow Vulnerability in Juniper Networks Junos OS Improper Validation of Specified Index in Juniper Networks Junos OS DHCP Daemon (jdhcpd) Leads to Denial of Service (DoS) Stored Cross-site Scripting (XSS) vulnerability in GitHub repository ionicabizau/parse-url prior to version 7.0.0 Improper Check for Unusual or Exceptional Conditions Vulnerability in IPv6 Packet Processing on EX Series Devices Leading to DoS Reflected Cross-site Scripting (XSS) Vulnerability in J-Web of Juniper Networks Junos OS Cross-site Scripting (XSS) Vulnerability in Juniper Networks Junos OS J-Web Allows Remote Code Execution Improper Access Control Vulnerability in Juniper Networks Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on SRX Series with 'preserve-incoming-fragment-size' Feature Enabled Improper Initialization Vulnerability in Juniper Networks Junos OS on EX4650 Devices Privilege Escalation via Windows Installer in Juniper Networks Juniper Identity Management Service (JIMS) Uncontrolled Memory Allocation Vulnerability in Juniper Networks Junos OS: Heap-based Buffer Overflow in PFE Elevation of Privilege Vulnerability in Juniper Networks Contrail Service Orchestration (CSO) Unyson WordPress Plugin Reflected Cross-Site Scripting Vulnerability Improper Access Control in Juniper Networks Paragon Active Assurance Control Center Allows Unauthorized PDF Report Generation Juniper Networks Junos OS EX4300 Switch Denial of Service (DoS) Vulnerability Improper Validation of Syntactic Correctness of Input Vulnerability in Juniper Networks Junos OS Evolved on PTX Series Improper Handling of Unexpected Data Type Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Unauthenticated DoS Vulnerability in Juniper Networks Junos OS SIP ALG Improper Validation of Specified Index, Position, or Offset in Input Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability on PTX Series Devices in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS 19.4R3-S4 Improper Release of Memory in Juniper Networks Junos OS SIP ALG Allows Partial DoS Memory Leak Vulnerability in Juniper Networks Junos OS on SRX Series Buffer Overflow Vulnerability in Juniper Networks Junos OS on SRX Series Use After Free Vulnerability in Juniper Networks Junos OS AFT Manager Process Use After Free Vulnerability in Juniper Networks Junos OS and Junos OS Evolved RDP Missing Release of Memory after Effective Lifetime Vulnerability in Juniper Networks Junos OS Information Exposure Vulnerability in Devolutions Remote Desktop Manager Allows Unauthorized Access to User Credentials NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS on QFX5000 Series and MX Series FPC Resource Exhaustion Vulnerability in Juniper Networks Junos OS Evolved on PTX Series Unauthenticated DoS Vulnerability in Juniper Networks Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Missing Release of File Descriptor or Handle after Effective Lifetime Vulnerability in Juniper Networks Junos OS and Junos OS Evolved PAM Etherleak Vulnerability in Juniper Networks Junos OS on PTX and QFX Series Improper Check for Unusual or Exceptional Conditions Vulnerability in Juniper Networks Junos OS on QFX10K Series Switches Improper Check for Unusual or Exceptional Conditions in SRX Series Devices: Certificate Management Protocol Version 2 (CMPv2) DoS Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Arbitrary File Download Vulnerability in Download Monitor WordPress Plugin TOCTOU Race Condition Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Neutralization of Special Elements in Juniper Networks Junos OS Download Manager Allows Unauthorized Device Control Denial of Service Vulnerability in Juniper Networks Junos OS on QFX10000 Series Devices with Transit IP/MPLS Penultimate Hop Popping (PHP) Configuration Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved TOCTOU Race Condition Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (rpd) Allows DoS Uncontrolled Memory Allocation Vulnerability in Juniper Networks Junos OS Improper Check for Unusual or Exceptional Conditions Vulnerability in Juniper Networks Junos OS Evolved on ACX7000 Series Improper Validation of Specified Type of Input in Juniper Networks Junos OS RPD Daemon Leading to DoS Stored Cross-Site Scripting (XSS) Vulnerability in Juniper Networks Paragon Active Assurance (Formerly Netrounds) Control Center Controller Cross-Site Request Forgery Vulnerability in WordPress Image Slider Plugin (Versions up to 1.1.121) Improper Input Validation Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Allows DoS via OSPFv3 LSA Unchecked Return Value to NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS on SRX Series Unchecked Return Value to NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Preservation of Consistency Between Independent Representations of Shared State Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on SRX Series Unauthenticated DoS Vulnerability in Juniper Networks Junos OS SIP ALG Improper Authentication Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Privilege Escalation Vulnerability in Juniper Networks Junos OS Evolved Cross-Site Request Forgery Vulnerability in Gallery for Social Photo WordPress Plugin Memory Leak and DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (rpd) Improper Input Validation Vulnerability in Juniper Networks Junos OS J-Web Component Cross-site Scripting (XSS) Vulnerability in Juniper Networks Junos OS J-Web Component XPath Injection Vulnerability in Juniper Networks Junos OS XPath Injection Vulnerability in Juniper Networks Junos OS J-Web Component Path Traversal Vulnerability in Juniper Networks Junos OS: Arbitrary File Upload Juniper Networks Junos OS PHP Local File Inclusion (LFI) Vulnerability Improper Input Validation in Juniper Networks Junos OS Evolved TCP Segment Processing Leading to DoS Incorrect Permission Assignment Vulnerability in Juniper Networks Junos OS Evolved Improper Control of Resource Lifetime Vulnerability in Juniper Networks Junos OS on MX Series Bypassing Zero Trust Security Policies and 'Lock WARP Switch' Feature via warp-cli Subcommands Improper Control of Resource Lifetime in Juniper Networks Junos OS and Junos OS Evolved: Denial of Service (DoS) Vulnerability Vulnerability: Privilege Escalation in Juniper Networks Junos OS on cSRX Series Devices UAF Vulnerability in DFX Module: Impact on System Stability DFX Module Vulnerability: Improper Validation of Integrity Check Values NFC CAs TEE Permission Bypass Vulnerability Application Framework DoS Vulnerability: Impact on Availability DFX Module Access Control Vulnerability: Threat to Data Confidentiality Improper Permission Control in Customization Framework: A Threat to Data Integrity Wi-Fi Module Event Notification Vulnerability: Elevation-of-Privilege Exploitation FLMG-10 10.0.1.0(H100SP22C00) Improper Authentication Vulnerability Inconsistent Date Verification in Thunderbird Digital Signatures Title: Kernel Module UAF Vulnerability: Threatening Data Integrity and Availability Vulnerability in HiAIserver's Weight Verification Poses Risk to AI Services Improper Link Resolution Vulnerability in ROG Live Service's Temp File Deletion Function Unprotected Dynamic Receiver Vulnerability in SecSettings Prior to SMR Jan-2022 Release 1 File Manipulation Vulnerability in Dressroom Prior to SMR Jan-2022 Release 1 Arbitrary Memory Write and Code Execution Vulnerability in NPU Driver Unprotected WifiEvaluationService in TencentWifiSecurity Application: Unauthorized Access to WiFi Information ActivityMetricsLogger Implicit Intent Hijacking Vulnerability Knox Guard Vulnerability: Temporary Unlock via Samsung DeX Mode Unprotected BluetoothSettingsProvider Vulnerability: Unauthorized Access to Local Bluetooth MAC Address Improper Access Control in GitLab Runner Jobs API Allows Unauthorized Data Access Contact Information Exposure Vulnerability in Dialer App (SMR Jan-2022 Release 1) Arbitrary Memory Copy Vulnerability in TIMA Trustlet (SMR Jan-2022 Release 1) IMSISpy: Unauthorized Access to IMSI in TelephonyManager OS Command Injection Vulnerability in End-of-Life Secure Remote Access (SRA) and Secure Mobile Access (SMA) Products Stack-based Buffer Overflow Vulnerability in SonicOS Allows Remote Code Execution TCP Handshake Bypass Vulnerability in HTTP/S Inbound Traffic SonicOS SNMP Service Vulnerability: Unauthorized Access to Sensitive Information Clear-text Exposure of Wireless Access Point Sensitive Information in SonicOS SNMP Service SonicOS CFS Vulnerability: HTTP Denial of Service (DoS) Attack via Large 403 Forbidden Response Post-Authentication Arbitrary File Read Vulnerability in End-of-Life Secure Remote Access (SRA) and Older Firmware Versions of Secure Mobile Access (SMA) Products GitLab EE Information Exposure Vulnerability: Unauthorized Access to CI Variables Unauthenticated SQL Injection Vulnerability in SonicWall GMS and Analytics On-Prem Buffer Overflow Vulnerability in SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) Allows Arbitrary Code Execution Improper Access Control in SonicWall SMA1000 Series Firmware Session Hijacking Vulnerability in Samsung Health App Bypassing Secret Mode Password Authentication in Samsung Internet (prior to 16.0.2.19) Hijacking and Privilege Escalation Vulnerability in Reminder App Bixby Routines PendingIntent Hijacking Vulnerability Arbitrary File Access Vulnerability in Samsung Email Prior to 6.1.60.16 Remote App Installation Vulnerability in Galaxy Store (Version < 4.5.36.5) Remote Information Disclosure Vulnerability in S Assistant v7.5 and earlier Unprotected Variable Extraction Vulnerability in GitLab CE/EE Domain Spoofing Vulnerability in Samsung Internet Downloads Excessive Data Logging Vulnerability in Telephony: Unauthorized Cell Location Information Retrieval Dynamic Receiver Vulnerability in Telecom: Arbitrary Activity Launch HTML Injection in Dolibarr 7.0.2 via admin/limits.php ZFAKA<=1.43 SQL Injection Vulnerability Allows Unauthorized Administrator Account Creation SQL Injection Vulnerability in Metinfo v7.5.0 via table_para parameter in parameter_admin.class.php Insecure Permissions in Sourcecodester Hospital's Patient Records Management System 1.0 Arbitrary File Read Vulnerability in FortiWeb and FortiRecorder OS Command Injection Vulnerability in Fortinet FortiIsolator Title: Authenticated Command Injection via Format String Vulnerability in FortiADC, FortiProxy, FortiOS, and FortiMail Stored Cross-Site Scripting Vulnerability in GitLab CE/EE Project Settings Insufficient Permissions Vulnerability in Fortinet FortiAnalyzer and FortiManager Command Injection Vulnerability in FortiAP-C Console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 Clear Text Storage of Sensitive Information Vulnerability in FortiGate and FortiAuthenticator Unauthorized Access to FortiGate User Credentials via Config Conflict File Vulnerability Cross-Site Scripting (XSS) Vulnerability in FortiAuthenticator OWA Agent for Microsoft Version 2.2 and 2.1 Improper Certificate Validation Vulnerability in Fortinet Products FortiOS Improper Certificate Validation Vulnerability Elevated Privileges Vulnerability in IBM Security Guardium 11.3, 11.4, and 11.5 Remote File Include (RFI) Vulnerability in IBM Planning Analytics 2.0 Unauthenticated Serial Port/TTY Interface Login Vulnerability in POWER Systems FSP NULL Pointer Dereference in Vim prior to 8.2 Weak Security and Unauthorized Access in IBM WebSphere Application Server Liberty 21.0.0.10-21.0.0.12 Vulnerability: Improper Validation of JWT Tokens in IBM Security Verify Access Heap-based Buffer Overflow in IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x Weak Cryptographic Algorithms in IBM QRadar Data Synchronization App 1.0 through 3.0.1 Local File Inclusion Vulnerability in IBM Planning Analytics Local 2.0 Elevated Privilege Vulnerability in IBM UrbanCode Deploy (UCD) 7.2.2.1 IBM MQ Appliance 9.2 CD and 9.2 LTS Denial of Service Vulnerability Session Invalidation Vulnerability in IBM Curam Social Program Management 8.0.0 and 8.0.1 Session Invalidation Vulnerability in IBM Curam Social Program Management 8.0.0 and 8.0.1 Vulnerability: Queue Deletion Disruption in IBM Robotic Process Automation 21.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Insufficient Protection of Password Hash in IBM MQ Appliance 9.2 CD and 9.2 LTS Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Heap-based Buffer Overflow in IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x Information Disclosure Vulnerability in IBM MQ for HPE NonStop 8.1.0 Insufficient Authorization Checks in IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 Weak Cryptographic Algorithms in IBM UrbanCode Deploy (UCD) 7.x.x Privilege Escalation Vulnerability in IBM SterlingPartner Engagement Manager 6.2.0 Insecure Cookie Handling in IBM Control Desk 7.6.1 Cross-Site Request Forgery Vulnerability in Banner Cycler WordPress Plugin (up to version 1.4) IBM Control Desk 7.6.1 HTTPOnly Flag Failure Vulnerability Insecure Direct Object Vulnerability in IBM SterlingPartner Engagement Manager 6.2.0 Missing Revocation Mechanism in IBM Sterling Partner Engagement Manager 6.2.0 Allows User Impersonation Buffer Overflow Vulnerability in IBM Sterling Secure Proxy and External Authentication Server Unauthorized Access to Tenant Information in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 Denial of Service Vulnerability in IBM Sterling External Authentication Server and IBM Sterling Secure Proxy Information Disclosure Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 IBM Planning Analytics 2.0 SSRF Vulnerability Command Injection Vulnerability in mySCADA myPRO 8.26.0 HTTP Header Injection Vulnerability in IBM Spectrum Copy Data Management Cross-Site Scripting (XSS) Vulnerability in IBM QRadar 7.3, 7.4, and 7.5 Cross-Site Request Forgery Vulnerability in IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx Reverse Tabnabbing Vulnerability in IBM Spectrum Protect Operations Center Path Traversal Vulnerability in IBM Sterling External Authentication Server Cross-Site Scripting (XSS) Vulnerability in GitLab EE's External Issue Tracker Denial of Service Vulnerability in IBM AIX and VIOS NIMSH Daemon Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 Data Masking Bypass Vulnerability in IBM Big SQL on IBM Cloud Pak for Data Unrestricted Connection Length Vulnerability in IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management Denial of Service Vulnerability in IBM MQ Appliance 9.2 CD and 9.2 LTS Login Component Account Enumeration Vulnerability in IBM MQ Appliance 9.2 CD and 9.2 LTS XML External Entity Injection (XXE) Vulnerability in IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 Cross-Site Request Forgery Vulnerability in IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 - LDAP Injection Vulnerability Cross-Site Request Forgery Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager IBM Cognos Controller External Service Interaction Vulnerability SSL Server Hostname Spoofing Vulnerability in IBM WebSphere Application Server with Ajax Proxy Web Application Clear Text Storage of User Credentials in IBM UrbanCode Deploy Local User Disclosure of Sensitive Database Information in IBM UrbanCode Deploy Weak Cryptographic Algorithms in IBM Spectrum Scale 5.1.0 through 5.1.3.0: A Threat to Highly Sensitive Data Local Privilege Escalation Vulnerability in IBM Workload Scheduler 9.4 and 9.5 Open Redirect Vulnerability in Keycloak Node.js Adapter's checkSso Function Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 Session Impersonation Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 Improper Validation Vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs Firmware Downgrade Vulnerability in IBM Power 9 AC922 BMC (X-Force ID: 221442) Arbitrary Command Execution Vulnerability in IBM Security Verify Privilege On-Premises 11.5 HTTP Strict Transport Security Bypass in IBM Security Verify Privilege On-Premises 11.5 Vulnerability in Red Hat Advanced Cluster Management for Kubernetes Allows Pod Crashing and System Availability Impact Certificate Validation Vulnerability in IBM Security Verify Privilege On-Premises 11.5 Hazardous Input Validation Vulnerability in IBM Security Verify Privilege On-Premises 11.5 Clear Text Transmission Vulnerability in IBM Security Verify Privilege On-Premises 11.5 IBM Security Verify Privilege On-Premises 11.5 HTTP Strict Transport Security Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Application Gateway Allows for Credential Disclosure Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Cross-Site Scripting (XSS) Vulnerability in Request a Quote WordPress Plugin Improper Privilege Management in IBM Db2 for Linux, UNIX and Windows Information Disclosure Vulnerability in IBM Aspera High-Speed Transfer 4.3.1 and Earlier Arbitrary File Upload Vulnerability in IBM Planning Analytics Local 2.0 Information Disclosure Vulnerability in IBM WebSphere Application Server Liberty Improper Access Control Enforcement in IBM Spectrum Protect 8.1.14.000 Server Clear Text Credential Printing Vulnerability in IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 IBM Aspera Faspex 5.0.0 and 5.0.1 HTTP Header Injection Vulnerability CSV File Upload Vulnerability in Request a Quote WordPress Plugin IBM Aspera Faspex 5.0.5 Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Aspera Faspex 5.0.5 Excessive Rate Limiting Vulnerability in IBM App Connect Enterprise Certified Container Dashboard UI IBM Aspera Faspex 5.0.5 HTTP Strict Transport Security Bypass Vulnerability Insecure Configuration in IBM Aspera Faspex 5.0.5 Allows Information Gathering CSRF and Stored XSS Vulnerabilities in Featured Image from URL (FIFU) WordPress Plugin IBM Watson Query with Cloud Pak for Data as a Service Information Disclosure Vulnerability Excessive Permissions Vulnerability in IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 Local Host Login Access Token Vulnerability in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 SQL Injection Vulnerability in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 Local User Credential Exposure in IBM Robotic Process Automation 21.0.2 Unauthorized View-Only Access to Admin Pages in IBM Robotic Process Automation 21.0.1 Control Center IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 SSRF Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 Improper Access Control in KUKA SystemSoftware V/KSS Versions Prior to 8.6.5 Improper Input Validation in IBM Common Cryptographic Architecture (CCA) 5.x and 7.x MTM for 4767 and 4769 Local User Information Disclosure in IBM QRadar SIEM 7.3, 7.4, and 7.5 CSV Injection Vulnerability in IBM InfoSphere Information Server 11.7 Authentication Bypass Vulnerability in IBM Spectrum Copy Data Management Admin Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Access Control Vulnerability in GitLab EE/CE Allows Enumeration of Issues in Non-Linked Sentry Projects IBM Robotic Process Automation 21.0.1 and 21.0.2 External Service Interaction Vulnerability IBM Robotic Process Automation 21.0.0-21.0.2 Physical Access API Object Creation Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.1.2 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.1.2 Improper Authorization Vulnerability in GitLab EE/CE Allowing Unauthorized Management of Issues in Error Tracking Feature Privilege Escalation Vulnerability in IBM InfoSphere Information Server 11.7 Improper Access Controls in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Local Denial of Service Vulnerability in IBM AIX and VIOS Critical Vulnerability: Compromise of Partition Firmware via FSP Access or Admin Authority (POWER9) Potential Security Misconfigurations in IBM Disconnected Log Collector 1.0 through 1.8.2: Information Disclosure Vulnerability Sensitive Information Disclosure in IBM Security Verify Governance, Identity Manager 10.01 CSRF Vulnerability in Counter Box WordPress Plugin before 1.2.1 Privileged User File Upload Vulnerability in IBM Security Verify Identity Manager 10.0 Inadequate Account Lockout Setting in IBM Security Verify Identity Manager 10.0 Weak Cryptographic Algorithms in IBM Security Verify Identity Manager 10.0: A Potential Decryption Vulnerability Arbitrary Command Execution Vulnerability in IBM InfoSphere Information Server 11.7 Privilege Escalation Vulnerability in IBM Security Verify Governance Identity Manager 10.0 Virtual Appliance Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify Governance, Identity Manager 10.0.1 Clear Text Storage of User Credentials in IBM Security Verify Governance, Identity Manager 10.0.1 Clear Text Storage of User Credentials in IBM Security Verify Governance, Identity Manager 10.0.1 Sensitive Information Exposure in IBM Security Verify Identity Manager 10.0 Weak Cryptographic Algorithms in IBM Security Verify Governance, Identity Manager 10.0.1: A Potential Decryption Vulnerability Weak Cryptographic Algorithms in IBM Security Verify Governance, Identity Manager Virtual Appliance Component 10.0.1: A Potential Decryption Vulnerability SQL Injection Vulnerability in IBM Security Access Manager Appliance 10.0.0.0 - 10.0.3.0 Weak Cryptographic Algorithms in IBM Security Access Manager Appliance 10.0.0.0 - 10.0.3.0 Improper Access Permissions in IBM Security Access Manager Appliance 10.0.0.0 - 10.0.3.0 Hard-coded Credentials Vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance 10.0 Local User Credential Exposure Vulnerability Improper Disclosure of Session Information in IBM Spectrum Protect Plus Container Backup and Restore Improper Handling of Administrative Console Data in IBM WebSphere Application Server Denial of Service Vulnerability in IBM Spectrum Protect Client Operations Identity Spoofing Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty Identity Spoofing Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty (CVE-2021-20592) Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Clear Text Storage of User Credentials in IBM Spectrum Protect Client Cross-Site Request Forgery Vulnerability in IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 Data Node Rebalancing Vulnerability in IBM QRadar SIEM 7.4 and 7.5 Remote Access to IBM Navigator for i Web Interface without Valid Credentials File Upload Denial of Service Vulnerability in IBM Sterling B2B Integrator Information Disclosure Vulnerability in IBM Db2 for Linux, UNIX and Windows Sensitive Information Exposure in IBM Spectrum Protect Operations Center Unauthenticated Brute Force Access to IBM Spectrum Protect Server XML External Entity Injection (XXE) Vulnerability in IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 Unlimited Login Attempts Vulnerability in IBM Spectrum Protect Storage Agent Denial of Service Vulnerability in IBM OpenBMC OP910 and OP940 XML External Entity Injection (XXE) Vulnerability in IBM MQ 8.0 and 9.x Local Privilege Escalation Vulnerabilities in Avaya Aura Communication Manager Privileged User Information Disclosure in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 Cross-Site Request Forgery Vulnerability in IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 Information Disclosure Vulnerability in IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 IBM i 7.3, 7.4, and 7.5 SQL Injection Vulnerability Offline Dictionary Attack Vulnerability in IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 Unauthorized Access Vulnerability in IBM Aspera Faspex 4.4.1 and 5.0.0 Open Redirect Vulnerability in GitLab EE/CE Versions 11.1 to 14.10.5, 15.0 to 15.0.4, and 15.1 to 15.1.1 Cross-Site Scripting (XSS) Vulnerability in IBM Robotic Process Automation 21.0.1 and 21.0.2 Clickjacking Vulnerability in IBM Robotic Process Automation 21.0.0 Exposure of IBM Tenant Credentials in IBM Robotic Process Automation 21.0.0-21.0.2 User ID Exposure Vulnerability in IBM Robotic Process Automation 21.0.2 Consecutive Login Blocking Vulnerability in Multiple CODESYS V3 Products Privilege Escalation Vulnerability in Phoenix Contact FL SWITCH Series 2xxx Version 3.00 GitLab Runner Branch Name Command Execution Vulnerability Null Pointer Dereference Vulnerability in Codesys Profinet v4.2.0.0 Allows Unauthenticated DoS Attack via SNMP Reflected XSS Vulnerability in Device Configuration Pages Allows Unauthorized Access to Confidential Information Vulnerability: Hard-coded Credentials in VARTA Storage Web-UI Null Pointer Dereference Vulnerability in CmpSettings Component of CODESYS Products Dereferenced Pointer Vulnerability in CmpTraceMgr Leading to Memory Overwrite Remote Code Execution Vulnerability in CODESYS Control Runtime System Memory Space Access Vulnerability in SysDrv3S Driver on Windows Remote Code Execution Vulnerability in CODESYS Products Partial Application of Security Policies in CmpUserMgr Component Vulnerability Remote Code Execution Vulnerability in CODESYS Control Runtime System Open Redirect Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.2.19 User Enumeration Vulnerability in MB Connect Line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual (up to v2.11.2) Privilege Escalation in Miele Benchmark Programming Tool Hard-coded Credentials Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server Authentication Bypass Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server SQL-Injection Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server Arbitrary Command Execution Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server Missing Authentication in Carlo Gavazzi UWP3.0 and CPY Car Park Server: Full API Access Vulnerability Privilege Escalation Vulnerability in SAP ASE Installer XSS Vulnerability in SAP Enterprise Threat Detection (ETD) Version 2.0 Remote Code Execution Vulnerability in Distributed Data Systems WebHMI 4.1.1.7662 File Upload and Download Vulnerability in SAP S/4HANA F0743 Create Single Payment Application Arbitrary Script Code Execution in SAP S/4HANA F0743 Create Single Payment Application Improper Shared Memory Buffer Handling Vulnerability in SAP NetWeaver Application Server Java SAP NetWeaver Application Server Java Memory Buffer Consumption Vulnerability Insufficient Encoding of User Input in SAP NetWeaver: Code Injection Vulnerability Unauthorized Access to Payroll Data in SAP ERP HCM Portugal Vulnerability: Request Smuggling and Request Concatenation in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher SAP 3D Visual Enterprise Viewer 9.0 TIFF File Format Crash Vulnerability Adobe Illustrator File Format Denial of Service Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9.0 JPEG File Format Denial of Service Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9.0 Privilege Escalation Vulnerability in Distributed Data Systems WebHMI 4.1.1.7662 SAP NetWeaver AS ABAP (Workplace Server) Database Query Disclosure Vulnerability Unauthorized Data Disclosure in SAP BusinessObjects Business Intelligence Platform Confidential Information Disclosure in S/4HANA Supplier Factsheet and Enterprise Search SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) Denial-of-Service Vulnerability Vulnerability: Unauthorized Code Execution and System Control in SAP Solution Manager (Diagnostics Root Cause Analysis Tools) Unauthorized Access to Connection Details in SAP NetWeaver Application Server ABAP and ABAP Platform XSS Vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - Version 420 Unrestricted Information Access via Random Port in Simple Diagnostics Agent (Versions 1.0 to 1.57) Improper Certificate Validation in Dell PowerScale OneFS: Man-in-the-Middle Attack on Administrative Credentials Untrusted Proxy Header Injection Vulnerability in mod_wsgi Dell PowerScale OneFS Password Disclosure Vulnerability Vulnerability: Unauthenticated Session Hijacking in DELL EMC AppSync Versions 3.9 to 4.3 Clickjacking Vulnerability in Dell EMC AppSync Versions 3.9 to 4.3 Dell EMC AppSync Account Takeover Vulnerability Unprotected Storage of Credentials in Dell EMC System Update Dell EMC PowerStore OS Command Injection Vulnerability Uncontrolled Resource Consumption Vulnerability in Dell PowerStore User Interface Plain-Text Password Storage Vulnerability in PowerStore X & T Environments Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS Use of Broken Cryptographic Algorithm in Dell PowerScale OneFS 9.3.0: Potential Information Disclosure Vulnerability Stored Cross-site scripting (XSS) vulnerability in Red Hat Single Sign-On 7's Keycloak Admin Console Hard Coded Credentials in Dell EMC PowerScale OneFS 8.1.x - 9.1.x Improper Restriction of Excessive Authentication Attempts in Dell PowerScale OneFS Dell PowerScale OneFS Denial-of-Service Vulnerability Dell EMC Powerscale OneFS Account Information Omission Vulnerability Dell EMC Unity Vulnerability: Broken Cryptographic Algorithm Allows for MitM Attacks and Information Disclosure Improper Authorization in Dell PowerScale OneFS: Sensitive Data Disclosure and Modification Pre-Boot DMA Vulnerability in Dell Client Platforms: Exploiting Physical Access for Arbitrary Code Execution Insufficient Verification of Data Authenticity Vulnerability in Dell Client Commercial and Consumer Platforms Critical Out-of-bounds Read Vulnerability in vim/vim Repository (prior to 9.0) UniFi Door Access Reader Lite Firmware Buffer Overflow Vulnerability Stored XSS Vulnerability in Incapptic Connect: Authenticated High Privileged Users Can Perform Attack Privilege Escalation via Password Reset in Incapptic Connect < 1.40.1 Improper Authentication Vulnerability in curl 7.33.0 to 7.82.0 XSS Vulnerability in Action Pack: Bypassing CSP for Non-HTML Responses Root Privilege Escalation Vulnerability Patched in Apple Operating Systems Vulnerability: Information Disclosure and Arbitrary Code Execution via Malicious STL File Unauthorized Access to Tagsets in Octopus Deploy Symlink Validation Vulnerability Allows Arbitrary File Writing Vulnerability: File Access Permissions Bypass Arbitrary Code Execution Vulnerability Patched in Apple Operating Systems Path Validation Logic Vulnerability Kernel Privilege Escalation via Out-of-Bounds Write in macOS Monterey 12.2 Kernel Privilege Escalation Vulnerability in Apple Operating Systems Denial of Service Vulnerability in iOS 15.2.1 and iPadOS 15.2.1 via Malicious HomeKit Accessory Name Arbitrary JavaScript Execution via Malicious Mail Message in iOS 15.3 and macOS Monterey 12.2 Unauthorized Access to Workerpools in Octopus Deploy Use After Free Vulnerability Patched in Multiple Apple Platforms Memory Corruption Vulnerability in macOS Monterey 12.2 Allows Arbitrary Code Execution with Kernel Privileges Content Security Policy Bypass Vulnerability Buffer Overflow Vulnerability in iOS, iPadOS, watchOS, tvOS, macOS Fixed Cross-Origin Information Leakage in IndexDB API Arbitrary Code Execution Vulnerability in watchOS, iOS, and iPadOS Memory Corruption Vulnerability Patched in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina Camera Metadata Leakage Vulnerability Siri Lock Screen Location Information Disclosure Vulnerability CSRF Vulnerability in GiveWP WordPress Plugin Allows DoS Attack Privacy Bypass Vulnerability Patched in Apple's Latest Updates Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Application Settings Exposure Vulnerability Patched in Latest Apple Updates Local File Inclusion vulnerability in WPIDE WordPress Plugin before 3.0 Memory Corruption Vulnerability in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, iPadOS 15.4, and tvOS 15.4 Arbitrary Code Execution via Maliciously Crafted Image Heap Corruption Vulnerability in Apple Operating Systems and Applications Arbitrary Code Execution Vulnerability with Kernel Privileges Arbitrary Code Execution Vulnerability in Apple Operating Systems Arbitrary Code Execution Vulnerability in Apple Operating Systems Gatekeeper Bypass Vulnerability in ZIP Archives Privilege Escalation Vulnerability in macOS Big Sur, macOS Monterey, and Security Update 2022-003 Catalina Emergency SOS Passcode Bypass Vulnerability Patched in watchOS 8.5, iOS 15.4, and iPadOS 15.4 Critical SQL Injection Vulnerability in Online Hotel Booking System 1.0 Use After Free Vulnerability in macOS Monterey, iOS, iPadOS, and Safari Sensitive Information Exposure via Keyboard Suggestions on iOS Devices Keyboard Suggestion Vulnerability Allows Unauthorized Access to Sensitive Information on iOS Devices Use After Free Vulnerability Patched in macOS Monterey 12.3, iOS 15.4, and More AppleScript Binary Processing Vulnerability Improper Bounds Checking in AppleScript Binary Processing Improper Bounds Checking in AppleScript Binary Processing Use After Free Vulnerability Patched in macOS Monterey 12.3, Safari 15.4, and More Buffer Overflow Vulnerability Patched in Multiple Apple Products Critical SQL Injection Vulnerability in Online Hotel Booking System 1.0 Improper Memory Management Leads to Remote Code Execution in macOS Elevated Privileges Vulnerability Patched in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina Privilege Escalation Vulnerability Patched in Apple Operating Systems Memory Corruption Vulnerability in PDF File Parsing Improved Bounds Checking Fixes Buffer Overflow Vulnerability in tvOS 15.4, iOS 15.4, and iPadOS 15.4 Elevated Privileges Vulnerability Fixed in tvOS 15.4, iOS 15.4, and iPadOS 15.4 Arbitrary Code Execution Vulnerability in tvOS, iOS, and iPadOS 15.4 Cross-Origin Logic Issue in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, iPadOS 15.4, and tvOS 15.4 Null Pointer Dereference Vulnerability Patched in Multiple Apple Operating Systems Elevated Privileges Vulnerability Patched in iOS 15.4, iPadOS 15.4, and macOS Monterey 12.3 Heap-based Buffer Overflow in Vim prior to version 9.0 Arbitrary Code Execution Vulnerability in Apple Operating Systems Elevated Privileges Vulnerability Fixed in Apple Operating Systems Emergency SOS Passcode Bypass Vulnerability Patched in iOS 15.4 and iPadOS 15.4 Unintentional Audio and Video Transmission Vulnerability in FaceTime Privacy Vulnerability: Unauthorized Access to Contact Information in macOS Monterey 12.3 Vulnerability Patched: File System Modification Exploit in macOS Monterey 12.2 Login Window Bypass Vulnerability in macOS Memory Disclosure Vulnerability in macOS Unauthenticated Path Traversal Vulnerability in Çekino Bilgi Teknolojileri Identity and Directory Management System (before version 2.1.25) Vulnerability: Privilege Escalation via Plug-in Inheritance Improper Bounds Checking Leading to System Termination and Kernel Memory Corruption Lock Screen Vulnerability Allows Unauthorized Access to Carrier Account Information and Settings Improved Restrictions for Addressing Logic Issue in iOS 15.4 and iPadOS 15.4: Mitigating Unauthorized Access to User and Device Information Address Bar Spoofing Vulnerability Fixed in watchOS 8.5 and Safari 15.4 Sandbox Improvements Patch Vulnerability: Sensitive User Information Leakage Desktop View Leakage Vulnerability Memory Initialization Vulnerability in Logic Pro, GarageBand, and macOS Monterey iOS 16.0.3 Patch: Denial-of-Service Vulnerability in Email Processing Improved State Management Addresses Logic Issue in iOS 15.4 and iPadOS 15.4, Preventing Sensitive User Information Leakage Unauthenticated Reflected XSS Vulnerability in Yordam Bilgi Teknolojileri's University Library Automation System (pre-version 19.2) Vulnerability: App Spoofing System Notifications and UI Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Improved Cookie Management in Security Update 2022-003 Catalina and macOS Big Sur 11.6.5 Gatekeeper Bypass Vulnerability Vulnerability Patched: Out-of-Bounds Read in Logic Pro, GarageBand, and macOS Monterey Root Privilege Escalation Vulnerability in macOS Monterey 12.3 Heap Corruption Vulnerability Fixed in iOS, iPadOS, tvOS, and watchOS Arbitrary Code Execution Vulnerability in iOS 15.4 and iPadOS 15.4 Improved Restrictions for Logic Issue in iOS 15.4, iPadOS 15.4, and macOS Monterey 12.3: Mitigating Sensitive User Information Leakage Kernel Privilege Escalation via Use After Free Vulnerability in macOS Monterey 12.3 Mailchimp for WooCommerce WordPress Plugin 2.7.0 and Earlier: Unauthorized AJAX Action Allows Server Impersonation and Network Scanning Improved Access Restrictions in tvOS 15.4, iOS 15.4, iPadOS 15.4, and watchOS 8.5 Prevent Malicious App from Identifying Installed Applications Lock Screen Photo Access Vulnerability Memory Corruption Vulnerability in iOS, iPadOS, macOS Fixed in Latest Updates Denial of Service Vulnerability Fixed in iOS 15.5 and iPadOS 15.5 Kernel Memory Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Apple Operating Systems XPC Services API Event Handler Validation Vulnerability Concurrent Media Handling Logic Issue in WebRTC Call Interrupted by Phone Call Path Traversal Vulnerability in Synology DiskStation Manager (DSM) Allows Arbitrary File Write Arbitrary File Upload and Remote Code Execution Vulnerability in Import any XML or CSV File to WordPress Plugin Sensitive Information Exposure Vulnerability in Synology DiskStation Manager (DSM) Web Server Session Fixation Vulnerability in Synology Photo Station Access Control Management Cross-site Scripting (XSS) vulnerability in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in Event Management. Classic Buffer Overflow Vulnerability in Synology Media Server before 1.8.1-2876 OS Command Injection Vulnerability in Synology DiskStation Manager (DSM) Path Traversal Vulnerability in Synology WebDAV Server CSRF Vulnerability in Synology Calendar Allows Authentication Hijacking Classic Buffer Overflow Vulnerability in Synology DiskStation Manager (DSM) Authentication Functionality Command Injection Vulnerability in Synology DiskStation Manager (DSM) File Service Functionality Arbitrary Code Execution Vulnerability in CA Harvest Software Change Manager SQL Injection Vulnerability in Website File Changes Monitor WordPress Plugin Persistent URL Manipulation Vulnerability in Umbraco CMS Password Reset URL Manipulation Vulnerability in Umbraco GitLab Vulnerability: Conan Package Names Leakage Predictable Value Ranges in 'X-CFY-TX-TM' Response Header Expose User Existence in CyberArk Identity Local File Disclosure Vulnerability in PartKeepr v1.4.0 SSRF and Port Enumeration Vulnerability in PartKeepr v1.4.0 Cleartext User Password and PSK Leakage in Stormshield SSO Agent Installer Log File Privilege Escalation to Root in Zabbix-Agent2 Package for Alpine Linux Arm Mali GPU Kernel Driver Write Access Vulnerability Stack-based Buffer Overflow in mod_extforward_Forwarded Function of lighttpd VP9 Video Extensions RCE Vulnerability Stored Cross-Site Scripting Vulnerability in WP Database Backup WordPress Plugin Windows Common Log File System Driver Denial of Service Vulnerability Windows BitLocker Data Leakage Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Hyper-V DoS Vulnerability: Disrupting Windows Virtualization PipeFS Elevation of Privilege Vulnerability Excel Data Leakage Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Apache HTTP Server 2.4.52 and Earlier: Remote Memory Read Vulnerability Authentication Bypass Vulnerability in Sante PACS Server 3.0.4 Apache HTTP Server 2.4.52 and earlier Vulnerability: HTTP Request Smuggling Integer Overflow Vulnerability in Apache HTTP Server 2.4.52 and Earlier Hard-coded SSH Key Vulnerability in Easergy P5 (Firmware versions prior to V01.401.101) Buffer Overflow Vulnerability in Easergy P5 (Firmware Versions prior to V01.401.101) Denial of Service Vulnerability in Modicon M340 CPUs: Uncontrolled Resource Consumption on Ports 80 and 502 Buffer Overflow Vulnerability in Easergy P3 (Versions prior to V30.205) Arbitrary File Read Vulnerability in EcoStruxure Power Monitoring Expert (Versions 2020 and prior) CWE-20: Improper Input Validation in EcoStruxure Power Monitoring Expert (Versions 2020 and prior) Buffer Overflow Vulnerability in Apache libapreq2 Improper Authentication Vulnerability in Yokogawa Electric CAMS for HIS Server Membership Level Escalation Vulnerability in Simple Membership WordPress Plugin Authentication Bypass Vulnerability in Intel(R) Edge Insights for Industrial Software Path Traversal Vulnerability in EcoStruxure Power Commission (Versions prior to V2.22) Cross-Origin Resource Sharing (CORS) Misconfiguration in EcoStruxure Power Commission (Versions prior to V2.22) Privilege Escalation via Unauthorized Access in Apache ShardingSphere ElasticJob-UI Cross-Site Scripting (XSS) Vulnerability in Simple Quotation WordPress Plugin Vulnerability: SQL Injection and Lack of Authorization Checks in Simple Quotation WordPress Plugin Local Privilege Escalation in Firefox for Windows with Non-Default Installation Race Condition and Use-After-Free Vulnerability in Audio Sinks of Firefox ESR, Firefox, and Thunderbird CSS Filter Effect Heap Buffer Overflow Vulnerability URL Protocol Handler Launch Vulnerability in Firefox ESR, Firefox, and Thunderbird Vulnerability: Remote Code Execution in OpenSSL 3.0.4 RSA Implementation on AVX512IFMA Machines Use-after-free vulnerability in network request handling Popup Resizing Vulnerability in Firefox ESR, Firefox, and Thunderbird Out-of-Bounds Memory Access Vulnerability in Firefox ESR, Firefox, and Thunderbird Fullscreen Hijacking Vulnerability Command Injection Vulnerability in Thunderbird for Windows Cross-Origin Information Leakage in Firefox ESR, Firefox, and Thunderbird Race Condition Vulnerability in Firefox for Windows Allows Fullscreen Window Spoofing Empty PKCS7 Sequence Handling Vulnerability in Firefox ESR, Firefox, and Thunderbird Origin Confusion Vulnerability in Firefox and Thunderbird Vulnerability in Firefox for Android Allows Navigation to Non-Web URLs via QR Codes CSRF Vulnerability in WP Edit Menu WordPress Plugin Allows Arbitrary Post/Page Deletion Privilege Escalation through Cross-Process Resource Handle Confusion Memory Safety Bugs in Firefox 95 and Firefox ESR 91.4 Memory Corruption Vulnerabilities in Firefox 95 Arbitrary Directory Write Access Vulnerability in Firefox Maintenance Service Extension Auto-Update Bypass Vulnerability Persistent JavaScript Execution Vulnerability in Firefox < 97 Drag-and-Drop Image Execution Vulnerability Remote Code Execution Vulnerability in Firefox WebDriver USSD Code Injection Vulnerability in Firefox for Android Sandboxed iFrame Event Handler Bypass Vulnerability Unauthenticated Deletion Vulnerability in WP Edit Menu WordPress Plugin Cross-Origin Information Disclosure in Web Workers Insecure Frame-Ancestors Enforcement in Web Extension Pages Cross-Window Scripting Vulnerability in Firefox for Android (Version < 97) Late Lifecycle Script Execution Vulnerability in Firefox, Thunderbird, and Firefox ESR Memory Corruption Vulnerabilities in Firefox 96 and Firefox ESR 91.5 Hardcoded Credentials Vulnerability in BD Viper LT System Versions 2.0 and Later Hardcoded Credentials Vulnerability in BD Pyxis Products Default Credentials Vulnerability in BD Pyxis™ Products Stored Cross Site Scripting (XSS) Vulnerability in TIBCO EBX and Add-ons Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 allows for denial-of-service Unauthenticated Remote Code Execution in TIBCO AuditSafe Web Server Directory Traversal Vulnerability in TIBCO JasperReports Server Components Remote Code Execution (RCE) Vulnerability in TIBCO Managed File Transfer Platform Server for UNIX and z/Linux Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO JasperReports Server XML External Entity (XXE) Vulnerability in TIBCO Managed File Transfer Components Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO BPM Enterprise and TIBCO Silver Fabric Stored Cross Site Scripting (XSS) Vulnerability in TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting (XSS) Vulnerability in TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery (CSRF) Vulnerability in TIBCO BusinessConnect Trading Community Management Vulnerability: Information Disclosure via Unremoved Exploded Messages in Keybase Clients Stored Cross-Site Scripting Vulnerability in Featured Image from URL (FIFU) WordPress Plugin Zip Bomb Vulnerability in Zoom Client for Meetings Zoom Client for MacOS Update Vulnerability Local Privilege Escalation Vulnerability in Zoom Client for Windows Exposure of Process Memory Fragments in Zoom On-Premise Meeting Connector Controller and MMR XML Parsing Vulnerability in Zoom Client for Meetings Session Cookie Spoofing Vulnerability in Zoom Client for Meetings Zoom Client and Zoom Rooms for Windows Vulnerability: Unauthorized Downgrade Attack Zoom Client for Meetings Vulnerability: Server Switch Request Hostname Validation Failure Zoom Opener Installer DLL Injection Vulnerability FormStorm Enterprise Account Takeover Vulnerability NULL Pointer Dereference Vulnerability in libmobi prior to version 0.11 SYNEL - eharmony Directory Traversal Vulnerability: Unauthorized Access to Sensitive Files SYNEL - eharmony Authenticated Blind & Stored XSS Vulnerability MobiSoft - MobiPlus User Take Over and Password Exposure Vulnerability PineApp Mail Relay Local File Inclusion Vulnerability PineApp Mail Relay Unauthenticated SQL Injection Vulnerability XML External Entity (XXE) Vulnerability in Signiant Manager+Agents: Unauthorized Extraction of Internal Files Sysaid System Takeover: Authentication Bypass via /wmiwizard.jsp and /ConcurrentLogin.jsp Sysaid Open Redirect Vulnerability SysAid Help Desk Broken Access Control Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in Microweber GitHub Repository (prior to version 1.2.19) Cross-Site Scripting (XSS) Vulnerability in EcoStruxure Power Monitoring Expert (Versions 2020 and prior) Buffer Overflow Vulnerability in SmartConnect Family UPS Devices Authentication Bypass by Capture-replay Vulnerability in SmartConnect Family UPS Devices CWE-1021: Unintended Modifications via Deceptive UI Rendering in EcoStruxure EV Charging Expert Cross-Site Request Forgery (CSRF) Vulnerability in EcoStruxure EV Charging Expert Unauthorized Modification of Touch Configurations in spaceLYnk, Wiser for KNX, and fellerLYnk Information Disclosure Vulnerability in GitLab EE Allows Disclosure of Release Titles Excessive Authentication Attempts Vulnerability in spaceLYnk, Wiser for KNX, and fellerLYnk CSRF Vulnerability in spaceLYnk, Wiser for KNX, and fellerLYnk (V2.6.2 and prior) Cross-Site Scripting (XSS) Vulnerability in spaceLYnk, Wiser for KNX, and fellerLYnk CWE-798: Use of Hard-coded Credentials in Courier Tunneling Communication Network Privilege Escalation Vulnerability in MyASUS System Diagnosis Service (Before 3.1.2.0) Improper Initialization of ImagePath.Path in Pillow's path_getbbox Function Buffer Over-read Vulnerability in Pillow's path_getbbox Function Arbitrary Expression Evaluation Vulnerability in PIL.ImageMath.eval Improper Context Encoding in Django Template Tag Leads to XSS Vulnerability Buffer Overflow Vulnerability in NXP LPC55S6x Microcontrollers (ROM version 1B) CPU Consumption Vulnerability in LINE for Windows 7.4 and Earlier Path Traversal Vulnerability in NVIDIA NeMo ASR WebApp Allows Directory Deletion Integer Overflow in addBinding function in Expat XML Parser (libexpat) before 2.4.3 Integer Overflow in build_model function in Expat (libexpat) before 2.4.3 Integer Overflow in defineAttribute function in Expat (libexpat) before 2.4.3 Integer Overflow Vulnerability in Expat (libexpat) XML Parsing Library Integer Overflow in nextScaffoldPart in Expat (libexpat) before 2.4.3 Integer Overflow in storeAtts function in Expat (libexpat) before 2.4.3 Insecure Direct Object Reference in Synametrics SynaMan: Unauthorized File Access via Modified Filename Unauthorized User Creation via Manipulation of Authorization Header Unauthenticated Access to Authorization Data in Servisnet Tessa 0.0.2 Sensitive Information Disclosure in Servisnet Tessa 0.0.2 via /js/app.js Request XSLT Injection Vulnerability in OverIT Geocall XXE Vulnerability in OverIT Geocall Allows Arbitrary File Read Directory Traversal Vulnerability in CoreFTP Server before 727 Heap-based Buffer Overflow in Vim prior to version 9.0 Out-of-Bounds Read Vulnerability in LibTIFF 4.3.0 Insecure JWT Secret Key Sharing in QXIP SIPCAPTURE homer-app Unverified ID Matching Vulnerability in dnslib Package File Inclusion Vulnerability in Formpipe Lasernet before 9.13.3 Integer Overflow or Wraparound in Vim prior to 9.0 Stored XSS Vulnerability in Sourcecodtester Hospital's Patient Records Management System 1.0 Stored XSS Vulnerability in Sourcecodtester Hospital's Patient Records Management System 1.0 Stored XSS Vulnerability in Sourcecodtester Hospital's Patient Records Management System 1.0 Stored XSS Vulnerability in Hospital Patient Record Management System v1.0 Privilege Escalation Vulnerability in Hospital Patient Record Management System v1.0 Critical Out-of-bounds Read Vulnerability in vim/vim Repository (prior to 9.0) Cross-Site Scripting (XSS) Vulnerability in Gibbon CMS v22.0.01 Critical Out-of-bounds Read Vulnerability in vim/vim Repository (prior to 9.0) Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 9.0 SQL Injection Vulnerability in Jeecg-boot v3.0 via /jeecg-boot/sys/user/queryUserByDepId Code Parameter SQL Injection Vulnerability in Jeecg-boot v3.0 via /sys/user/queryUserComponentData Code Parameter Hutool v5.7.18's HttpRequest Ignoring TLS/SSL Certificate Validation Vulnerability Stack Overflow Vulnerability in Jerryscript 3.0.0 via ecma_op_object_find_own Use After Free vulnerability in GitHub repository vim/vim prior to version 9.0 Assertion Failure in Jerryscript 3.0.0: Invalid Scanner Arguments SEGV Vulnerability in Jerryscript 3.0.0 via ecma_ref_object_inline in ecma-gc.c Assertion Failure in Jerryscript 3.0.0: Invalid Value Type Stack Overflow Vulnerability in Jerryscript 3.0.0 via vm_loop.lto_priv.304 Stack Overflow Vulnerability in Jerryscript 3.0.0 via ecma_lcache_lookup Heap Buffer Overflow in Jerryscript 3.0.0 via ecma_utf8_string_to_number_by_radix SQL Injection Vulnerability in ApolloTheme AP PageBuilder Component for PrestaShop Unauthenticated DoS Vulnerability in Core FTP / SFTP Server v2 Build 725 Reflected Cross-site Scripting (XSS) Vulnerability in zadam/trilium prior to 0.52.4, 0.53.1-beta Assertion Failure in JerryScript Commit a6ab5e9: parser_parse_function_arguments Information Disclosure Vulnerability in Sangfor VDI Client 5.4.2.1006 HotelDruid v3.0.3 Remote Code Execution (RCE) Vulnerability via Crafted Payload in Create New Room Module Cross-Site Scripting (XSS) Vulnerability in SourceCodester Hotel Management System 2.0 Prototype Pollution Vulnerability in Plist.parse() Allows for DoS and Remote Code Execution Path Traversal Vulnerability in FileManager Component of Ovidentia CMS 6.0 O2OA v6.4.7 Remote Code Execution (RCE) Vulnerability via /x_program_center/jaxrs/invoke SSO Login URL Redirection Vulnerability in Adenza AxiomSL ControllerView 10.8.1 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Hotel Management System 2.0 Session Key Vulnerability in TP-Link TL-WA850RE Wi-Fi Range Extender Hardcoded Shiro-Key Vulnerability in MCMS v5.2.4 Arbitrary Code Execution via File Upload in MCMS v5.2.4 New Template Module Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Sales Management System 1.0 Template Management Function RCE Vulnerability in MCMS v5.2.4 Improper Directory Validation in Maildir and Sieve File Repository Allows Unauthorized Access Path Traversal Vulnerability in Apache Karaf obr:* Commands and karaf-maven-plugin Run Goal Unauthenticated Arbitrary Pillar Data Substitution in SaltStack Salt Minion Authentication Denial of Service Vulnerability Replay Attack Vulnerability in SaltStack Salt Denial-of-Service Vulnerability in VMware Workstation and Horizon Client for Windows via Cortado ThinPrint Component Information Disclosure Vulnerability in VMware Cloud Foundation: Plain-text Logging of Credentials in SDDC Manager Logs WebRTC Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Vulnerability: Unauthorized Command Execution in SaltStack Salt Dangling 'file' Pointer Vulnerability in vmwgfx Driver Allows Local Privilege Escalation Uncontrolled Search Path Vulnerability in VMware Tools for Windows Stored Cross-Site Scripting (XSS) Vulnerability in VMware Workspace ONE Boxer VMware NSX Edge CLI Shell Injection Vulnerability Insecure TrustManager Configuration in Spring Cloud Gateway Code Injection Vulnerability in Spring Cloud Gateway vCenter Server Information Disclosure Vulnerability: Unauthorized Access to Sensitive Data Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome Denial of Service Vulnerability in Spring Framework VMware Carbon Black App Control Remote Code Execution Vulnerability File Upload Vulnerability in VMware Carbon Black App Control VMware HCX Information Disclosure Vulnerability Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager Authentication Bypass Vulnerabilities in VMware Workspace ONE Access OAuth2 ACS Framework Authentication Bypass Vulnerabilities in VMware Workspace ONE Access OAuth2 ACS Framework Remote Code Execution Vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation through Malicious JDBC URI Deserialization Remote Code Execution Vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation through Malicious JDBC URI Deserialization Cross-Site Request Forgery Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Use After Free Vulnerability in Chrome OS Shell Allows Remote Heap Corruption Privilege Escalation Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Information Disclosure Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation: Exposing Hostname VMware Horizon Agent for Linux: Local Privilege Escalation via Vulnerable Symbolic Link Remote Code Execution and Local Resource Access Vulnerability in Spring Cloud Function Routing Local Privilege Escalation in VMware Horizon Agent for Linux (prior to 22.x) via Vulnerable Configuration File Remote Code Execution (RCE) Vulnerability in Spring MVC and Spring WebFlux Applications Remote Code Execution Vulnerability in VMware Cloud Director Allows Unauthorized Server Access PAM Auth Bypass Vulnerability in SaltStack Salt Case Sensitivity Vulnerability in DataBinder DisallowedFields Pattern Denial-of-Service (DoS) Vulnerability in Spring Security OAuth 2.5.x and Older Versions Unrestricted File Upload Vulnerability in SourceCodester Clinics Patient Management System 2.0 File Upload DoS Vulnerability in Spring Framework Vulnerability: Denial of Service Attack in Spring Framework STOMP over WebSocket Endpoint Authentication Bypass Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Privilege Escalation Vulnerability in VMware Workspace ONE Access and Identity Manager LDAP Query Injection Vulnerability in Pinniped Supervisor Integer Overflow Vulnerability in Spring Security XML External Entity (XXE) Vulnerability in VMware Tools for Windows Authorization Bypass Vulnerability in Spring Security RegexRequestMatcher Denial-of-Service Vulnerability in Spring Cloud Function's Function Catalog Component Critical SQL Injection Vulnerability in SourceCodester Clinics Patient Management System 2.0 SpEL Injection Vulnerability in Spring Data MongoDB Application vCenter Server SSRF Vulnerability: Exploiting URL Requests and Internal Service Access Unprotected Storage of Credentials Vulnerability in VMware Workstation (16.x prior to 16.2.4) Command Injection Vulnerability in Snyk CLI and Plugins Injection Vulnerability in Web Application Allows Execution of Malicious Code Arbitrary OS Command Execution Vulnerability in Netcommunity OG410X and OG810X Series Hardcoded Private Key Vulnerability Enhanced File and Directory Permissions Mitigate Unauthorized Access Vulnerability Pre-Authenticated Stack Overflow Vulnerability in My Cloud OS 5 FTP Service Unsanitized SVG File Upload Vulnerability in Allow SVG Files WordPress Plugin My Cloud Devices: Limited Authentication Bypass Vulnerability with Remote Code Execution and Privilege Escalation Vulnerability: DNS Spoofing and Command Injection Exploit Leading to Unsecured HTTP Access on NAS Device Command Injection Remote Code Execution Vulnerability in Western Digital My Cloud Devices SSRF Vulnerability in Western Digital My Cloud Devices Allows Server Impersonation and Unauthorized Access Remote Code Execution Vulnerability in Western Digital My Cloud Devices Arbitrary Code Execution via SMB and AFP File Writing Vulnerability DLL Hijacking Vulnerability in G-RAID 4/8 Software Utility Setups for Windows Title: Mitigation of Remote Code Execution Vulnerability and Command Injection in My Cloud Home Devices Unsecured AWS Credentials: A Breach Waiting to Happen Cross-Site Scripting Vulnerability in Western Digital My Cloud Devices Allows Unauthorized Access and Data Manipulation Stored Cross-site Scripting (XSS) Vulnerability in Microweber GitHub Repository (prior to version 1.2.19) Weak SSLContext in Western Digital My Cloud Web App Allows Unauthorized Access to Port Forwarding Configuration Elliptic Curve Point Compression/Decompression Sign Bit Vulnerability Invalid Output Vulnerability in NIST P-256 Elliptic Curve Compression/Decompression Invalid Output Vulnerability in NIST P-256 Curve Computation Zero X Coordinate Vulnerability in NIST P-256 Curve: Limited Denial of Service UFS Boot Feature Vulnerability in Western Digital Systems Stack-based Buffer Overflow Vulnerability on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi Allows Unauthorized Access to /etc/version File Remote Code Execution via Undisclosed API Endpoints in NGINX Controller API Management Unauthorized Access to Managed BIG-IP Devices on BIG-IQ Centralized Management 8.x before 8.1.0 Buffer Over-read Vulnerability in GitHub Repository hpjansson/chafa prior to 1.10.3 Memory Resource Utilization Vulnerability in BIG-IP Virtual Server Configuration SYN Cookie Protection Vulnerability in BIG-IP Platforms HTTP/2 Profile Configuration Vulnerability in BIG-IP Versions 15.1.x and 14.1.x DOM-based Cross-Site Scripting (XSS) Vulnerability in BIG-IP DNS & GTM Configuration Utility Undisclosed Requests Vulnerability in BIG-IP APM Portal Access Memory Resource Utilization Vulnerability in BIG-IP Virtual Servers with Client SSL Profiles Undisclosed Requests Vulnerability in BIG-IP SSL Forward Proxy with TLS 1.3 Rapid Response Mode Vulnerability in BIG-IP Systems Undisclosed Requests Vulnerability in BIG-IP AFM Memory Resource Utilization Vulnerability in BIG-IP Virtual Server with Diameter Session and Router Profiles Lenze Cabinet Series: Password Bypass Vulnerability Undisclosed Requests Vulnerability in BIG-IP Version 16.1.x Vulnerability: Denial of Service in BIG-IP version 16.1.x before 16.1.2 Undisclosed Requests Vulnerability in BIG-IP Version 16.1.x Memory Resource Utilization Vulnerability in BIG-IP and BIG-IQ IPsec ALG Virtual Server Termination Vulnerability SIP ALG Profile Vulnerability in BIG-IP Software Unauthenticated User Data Upload Vulnerability in BIG-IP ASM & Advanced WAF Virtual Server Denial of Service Vulnerability TCP Connection Failure Vulnerability in BIG-IP AFM Memory Resource Utilization Vulnerability in BIG-IP Virtual Server with FastL4 Profile Bypassing 2FA Enforcement in GitLab CE/EE Increased CPU Resource Utilization in BIG-IP Virtual Edition with ixlv Driver and TCP Segmentation Offload Configuration Enabled XML External Entity (XXE) Vulnerability in F5 Advanced WAF and BIG-IP ASM Traffic Management User Interface (TMUI) DNS Rebinding Vulnerability in BIG-IP APM System Insecure Guest Physmap Removal in Arm Architecture XSA-380: Denial of Service Vulnerability in Xen Hypervisor Interrupt Handling Vulnerability in x86 HVM Guests Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Stack-based Buffer Overflow in Vim Prior to Version 9.0 Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Authenticated Admin User Bypasses File Upload Restriction in Zenario CMS 9.2 CSRF Vulnerability in Tiny File Manager version 2.4.8 Persistent XSS vulnerability in PhpIPAM v1.4.4 via Site title parameter injection SQL Injection Vulnerability in PhpIPAM v1.4.4 via subnet parameter in app/admin/routing/edit-bgp-mapping-search.php Persistent JavaScript Injection in Exponent CMS 2.6.0patch2 Site Settings Arbitrary Remote Code Execution in Exponent CMS 2.6.0patch2 Persistent JavaScript Injection in Exponent CMS 2.6.0patch2 via User-Agent Header Stored Cross-Site Scripting Vulnerability in WordPress Popup WordPress Plugin DLL Hijack Vulnerability in ManageEngine AppManager15 (Build No:15510) Persistent JavaScript Injection Vulnerability in PeteReport Version 0.5 CSRF Vulnerability in PeteReport Version 0.5 Allows Unauthorized Deletion of Users, Products, Reports, and Findings Stored XSS vulnerability in Openmct's Condition Widget element allows for malicious JavaScript injection Stored XSS vulnerability in Openmct Summary Widget allows for JavaScript injection Missing Authorization in ERPNext Chat Rooms: Impersonation and Unauthorized Message Access Stored XSS Vulnerability in ERPNext Patient History Page Allows Account Takeover Stored Cross-Site Scripting (XSS) Vulnerability in ERPNext Versions v12.0.9--v13.0.3 Stored XSS Vulnerability in ERPNext Versions v12.0.9-v13.0.3 Allows Account Takeover Stored Cross Site Scripting (XSS) Vulnerability in Shopizer 2.0 - 2.17.0 via Manage Images Tab Session Token Reuse Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in Shopizer 2.0 - 2.17.0: File Injection Exploit Insecure Direct Object Reference (IDOR) Vulnerability in Shopizer Versions 2.0 to 2.17.0 Allows Regular Admins to Permanently Delete Superadmins Insufficient Session Expiration in Shopizer Versions 2.3.0 to 3.0.1 Host Header Injection Vulnerability in Snipe-IT: Account Takeover via Password Reset Token Leak Stored XSS Vulnerability in Vendure: Uploading Malicious SVG Files via Assets Tab Solana rBPF Incorrect Calculation Vulnerability Token Leakage via Referer Header in ToolJet Versions v0.5.0 to v1.2.2: Account Takeover Vulnerability HTML Injection Vulnerability in ToolJet Versions v0.6.0 to v1.10.2 Vulnerability: Retention of Usable Group Access Token after Group Deletion in GitLab CE/EE Vulnerability: Server Side Request Forgery (SSRF) in Recipes' Import Recipe Functionality Stored Cross-Site Scripting (XSS) Vulnerability in Recipes' Add to Cart Functionality Stored Cross-Site Scripting (XSS) Vulnerability in Recipes Application's Copy to Clipboard Functionality Stored Cross-Site Scripting (XSS) Vulnerability in Recipes 0.17.0 - 1.2.5 DOM XSS Vulnerability in Habitica Login Page (Versions v4.119.0 - v4.232.2) Open Redirect Vulnerability in Habitica Login Page Host Header Injection in Motor-Admin Password Reset Functionality Uninitialized Memory Leak Vulnerability in vDPA with VDUSE Backend Server-Side Request Forgery (SSRF) Vulnerability in Directus Media Upload Functionality Reflected XSS Vulnerability in OpenLibrary Versions deploy-2016-07-0 through deploy-2021-12-22 Path Traversal Vulnerability in CureKit Versions v1.0.1 - v1.1.3 XSS Vulnerability in NetMaster 12.2 Network Management and File Transfer Management Time-of-check to time-of-use bug in nmreq_copyin() leading to kernel memory corruption and potential host environment compromise Integer Overflow Vulnerability in nmreq_copyin() Function Heap Data Overwrite Vulnerability in mpr, mps, and mpt Drivers Vulnerability: Memory Overwrite in e1000 Network Adapters Remote Code Execution Vulnerability in FreeBSD Wi-Fi Client Scanning Mode Out-of-Bound Read Vulnerability in proc_getargv() Function NULL Pointer Dereference Vulnerability in lxml and libxml2 2.9.10 through 2.9.14 Use After Free Vulnerability in aio_aqueue Function Memory Leakage Vulnerability in Virtual Memory System Memory Overwrite Vulnerability in lib9p's RWALK Message Handling Buffer overflow vulnerability in ping's pr_pack() function Denial of Service Vulnerability in Libreswan 4.2 through 4.5 Memory Corruption Vulnerability in Open Design Alliance Drawings SDK Out-of-Bounds Read Vulnerability in Connman DNS Proxy Out-of-Bounds Read Vulnerability in Connman DNS Proxy Infinite Loop Vulnerability in Connman DNS Proxy Block-wise read XSS vulnerability in OX App Suite through 7.10.6 Authentication Bypass Vulnerability in Skyhigh SWG Allows Unauthorized Access to Admin Interface OS Command Injection in OX App Suite Documentconverter Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.6 via Deep Link in E-mail Open Redirect Vulnerability in SINEMA Remote Connect Server (All versions < V2.0) Allows for Phishing Attacks Stack-Based Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Local Privilege Escalation Vulnerability in WIN-911 2021 R1 and R2 Unencrypted Transmission of Data in Jenkins Active Directory Plugin Insecure Token Validation in Jenkins Configuration as Code Plugin Arbitrary File Write and Read Vulnerability in Jenkins Warnings Next Generation Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Badge Plugin 1.9 and Earlier Unmasked Vault Credentials in Jenkins Pipeline Logs and Step Descriptions Reflected Cross-Site Scripting in Find and Replace All WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Publish Over SSH Plugin Jenkins Publish Over SSH Plugin CSRF Vulnerability: Unauthorized SSH Server Access Vulnerability: Unauthorized SSH Server Connection in Jenkins Publish Over SSH Plugin Path Traversal Vulnerability in Jenkins Publish Over SSH Plugin Unencrypted Password Storage in Jenkins Publish Over SSH Plugin CSRF Vulnerabilities in Jenkins Batch Task Plugin 1.19 and Earlier: Unauthorized Access and Control Jenkins Conjur Secrets Plugin: Agent Process Control Vulnerability Jenkins Conjur Secrets Plugin: Unauthorized Retrieval of Stored Credentials Arbitrary OS Command Execution in Jenkins Debian Package Builder Plugin Directory Traversal Vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux CSRF and Stored XSS Vulnerabilities in Student Result or Employee Database WordPress Plugin Privilege Escalation and Arbitrary Code Execution Vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux Remote Code Execution in Netatalk via AppleDouble Entries (ZDI-CAN-15819) Remote Code Execution Vulnerability in Netatalk (ZDI-CAN-15837) Remote Code Execution Vulnerability in Netatalk (ZDI-CAN-15830) Remote Code Execution Vulnerability in Netatalk (ZDI-CAN-15870) Remote Code Execution in Netatalk via copyapplfile Function (ZDI-CAN-15869) TeslaMate Docker Configuration Vulnerability: Unauthorized Access and Control of Tesla Vehicles Cross-Site Scripting Vulnerability in Mitsubishi Electric MC Works64 and ICONICS MobileHMI WebSocket Authentication Bypass Vulnerability in Mitsubishi Electric MC Works64, ICONICS GENESIS64, Hyper Historian, AnalytiX, and MobileHMI Plaintext Storage of Passwords in Mitsubishi Electric MC Works64 and ICONICS GENESIS64 DLL Hijacking Vulnerability in MA Smart Installer for Windows Buffer Over-read Vulnerability in Mitsubishi Electric MC Works64, ICONICS GENESIS64, and ICONICS Hyper Historian SAML SSO Authentication Vulnerability: Privilege Escalation and Admin Access in Zabbix Frontend Zabbix RPM Installation Vulnerability: DAC_OVERRIDE SELinux Capability Bypass XSS Vulnerability Allows Session Hijacking and Account Takeover via Hosts Group Creation Unauthenticated Access to Critical Setup Steps in Zabbix Frontend Directory Traversal Vulnerability in ZTE Home Gateway Products Stored XSS Vulnerability in ZTE Home Gateway Allows Remote Code Execution ZXCDN Product Reflective XSS Vulnerability Weak Random Value Generation Vulnerability in ZTE MF297D ZXMP M721 Product Permission and Access Control Vulnerability Arbitrary PHP Function Execution Vulnerability in VR Calendar WordPress Plugin Information Leak Vulnerability in ZXMP M721 DoS Vulnerability in ZXEN CG200: Product Management Websites Unavailable ZTE OTCP Product Permission and Access Control Vulnerability ZTE ZXvSTB Product: Broken Access Control Vulnerability Allows Deletion of Default Application Type Unauthenticated SQL Injection Vulnerability in Database Software Accreditation Tracking/Presentation Module (Before Version 2) Unrestricted File Upload Vulnerability in Dell Wyse Management Suite Versions 2.0-3.5.2 Improper Authentication Vulnerability in Wyse Device Agent Version 14.6.1.4 and Below Sensitive Data Exposure Vulnerability in Wyse Device Agent 14.6.1.4 and Below Sensitive Data Exposure Vulnerability in Wyse Device Agent 14.6.1.4 and Below Dell PowerScale OneFS Memory Release Vulnerability HTML Injection Vulnerability in Devolutions Server (before 2022.2): Altering Page Rendering and Redirecting Users Dell PowerScale OneFS Improper Handling of Insufficient Permissions Vulnerability Denial-of-Service Vulnerability in Dell PowerScale OneFS SmartConnect Dell PowerScale OneFS Denial of Service Vulnerability Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) Vulnerability Sysaid Local File Inclusion (LFI) Vulnerability: Unauthorized System Access via /lib/tinymce/examples/index.html Path Unauthenticated Local File Inclusion (LFI) Vulnerability in mobile/downloadfile.aspx SQL Injection Vulnerability in Login Panel SQL Injection Vulnerability in Admin Panel's agentid Parameter Insufficient Parameter Checking in Simple Membership WordPress Plugin Allows Membership Manipulation at Registration Stage XML External Entity Injection Vulnerability in SysAid - Okta SSO Integration Privilege Escalation via Named Pipe Messages in AtlasVPN Client User Enumeration Vulnerability Privilege Escalation via Prog Step Parameter Manipulation Remote Privilege Escalation in WatchGuard Firebox and XTM Appliances Unauthenticated Disclosure of User Credentials in Crestron HD-MD4X2-4K-E 1.0.0.2159 HDMI Switcher Cross-Site Scripting Vulnerability in Contact Form & Lead Form Elementor Builder WordPress Plugin Use-After-Free Vulnerabilities in Linux Kernel Timer Handler Unauthenticated User Access and Settings Modification Vulnerability in Contact Form & Lead Form Elementor Builder WordPress Plugin Time of Check, Time of Use Vulnerability in Apache Tomcat with FileStore Session Persistence Improper Access Control in Intel(R) Data Center Manager Software: Potential Privilege Escalation via Adjacent Access Unauthorized Database Access Vulnerability in Advanced Custom Fields Open Redirect Vulnerability in Octopus Server Adobe Illustrator Out-of-Bounds Write Vulnerability Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Illustrator (CVE-2021-XXXX) Buffer Overflow Vulnerability in Adobe Illustrator: Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe Illustrator: Application Denial-of-Service via Malicious File Xorg-x11-server Out-of-Bounds Access Vulnerability in ProcXkbSetGeometry Function Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Adobe Illustrator Out-of-Bounds Read Vulnerability Adobe Illustrator Out-of-Bounds Read Vulnerability Adobe Illustrator Out-of-Bounds Read Vulnerability Adobe Illustrator Out-of-Bounds Read Vulnerability Null Pointer Dereference Vulnerability in Adobe Illustrator: Application Denial-of-Service via Malicious File Null Pointer Dereference Vulnerability in Adobe Illustrator: Application Denial-of-Service via Malicious File Privilege Escalation and Arbitrary Code Execution in Xorg-x11-server Out-of-Bounds Write Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe RoboHelp 2020.0.7 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe Creative Cloud Desktop Software Buffer Overflow Vulnerability in Adobe Photoshop: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Premiere Rush Versions 2.0 and Earlier Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Apache Traffic Control Traffic Ops Unprivileged User Port Scanning Vulnerability GitHub Repository Nakama Prior to 3.13.0: Login Brute-Force Vulnerability Buffer Overflow Vulnerability in svcunix_create Function of glibc Buffer Overflow Vulnerability in clnt_create Function of glibc Arbitrary Code Execution Vulnerability in USBView 2.1 Arbitrary Code Execution in H2 Console (CVE-2021-42393) Privilege Escalation via Pointer Arithmetic in Linux Kernel (CVE-2021-44252) Apache ShenYu 2.4.0 and 2.4.1 Password Disclosure Vulnerability Unauthenticated Arbitrary User Addition and Code Execution Vulnerability in NUUO NVRmini2 through 3.11 Improper WebRTC Input Validation in Pexip Infinity before 27.0 Allows Remote Denial of Service Remote Code Execution Vulnerability in SonicWall Switch 1.1.1.0-2s and Earlier Versions Vulnerability: Unauthorized S3 Access for Disabled User Accounts in StorageGRID StorageGRID (formerly StorageGRID Webscale) < 11.6.0 Denial of Service (DoS) Vulnerability SnapCenter Local Authentication Vulnerability: Exposing Plaintext HANA Credentials Information Disclosure Vulnerability in Active IQ Unified Manager Plaintext Storage of LDAP BIND Password in E-Series SANtricity OS Controller Software Host Header Injection Vulnerability in E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 Vulnerability in Linux Deployments of StorageGRID: Unauthorized Access and Email Modification Stored Cross-Site Scripting (XSS) Vulnerability in Active IQ Unified Manager Bypass of Capture ATP Security Service in SonicWall Hosted Email Security Appliance Unauthorized EMS Subscription Update Vulnerability in Active IQ Unified Manager SnapLock Configured FlexGroups Vulnerability: Arbitrary Modification and Deletion of WORM Data Remote Code Execution Vulnerability in TeamViewer Linux Versions Stored Cross-Site Scripting Vulnerability in Invitation Based Registrations WordPress Plugin Exposed Secrets: Microsoft Office Information Disclosure Vulnerability PPTP DoS Vulnerability in Windows OS Power BI Data Exposure Vulnerability Android OneDrive Security Feature Bypass Vulnerability Azure Data Explorer Spoofing Vulnerability: Exploiting Trust in Data Sources Hyper-V Remote Code Execution Vulnerability in Windows Edge for Android Spoofing Vulnerability Exposes Users to Phishing Attacks Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 On-Premises Email Invite Vulnerability in GitLab CE/EE Versions Before 15.2.1 EdgeTamper: A Critical Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Critical Remote Code Execution Vulnerability in Microsoft Defender for IoT Guardian Breached: Microsoft Defender for IoT Elevation of Privilege Vulnerability Exposed .NET and Visual Studio DoS Vulnerability: Exploiting Software Resource Exhaustion Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Unauthenticated Spoofing Vulnerability in Microsoft Dynamics GP Vulnerability: Inconsistent Identity Handling in io_uring Operations Pervasive Windows PPTP Remote Code Execution Vulnerability Unauthenticated Elevation of Privilege Vulnerability in Microsoft Dynamics GP Unauthenticated Elevation of Privilege Vulnerability in Microsoft Dynamics GP Unauthenticated Elevation of Privilege Vulnerability in Microsoft Dynamics GP Exploiting the Microsoft Dynamics GP Remote Code Execution Vulnerability Containerized SQL Server for Linux: Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Microsoft Defender for Endpoint Spoofing Vulnerability: Exploiting Trust in Endpoint Security ALPC Privilege Escalation Vulnerability in Windows Cross-Site Scripting (XSS) Vulnerability in Flexi Quote Rotator WordPress Plugin Outlook for Mac Security Feature Bypass Vulnerability Windows Common Log File System Driver Information Leakage Vulnerability Exploiting the Paint 3D Remote Code Execution Vulnerability ALPC Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability ALPC Privilege Escalation Vulnerability in Windows Windows DWM Core Library Privilege Escalation Vulnerability Heap-based Buffer Overflow Vulnerability in IGSS Data Server (Versions prior to V15.0.0.22073) Windows Inking COM Privilege Escalation Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability Power BI Spoofing Vulnerability: Impersonation Exploit in Microsoft's Business Intelligence Platform Windows Fast FAT File System Driver Privilege Escalation Vulnerability Tracing the Danger: Windows Event Remote Code Execution Vulnerability Raw Image Extension RCE Vulnerability Windows Installer Privilege Escalation Vulnerability Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Windows NT OS Kernel Elevation of Privilege Vulnerability: A Critical Security Flaw Windows PDEV Elevation of Privilege Vulnerability: Exploiting System Weaknesses XML External Entity (XXE) Reference Vulnerability in DLP Endpoint for Windows prior to 11.9.100 Raw Image Extension RCE Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Vulnerability: Remote Code Execution via JMSSink in Log4j 1.x Vulnerability: Side Channel Attacks in SAE Implementations Vulnerability: Side-Channel Attacks in EAP-pwd Implementations SQL Injection Vulnerability in Log4j 1.2.x JDBCAppender Deserialization Vulnerability in Apache Chainsaw and Apache Log4j Use-After-Free Vulnerability in libxml2's valid.c Cross-Site Scripting (XSS) Vulnerability in Spectrum Power 4 Online Help SQL Injection Vulnerability in MCMS v5.2.4 via /ms/mdiy/model/importJson.do Arbitrary File Upload Vulnerability in MCMS v5.2.4 via /ms/template/writeFileContent.do Component Arbitrary File Read Vulnerability in taoCMS v3.0.2 CobaltStrike <=4.5 HTTP(S) Listener URL Validation Vulnerability Heap Buffer Overflow in pcf2bdf: Exploiting Unsafe Memory Access in PCF Font Files PCF File Parsing Vulnerability: Triggering Program Crash via Specially Crafted Font File Insecure Permission Assignment Vulnerability in Honeywell SoftMaster 4.51 Authentication Bypass and SQL Injection Vulnerability in XMPie uStore 12.3.7244.0 Persistent XSS Vulnerability in XMPie UStore Application (Version 12.3.7244.0) Ethereum Node DoS Vulnerability: Exploiting Transaction Purging Flaw Denial of Service (DoS) Vulnerability in Go-Ethereum: Exploiting Memory Pool Occupation Arbitrary Command Execution Vulnerability in UJCMS Jspxcms v10.2.0 DLL Hijacking Vulnerability in Honeywell SoftMaster Version 4.51 Application Remote Code Execution (RCE) Vulnerability in jpress v4.2.0 HelloWorldAddonController.java Critical Security Vulnerability in DataEase v1.6.1: Unauthorized Access and Password Manipulation Remote Command Injection Vulnerability in Shenzhen Ejoin ACOM508/ACOM516/ACOM532 Manual Ping Form Weak Signature Checks in Ip-label Newtest Robot Application Allow Privilege Escalation SQL Injection Vulnerability in Metinfo v7.5.0 via doModifyParameter in language_general.class.php SQL Injection Vulnerability in S-CMS v5.0 via member_pay.php O_id Parameter SQL Injection Vulnerability in DedeCMS v5.7.87 via article_coonepage_rule.php DLL Hijacking Vulnerability in Softing Secure Integration Server V1.22 Remote Code Execution in Joplin 2.6.10 through User Search Results Username Enumeration Vulnerability in Hyland OnBase Application Server Incorrect Access Control in BigAnt Server v5.6.06 Incorrect Access Control Issues in BigAnt Server v5.6.06 Directory Traversal Vulnerability in BigAnt Server v5.6.06 Weak Password Hashes in BigAnt Server v5.6.06 Cross-Site Request Forgery (CSRF) Vulnerability in BigAnt Server v5.6.06 Denial-of-Service Vulnerability in Softing Secure Integration Server V1.22 Cross-Site Scripting (XSS) Vulnerability in BigAnt Server v5.6.06 Denial of Service (DoS) Vulnerability in BigAnt Server v5.6.06 Directory Traversal Vulnerability in mozilo2.0 via curent_dir Parameter SQL Injection Vulnerability in EasyCMS v1.6 via ArticlemAction.class.php Default Administrator Credentials in Softing Secure Integration Server Software SQL Injection Vulnerability in Online Banking System v1.0 via index.php SQL Injection Vulnerability in HMS v1.0's adminlogin.php SQL Injection Vulnerability in HMS v1.0 via doctorlogin.php SQL Injection Vulnerability in HMS v1.0's patientlogin.php DOM-based XSS Vulnerability in Fulusso v1.1's SuccessTips.js Missing HTTP URI in Crafted HTTP Packet Vulnerability in Softing Secure Integration Server V1.22 Authenticated Remote Code Execution in WikiDocs v0.1.18 via Image Upload Form Multiple Reflected XSS Vulnerabilities in WikiDocs Version 0.1.18 Local File Inclusion Vulnerability in Archeevo Below 5.0: Exploiting file=~/web.config Cross-Site Scripting (XSS) Vulnerability in TastyIgniter 3.2.2 SQL Injection Vulnerability in Emlog v6.0 via $TagID Parameter Authentication Bypass via Machine-in-the-Middle Attack in Softing Secure Integration Server V1.22 SQL Injection Vulnerability in Taocms 3.0.2 - Parameter id:action=admin&id=2&ctrl=edit Denial of Service Vulnerability in Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 Broken Access Control in YzmCMS v6.3 Allows Unauthorized Access to User's Personal Home Pages Cross-Site Request Forgery (CSRF) Vulnerability in YzmCMS v6.3 /admin.add SQL Blind Injection Vulnerability in taocms 3.0.2 Remote Code Execution (RCE) Vulnerability in PublicCMS v4.0 via cmdarray Parameter SSRF Vulnerability: Exploiting Internal Address Access for Unauthorized Data Leakage Arbitrary File Upload Vulnerability in BBS Forum v5.3 and below Cross-Site Scripting (XSS) Vulnerability in Pybbs v6.0 via Crafted Search Payload Prototype Pollution in jQuery Cookie 1.4.1: Exploiting DOM XSS Vulnerability Reflected Cross-Site Scripting Vulnerability in Cedar Gate EZ-NET Portal 6.5.5 6.8.0 Stack-based Buffer Overflow Vulnerability in TCL LinkHub Mesh Wifi MS1G_00_01.00_14 Stored Cross-Site Scripting Vulnerability in W-DALIL WordPress Plugin Stack-based Buffer Overflow in Accusoft ImageGear 19.10's IGXMPXMLParser::parseDelimiter Functionality Insecure DLL Loading Vulnerability in Yokogawa Electric Products Hard-coded Password Vulnerability in Yokogawa Electric CAMS Server Applications Denial of Service Vulnerability in Intel(R) Data Center Manager Software Non-Random IV Values Vulnerability in wolfSSL 5.x before 5.1.1 Arbitrary File Read Vulnerability in Logs Plugin for Craft CMS Stored Cross-Site Scripting Vulnerability in Simple Page Transition WordPress Plugin Remote Code Execution and Local Privilege Escalation via DLL Hijacking in AXIS IP Utility Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository outline/outline prior to v0.64.4 Exynos Baseband Vulnerability: Arbitrary NAS Signaling Message Injection File Access Vulnerability in DeX Home and DeX for PC: Exploiting PendingIntent for System Privilege Escalation KnoxPrivacyNoticeReceiver Implicit Intent Media Access Vulnerability Arbitrary Memory Write and Code Execution Vulnerability in eden_runtime hal Service Audio HAL Service Vulnerability: Improper Boundary Check Leading to Memory Read and Application Crash Heap-based Buffer Overflow in Vim prior to 9.0.0044 Boundary Check Vulnerability in RPMB ldfw Prior to SMR Feb-2022 Release 1 Enables Arbitrary Memory Write and Code Execution Arbitrary Memory Write and Code Execution Vulnerability in RPMB ldfw Improper Access Control Vulnerability in Reminder App Allows Remote Reminder Registration and Activity Execution Bixby Vision PendingIntent Hijacking Vulnerability Denial of Service Vulnerability in Android-Gif-Drawable Infinite Loop Vulnerability in Apache Xerces Java XML Parser (XercesJ) Captive Portal Authentication Replacement Page XSS Vulnerability in FortiOS Heap-based Buffer Overflow in Vim Prior to 9.0.0045 Vulnerability: Hard-coded Cryptographic Key in FortiEDR Collectors Vulnerability: Hard-coded Cryptographic Key Allows Network Impersonation and Message Forgery in FortiEDR Improper Access Control Allows Gathering Checksum Information in FortiOS Versions 6.2.0-6.2.11, 6.4.0-6.4.8, and 7.0.0-7.0.5 Improper Access Control in Fortinet FortiSOAR Allows Unauthenticated Access to Gateway API Data Improper Resource Control Vulnerability in Fortinet FortiEDR 5.0.3 and Earlier Path Traversal Vulnerability in FortiExtender Management Interface Improper Permissions Assignment Vulnerability in SIMATIC Energy Manager Basic and PRO DLL Hijacking Vulnerability in SIMATIC Energy Manager Basic and PRO (All versions < V7.3 Update 1) GitHub Repository vim/vim: Use After Free Vulnerability (CVE-XXXX-XXXX) Insecure Deserialization Allows Remote Code Execution in SIMATIC Energy Manager OpenStack-Barbican Authorization Flaw: Unrestricted Access to Secret Metadata API OpenStack-Barbican Authorization Flaw: Admin Role Privilege Escalation and Denial of Service Vulnerability Critical Security Vulnerabilities Discovered in HP Support Assistant: Privilege Escalation, Integrity Compromise, and Unauthorized File Modification Critical Security Vulnerabilities Discovered in HP Support Assistant: Privilege Escalation, Integrity Compromise, and Unauthorized File Modification Critical Security Vulnerabilities Discovered in HP Support Assistant: Privilege Escalation, Integrity Compromise, and Unauthorized File Modification Arbitrary File Deletion Vulnerability in HP Support Assistant Software Improper Control-Flow Bypass in ESAPI Validator.getValidDirectoryPath() Cross-Site Scripting Vulnerability in Toast UI Grid (Versions prior to 4.21.3) Memory Corruption Vulnerability in Jsonxx/Json++ Vulnerability: Unauthorized Access to Extension Endpoints in Octopus Deploy Stack Exhaustion Vulnerability in jsonxx JSON Parser Jodit Editor XSS Vulnerability Stack Buffer Overflow Vulnerability in IOWOW Library Allows for Denial of Service (DOS) SpEL Injection Vulnerability in Nepxion Discovery Server-Side Request Forgery (SSRF) vulnerability in Nepxion Discovery Arbitrary Command Execution via Window Title Modification in SwiftTerm DOM-based Cross-Site Scripting (XSS) Vulnerability in teler Dashboard Stack Address Leakage Vulnerability in OpenRazer Buffer Overflow Vulnerability in xrdp < v0.9.21 Authorization Header Leakage in Traefik Debug Logs Unbounded Length Field Vulnerability in UBoot's USB DFU Implementation Arbitrary File Read Vulnerability in Galaxy 22.01 and Higher Memory Exhaustion Vulnerability in containerd's CRI Implementation Insecure Random Number Generation in Passeo Password Generator (Versions < 1.0.5) Improper Authorization Verification in Tuleap MediaWiki Standalone Plugin Code Injection via Pasted Input in Editor.js (Versions prior to 2.26.0) Vulnerability: Account Takeover in daloRadius 1.3 and prior versions Null Pointer Exception in Nokogiri XML Reader's attribute_hash Method Buffer Overflow Vulnerability in xrdp < v0.9.21's audin_send_open() Function Out of Bound Write Vulnerability in xrdp < v0.9.21 Buffer Overflow Vulnerability in xrdp < v0.9.21 Buffer Overflow Vulnerability in xrdp < v0.9.21 Out of Bound Read Vulnerability in xrdp < v0.9.21 Out of Bound Read Vulnerability in xrdp < v0.9.21 Out of Bound Read Vulnerability in xrdp < v0.9.21 Integer Overflow Vulnerability in xrdp_mm_process_rail_update_window_text() Function Multiple Account Creation and Unauthorized Organization Access via Manipulated Invite Link in Sentry Python Library Memory Exhaustion Denial of Service Vulnerability in libp2p-rust (versions prior to 0.45.1) Resource Exhaustion Vulnerability in js-libp2p Versions Prior to v0.38.0 Unenforced Moderators-Only Webcams Lock Setting in BigBlueButton Sensitive Information Exposure in BigBlueButton Polls Vulnerability: TrustCor Root Certificates Removed from Certifi's Trust Store Vulnerability: Targeted Resource Exhaustion Attacks in go-libp2p (Versions <= 0.18.0) Out of Bound Read Vulnerability in xrdp < v0.9.21 Cross-Site Scripting (XSS) Vulnerability in TinyMCE Alert and Confirm Dialogs Panic-inducing Encode Errors in go-merkledag's ProtoNode ArrayIndexOutOfBoundsException in Yauaa Library Leads to Application Crash Remote User Access to FreshRSS Configuration Files Exposes Hashed Passwords Session Hijacking Vulnerability in Grafana Cross-Site Scripting (XSS) Bypass in typo3/html-sanitizer Unauthenticated User Blocking Vulnerability in Disable User Login WordPress Plugin Recursive Amplification Vulnerability in TYPO3 Versions Prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 Improper Authentication Vulnerability Session Revocation Vulnerability in TYPO3 Code Injection Vulnerability in TYPO3 Form Designer Backend Module TYPO3 Sensitive Information Disclosure Vulnerability Passport-wsfed-saml2 Authentication Bypass Vulnerability Exposure of AWS Credentials in Spinnaker's Rosco Packer Logs Improper Verification of Cryptographic Signature in Tendermint Light Client Unauthenticated Access to S3 Bucket in Weave GitOps Run Unencrypted Communication Vulnerability in Weave GitOps Cross-Site Scripting (XSS) Vulnerability in Post SMTP Mailer/Email Log WordPress Plugin Arbitrary SQL Execution Vulnerability in Cube.js 0.31.23 Privilege Escalation Vulnerability in Amazon CloudWatch Agent for Windows Path Injection Vulnerability in MeterSphere Versions Prior to 2.4.1 Unauthorized Query Search Vulnerability in Pi-Hole AdminLTE Denial of Service Vulnerability in Loofah < 2.19.1 Cross-Site Scripting (XSS) Vulnerability in Loofah <= 2.19.1 via image/svg+xml Media Type in Data URIs Stack Exhaustion Vulnerability in Loofah Library Denial of Service Vulnerability in rails-html-sanitizer < 1.4.4 Cross-Site Scripting (XSS) Vulnerability in rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer prior to version 1.4.4 Unauthenticated Blind SSRF Vulnerability in Post SMTP Mailer/Email Log WordPress Plugin Incomplete Fix for XSS Vulnerability in rails-html-sanitizer (CVE-2022-32209) Arbitrary Heap Read/Write Vulnerability in Git's Parsing of gitattributes TarSlip vulnerability in MindsDB's `shutil.unpack_archive()` function allows for unintended file extraction and overwriting outside of the intended destination directory Infinite Loop Vulnerability in linux-loader Crate Uncontrolled Resource Consumption in Helm SDK's _strvals_ Package Leads to Denial of Service NULL Pointer Dereference Vulnerability in Helm _repo_package NULL Pointer Dereference Vulnerability in Helm Chartutil Package Open Redirect vulnerability in mod_auth_openidc prior to 2.4.12.2 Cross-Site Request Forgery and Token Theft Vulnerability in Microweber v1.2.20 Arbitrary File Write Vulnerability in GuardDog v0.1.7 and earlier GuardDog CLI Tool Relative Path Traversal Vulnerability Path Traversal Vulnerability in Neo4j's APOC Export Procedures Deserialization of Untrusted Data in LiteDB Remote File Read Vulnerability in Cortex Alertmanager Configuration API Buffer Overread Vulnerability in PJSIP's STUN Message Parsing Vulnerability: Leakage of HTTP Authorization Header in scs-library-client Insecure Key Type Misconfiguration in `jsonwebtoken` Library (<=8.5.1) Arbitrary Command Execution Vulnerability in WP-DBManager WordPress Plugin Signature Validation Bypass in jsonwebtoken Library (<=8.5.1) due to Defaulting to None Algorithm Vulnerability: Insecure Key Retrieval in JSON Web Tokens (JWT) Verification Authorization Bypass Vulnerability in OpenFGA 0.3.0 Cross-Site Scripting (XSS) vulnerability in Silverware Games' YouTube video embedding Server-Side Request Forgery leading to Cross-Site Scripting in MeterSphere v2.5.0 and below Information Leakage Vulnerability in Discourse 2.9.0.beta14 Allows Admin Digest Exposure Buffer Overread Vulnerability in PJSIP's STUN Message Parsing Regular Expression Denial of Service (ReDoS) Vulnerability in Discourse HTML comment bypass allows creation of posts with excessive length in Discourse CSRF Vulnerability in Easy Username Updater WordPress Plugin Allows Unauthorized Username Changes Vulnerability: Bypassing NMI Validation in AAD Pod Identity Stored XSS Vulnerability in Grafana GeoMap Plugin URL Access Filter Bypass in Alpine Library (CVE-2021-12345) Alpine Authentication Filter Bypass Vulnerability Improper Authentication in authentik Identity Provider allows Access Control Bypass via Token Reuse in Invitation URLs IP Address Spoofing Vulnerability in CodeIgniter Division by Zero Vulnerability in TensorFlow's BiasAndClamp Implementation Integer Overflow Vulnerability in TfLiteIntArrayCreate in TensorFlow Integer Overflow Vulnerability in TFLite Model Embedding Lookup Operations Unfiltered File Extension Upload Vulnerability in Frontend File Manager & Sharing WordPress Plugin TFLite Model Conversion Vulnerability Allows Limited Reads and Writes Arbitrary Write Vulnerability in TFLite Memory Allocator Integer Overflow Vulnerability in TensorFlow's `Range` Implementation Vulnerability: TOC/TOU Weakness in TensorFlow's Use of `tempfile.mktemp` Denial of Service Vulnerability in TensorFlow Resource Handle Decoding Denial of Service Vulnerability in TensorFlow via Assertion Failure Heap OOB Write Vulnerability in TensorFlow's Grappler Vulnerability: Integer Overflow in Sparse*Cwise* Ops in TensorFlow Integer Overflow Vulnerability in `AddManySparseToTensorsMap` Function in TensorFlow Denial of Service Vulnerability in TensorFlow Operations WSM Downloader WordPress Plugin Allows Unauthorized Remote File Download Null-dereference vulnerability in TensorFlow's protobuf decoding Denial of Service Vulnerability in TensorFlow's Protobuf Decoding Failure to Specialize Type during Shape Inference in TensorFlow Uninitialized Data Copy Vulnerability in TensorFlow's `AssignOp` Implementation Heap OOB Read/Write Vulnerability in TensorFlow's `SpecializeType` Integer Overflow Vulnerability in Tensorflow's OpLevelCostEstimator::CalculateTensorSize Integer Overflow Vulnerability in OpLevelCostEstimator::CalculateOutputSize in TensorFlow Null Pointer Dereference Vulnerability in TensorFlow's `GetInitOp` Implementation Memory Leak Vulnerability in TensorFlow's `ImmutableExecutorState::Initialize` Implementation Denial of Service Vulnerability in TensorFlow's Grappler Optimizer TensorFlow Shape Inference Vulnerability in User-Controlled Tensors Denial of Service Vulnerability in TensorFlow's Grappler Optimizer Denial of Service Vulnerability in TensorFlow's SavedModel with TensorByteSize Denial of Service Vulnerability in TensorFlow's SavedModel Binary Operator Use after free vulnerability in TensorFlow's PNG image decoding Memory Leak Vulnerability in TensorFlow's PNG Image Decoding Denial of Service Vulnerability in TensorFlow's SavedModel Assertion Handling Integer Overflow Vulnerability in TensorFlow's Grappler Component during Cost Estimation for Crop and Resize Denial of Service Vulnerability in TensorFlow's Grappler Optimizer Null Pointer Dereference Vulnerability in TensorFlow's Grappler Component Malicious `GraphDef` Alteration Vulnerability in TensorFlow Stack Overflow Vulnerability in TensorFlow's `GraphDef` Format Heap Out of Bounds Read Vulnerability in TensorFlow 2.8.0 Vulnerability: Denial of Service in TensorFlow's `simplifyBroadcast` Function Vulnerability: Heap OOB Read/Writes in TensorFlow MLIR Conversion Null Pointer Dereference Vulnerability in TensorFlow's XLA Compilation Cache Infinite Loop Vulnerability in Junrar Library Remote Program Execution Vulnerability in Element Desktop < 1.9.7 Cross-Site Scripting (XSS) vulnerability in laminas-form prior to version 3.1.1 Reflected Cross-Site Scripting and Open Redirect Vulnerability in Products.ATContentTypes Fleet 4.9.1 Vulnerability: SAML Authentication Spoofing with Missing Audience Verification Vulnerability: Lack of CSRF Protection in Symfony Form Component Arbitrary File Inclusion Vulnerability in NimForum Code Injection Vulnerability in iTunesRPC-Remastered Command Impersonation Vulnerability in x26-Cogs Defender Cog (prior to version 1.10.0) Ephemeral Messages Not Properly Removed from Local Chat History in Wire Webapp Stack Exhaustion Vulnerability in Envoy's Cluster Discovery Service (CDS) Vulnerability: Unbound Cookies in treq Library Premature Freeing of Hash Key in PJSIP Dialog Set Vulnerability File Deletion Vulnerability in iTunesRPC-Remastered Stored Cross-Site Scripting Vulnerability in WP Social Chat WordPress Plugin Vulnerability: SAML SSO Bypass and Impersonation in wire-server OS Command Injection in iTunesRPC-Remastered Arbitrary File Exfiltration Vulnerability in OpenMRS Heap Overflow Vulnerability in xrdp Sesman Server Code Injection Vulnerability in Twig's Sort Filter Arbitrary Document Modification and Privilege Escalation Vulnerability in XWiki Platform Remote Code Execution via Reset Password Feature in XWiki Platform Content Disclosure Vulnerability in XWiki Platform URL Redirection Vulnerability in XWiki Platform User Account Enumeration Vulnerability in XWiki Platform IP Spoofing Vulnerability in Download Manager WordPress Plugin Unescaped Filesystem Syntax in XWiki Platform HTML Export Process Arbitrary File Read Vulnerability in XWiki Platform Cross-Site Scripting (XSS) Vulnerability in XWiki Platform's `registerinline.vm` Template Input Validation Vulnerability in Frourio v0.26.0 and Earlier Versions Input Validation Vulnerability in Frourio-Express Wire-ios Vulnerability: Malformed Resource Identifiers Crash Unvalidated Image Upload Vulnerability in m1k1o/blog Inadequate Access Verification in ArchiSteamFarm (ASF) Allows Unauthorized Resource Access Vulnerability: Adverse Effect on Logic due to Pretty-Printing of Synthetic Nodes in OPA AST Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Parking Management System 1.0 Gradle Vulnerability: Inconsistent Dependency Verification Arbitrary Code Execution Vulnerability in superjson Traefik Vulnerability: TLS Configuration Bypass with FQDN Host Header Data Leakage Vulnerability in Action Pack Information Leakage Vulnerability in Puma and Rails Unauthenticated Remote Crash Vulnerability in Istio Control Plane Uninitialized Pointer Vulnerability in Wasmtime's Runtime Stored Cross-Site Scripting (XSS) Vulnerability in K-Box Markdown Editor Cross-Site Scripting Vulnerability in svg-sanitizer Library Misalignment vulnerability in crossbeam-utils 0.8.7 and earlier Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Parking Management System 1.0 XML Entity Expansion Vulnerability in Excel-Streaming-Reader Denial of Service Vulnerability in Discourse Prior to 2.8.1 Remote Code Execution in Sourcegraph's gitserver Service Reintroduced Side-Channel Vulnerability in Sourcegraph Code Monitoring Feature (CVE-2021-43823) Server-Side Request Forgery Vulnerability in BookWyrm: Exploiting the Cover Loading Functionality Out-of-Bounds Read Vulnerability in swtpm Vulnerability: User Interface (UI) Misrepresentation of Critical Information in Next.js Prism Command Line Plugin Cross-Site Scripting Vulnerability Arbitrary File Read Vulnerability in containerd's CRI Implementation Cosign Container Signing Vulnerability in Rekor Transparency Log Stored Cross-site Scripting (XSS) vulnerability in GitHub repository zadam/trilium prior to version 0.53.3 Hard-coded cryptographic key vulnerability in Netmaker server component Key Disclosure Vulnerability in b2-sdk-python 1.14.0 and below Privilege Escalation via Malicious Connection Header in capsule-proxy B2 Command Line Tool Local Key Disclosure Vulnerability Improper Access Control in Wiki.js Allows Unauthorized Page Updates Vulnerability: Lack of Gateway Server Signature Validation in OctoberCMS Cross-Site Scripting Vulnerability on Zulip Server's Recent Topics Page Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Remote Reflected XSS Vulnerability Trusted IP Header Misconfiguration in Mattermost 6.7.0 and Earlier Allows Rate Limit Bypass and IP Manipulation Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Multiple Versions Remote Authenticated SSRF Vulnerability Aruba ClearPass Policy Manager Remote Authorization Bypass Vulnerability Bypassing Link Parameter Validation in WSM Downloader WordPress Plugin Aruba ClearPass Policy Manager Remote Authenticated Information Disclosure Vulnerability Aruba ClearPass Policy Manager Remote Authenticated Information Disclosure Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Multiple Versions Remote Authenticated Stored XSS Vulnerability Aruba ClearPass Policy Manager Multiple Versions Remote Authenticated Stored XSS Vulnerability ArubaOS-Switch Devices Remote Code Execution Vulnerability ArubaOS-Switch Devices Remote Code Execution Vulnerability Aruba VIA Client Vulnerability: Intercepting Sensitive Information in Windows OS ArubaOS-CX Switches Vulnerability: Lack of Anti-CSRF Protections GitHub Repository Authentication Bypass Vulnerability in microweber/microweber prior to 1.2.20 ArubaOS-CX Switches Vulnerability: Lack of Anti-CSRF Protections ArubaOS-CX Command Injection Vulnerabilities ArubaOS-CX Command Injection Vulnerabilities Title: ArubaOS-CX Switches: Authenticated Command Injection Vulnerabilities in NAE Scripts Privilege Escalation Vulnerability in AOS-CX Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability in Aruba ClearPass Policy Manager LLDP Service Packet Processing Vulnerabilities in ArubaOS-CX Switches LLDP Service Packet Processing Vulnerabilities in ArubaOS-CX Switches LLDP Service Packet Processing Vulnerabilities in ArubaOS-CX Switches LLDP Service Packet Processing Vulnerabilities in ArubaOS-CX Switches Unrestricted Access to YaySMTP WordPress Plugin Logs AOS-CX Web Management Interface Version Fingerprinting Vulnerability ArubaOS-CX Switches Authentication Bypass Vulnerability SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager Title: HPE OneView Remote Cross-Site Scripting (XSS) Vulnerability Prior to 6.6 Remote Unauthenticated Information Disclosure Vulnerability in HPE OneView Local Authentication Restriction Bypass Vulnerability in HPE OneView Prior to 6.6 Mailer Credentials Exposed in YaySMTP WordPress Plugin 2.2.1 Local Unauthorized Read Access Vulnerability in HPE OneView Prior to 6.6 Remote Host Header Injection Vulnerability in HPE Integrated Lights-Out 4 (iLO 4) Firmware Privilege Escalation Vulnerability in HPE Superdome Flex and Superdome Flex 280 Servers Network Communication Interception and Modification Vulnerability in HPE Nimble Storage Arrays during Software Updates Remote Denial of Service Vulnerability in iLO 4 Unauthorized Update Binary Upload Vulnerability in HPE Nimble Storage Arrays Title: Remote Cross-Site Scripting (XSS) Vulnerability in HPE OneView Prior to 7.0 Kibana Index Patterns XSS Vulnerability Allows Injection of Malicious JavaScript Vulnerability in Elasticsearch 7.17.0 Upgrade Assistant Allows Unauthorized Access to Security Index Kibana Vulnerability: Unauthorized Modification of Alerting Rules by Read Users Unauthenticated Stored Cross-Site Scripting in YaySMTP WordPress Plugin Data Preview Pane XSS Vulnerability Kibana Vulnerability Exposes Sensitive Information in Page Source Elasticsearch Denial of Service Vulnerability Vega Charts Kibana Integration XSS Vulnerability Local Privilege Escalation Vulnerability in Elastic Endpoint Security for Windows Sensitive Information Disclosure in ECE 3.4.0 and Earlier Versions SAML Signing Private Key Disclosure Vulnerability in ECE Denial of Service Vulnerability in PingID Windows Login Prior to 2.8 with Offline Security Keys Remote Code Execution Vulnerability in PingID Windows Login Application PingID Windows Login Prior to 2.8 Local Java Service Spoofing Vulnerability Stored Cross-Site Scripting Vulnerability in YaySMTP WordPress Plugin PingID Windows Login Vulnerability: Unauthorized Deployment of Administrator Privileged API Credentials Username Collision Vulnerability in PingID Integration for Windows Login Password Reset Vulnerability: User Authentication Bypass PingFederate PingOne MFA Integration Kit: HTML Template MFA Bypass Vulnerability Static Encryption Key Material Allows Authentication Token Forgery and MFA Bypass Improper Permissions on PingID Windows Login Registry Entries Exposure of Sensitive Information in PingCentral Versions Prior to Listed Versions WebOS TV Privilege Escalation Vulnerability: Unauthorized Access to Higher Privileges LG LVE-SMP-210011 Vulnerability: Device Reset via AT Command during Reboot Unauthenticated Shell Access in LG LVE-SMP-210010 Unauthenticated Access to WordPress User Details in Simply Schedule Appointments Plugin API Access Control Bypass Vulnerability V8 JavaScript Engine Heap Vulnerability: Privilege Escalation in webOS TV Models GitHub Enterprise Server Path Traversal Vulnerability Allows CSRF Bypass and Privilege Escalation Stored XSS Vulnerability in GitHub Enterprise Server Allows Arbitrary Attribute Injection GitHub Enterprise Server Deserialization Vulnerability Improper Privilege Management Vulnerability in GitHub Enterprise Server Allows Unauthorized Page Creation and Deletion Improper Cache Key Vulnerability in GitHub Enterprise Server Allows Unauthorized Access to Private Repository Files GitHub Enterprise Server Privilege Escalation via GraphQL API Requests Stored Cross-Site Scripting Vulnerability in Simply Schedule Appointments WordPress Plugin GitHub Enterprise Server Remote Code Execution Vulnerability GitHub Enterprise Server Privilege Escalation Vulnerability Vulnerability: Unauthorized File Replacement in Check Point Endpoint Security Client for Windows Local Privilege Escalation and Arbitrary File Write Vulnerabilities in Check Point ZoneAlarm Vulnerability: Local Administrator Bypass in Check Point Endpoint E86.50 Memory Corruption Vulnerability Discovered in Capsule Workspace Android App Vulnerability: Brute-Force Attack on IPsec VPN Blade's SSL Network Extender Portal Out of Bound Memory Access Vulnerability in Sony Xperia Series 1, 5, and Pro Music Playback DLL Sideloading Vulnerability in mDNSResponder.exe Unauthenticated Settings Modification and Stored Cross-Site Scripting Vulnerability in WP Sticky Button WordPress Plugin Email Address Disclosure Vulnerability in Directorist WordPress Plugin NeoRS ActiveX Module Origin Validation Error Vulnerability: Arbitrary File Download and Execution Insufficient Verification Procedures in WebCube Update: Enabling Remote Code Execution Root Privilege Escalation via Malicious POST Request in IPTIME NAS Arbitrary File Execution Vulnerability in BigFileAgent Critical Vulnerabilities in SecureGate: SQL-Injection and Path Traversal Exploits Pose Serious Threats Exposed External Port in NIS-HAP11AC Allows Remote Code Hijacking and Device Takeover Insufficient User Privilege Verification in reverseWall-MDS Allows Remote Code Execution and Account Theft Arbitrary Email Sending Vulnerability in Directorist WordPress Plugin Improper Parameter Validation in API Constructors Allows Remote Command Execution IPTIME NAS User Account Creation and Deletion Vulnerability Overflow Vulnerability in Rat.SetString in math/big in Go Misinterpretation of Branch Names as Version Tags in Go (CVE-2022-12345) Arbitrary File Movement Vulnerability in Docker Desktop for Windows Incorrect Access Control in TrueStack Direct Connect 1.4.7 Information Disclosure: Exposing Internal Hostname in Zoho ManageEngine Desktop Central Reflected Cross-Site Scripting in Easy Student Results WordPress Plugin Unauthenticated Access to Sensitive Student Data in Easy Student Results WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Firmanet Software and Technology Customer Relation Manager Cross-Site Scripting (XSS) Vulnerability in Firmanet Software and Technology Customer Relation Manager Arbitrary File Write Vulnerability in Joomla! 3.x and 4.x File Upload Path Disclosure Vulnerability in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0 Account Takeover Vulnerability in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0 Cross-Site Scripting (XSS) Vulnerability in Joomla! com_fields SQL Injection Vulnerability in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0 Inadequate URL Validation in Joomla! Allows for Internal Redirect Bypass Joomla! 4.0.0 - 4.1.0: JInput Method-Specific Input Bag Pollution Vulnerability Linux Kernel Out-of-Bounds Memory Access Vulnerability in sm712fb.c:smtcfb_read() Function XSS Vulnerabilities in Joomla! 4.0.0 through 4.1.0 due to Inadequate Content Filtering XSS Vulnerability in Joomla! 4.0.0 through 4.1.0 via SVG Embedding in com_media Insecure Permissions in Joomla Guru Extension 5.2.5: Remote Information Disclosure Stack-Based Buffer Overflow Vulnerability in KiCad EDA 6.0.1 and master commit de006fc010 Stack-based Buffer Overflow in KiCad EDA Gerber Viewer Local Attacker Exploits Out-of-Bounds Read Vulnerability in Trend Micro Worry-Free Business Security Server Incorrect Validation of Big.Int in Curve.IsOnCurve in Go Crypto/Elliptic Bypassing Two-Factor Authentication in phpMyAdmin XSS and HTML Injection Vulnerability in phpMyAdmin 5.1 before 5.1.2 CSRF Vulnerability in E Unlocked - Student Result WordPress Plugin Arbitrary File Retrieval via Template Injection in a-blog cms Vulnerability: Malicious Code in node-ipc Package Memory Integrity Vulnerability in ASP and SMU Interfaces: Threat to Confidential Compute Environment Address Validation Vulnerability in BIOS Commands VM_HSAVE_PA Input Validation Vulnerability Arbitrary Blog Options Deletion Vulnerability in Product Slider for WooCommerce WordPress Plugin AMD SMM Communication Buffer Validation Vulnerability SMM Access Control Vulnerability: Potential Arbitrary Code Execution via SPI ROM Write Zynq-7000 SoC First Stage Boot Loader (FSBL) Authentication Bypass Vulnerability Timing Attack Vulnerability in AMD Processors with Frequency Scaling Pre-IBPB Branch Target Specification Vulnerability Branch Predictor Alias Vulnerability in AMD Processors: Potential Information Disclosure CVE-2022-23829 Reflected Cross-Site Scripting in Feed Them Social WordPress Plugin Vulnerability: Limited Loss of Guest Memory Integrity due to Mutable SMM Configuration with Enabled SNP Insufficient Validation of IOCTL Input Buffer in AMD μProf: Potential Windows Kernel Crash and Denial of Service Vulnerability Infinite Loop Vulnerability in Django MultiPartParser Persistent Access Vulnerability in Visual Voice Mail (VVM) Application for Android Unrestricted Graph Stats Request Vulnerability in Sidekiq API Cross-Site Scripting (XSS) Vulnerability in Digital Publications by Supsystic WordPress Plugin Unvalidated Input Stream in Alluxio Logserver (CVE-2021-XXXXX) Biometric Authentication Bypass Vulnerability in Devolutions Password Hub for iOS Username Modification Vulnerability in aws-iam-authenticator Allows Privilege Escalation Stack-based Buffer Overflow in epub2txt through xhtml_translate_entity in xhtml.c Signed Integer Overflow in XML_GetBuffer in Expat (libexpat) Prior to 2.4.4 Insecure Execution of Language Server Protocol (LSP) Server Binary in KDE Kate and KTextEditor Path Traversal Vulnerability in AVEVA InTouch Access Anywhere Authentication Bypass Vulnerability in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x User Enumeration Vulnerability in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x SQL Injection Vulnerability in Navidrome Smart Playlists Processing Privilege Escalation Vulnerability in StarWind Command Center REST API Reflected Cross-Site Scripting in Crowdsignal Dashboard WordPress Plugin Privilege Escalation: Unauthorized Password Modification in Zoho ManageEngine Desktop Central SQL Injection Vulnerability in Nyron 1.0 through Nyron/Library/Catalog/winlibsrch.aspx CSV Injection Vulnerability in RuoYi v4.7.2 via ruoyi-admin when Opening .xlsx Log File Unauthorized Password Reset Vulnerability in RuoYi v4.7.2 WebUI CSRF Vulnerability in Easy Digital Downloads WordPress Plugin Allows Arbitrary Post Deletion Multiple Cross-Site Scripting (XSS) Vulnerabilities in Gibbon CMS v22.0.01 Stored XSS Vulnerability in Emlog Pro v1.1.1 via /admin/configure.php (footer_info parameter) SQL Injection Vulnerability in Victor CMS v1.0 Allows Arbitrary Command Injection via 'user_firstname' Parameter Arbitrary Code Execution Vulnerability in seacms V11.5 admin_config.php CSRF Vulnerability in WP Coder WordPress Plugin Arbitrary File Upload Vulnerability in taoCMS v3.0.2 File Management Module Remote Command Execution (RCE) Vulnerability in ZZZCMS zzzphp v2.1.0 via danger_key() at zzz_template.php SQL Injection Vulnerability in TuziCMS 2.0.6 BannerController.class.php Integer Overflow Vulnerability in Mojang Bedrock Dedicated Server 1.18.2 Arbitrary User Account Deletion Vulnerability in YzmCMS v6.3 Title: Cross-Site Request Forgery (CSRF) Vulnerability in YzmCMS v6.3 Concurrent Comment Operation Vulnerability in YzmCMS v6.3 Unauthenticated User Can Create Automations in Autonami WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Admidio 4.1.2 SQL Injection Vulnerability in MCMS v5.2.5 via categoryId Parameter in IContentDao.xml SQL Injection Vulnerability in MCMS v5.2.5 via search.do in MCmsAction.java Vulnerability: Improper Mutability Flag in Google Play Services SDK Remote Code Execution Vulnerability in Wavlink WL-WN531P3 Router API Stack Overflow Vulnerability in re2c 2.2: Infinite Recursion in src/dfa/dead_rules.cc SQL Injection Vulnerability in Tongda2000 v11.10's export_data.php via d_name Parameter Cross Site Scripting (XSS) Vulnerability in pearadmin pear-admin-think <=5.0.6 Allows Arbitrary Function Access and Stored XSS via Fake User-Agent Cross-Site Request Forgery (CSRF) Vulnerability in Rainworx Auctionworx < 3.1R2 Allows Unauthorized Account Upgrade and Admin Access Remote Command Execution (RCE) Vulnerability in CMS Made Simple v2.2.15 via Upload Avatar Function Reflected Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple v2.2.15 via m1_fmmessage Parameter Unquoted Service Path Vulnerability in Sherpa Connector Service Unsanitized Description in Inspiro PRO WordPress Plugin Allows JavaScript Injection SQL Injection Vulnerability in Testimonial WordPress Plugin Reflected Cross-Site Scripting in Testimonial WordPress Plugin before 1.4.7 Apache ActiveMQ Artemis Memory Consumption DoS Vulnerability Remote Code Execution (RCE) via Argument Injection in Weblate Package Unspecified Cross-Site Scripting Vulnerability in a-blog cms Ver.2.8.x - Ver.3.0.x Stack-based Buffer Overflow in confsrv set_mf_rule Functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14 Stack-based Buffer Overflow in confsrv set_mf_rule Functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14 Arbitrary File Download Vulnerability in Lana Downloads Manager WordPress Plugin Title: Local Privilege Escalation and Code Execution Vulnerability in CIMPLICITY Server Local File Write and Privilege Escalation Vulnerability in WIN-911 2021 R1 and R2 Sandbox Bypass Vulnerability in Jailed Package via Exported alert() Method Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Directory-based authentication vulnerability in pki-core allows unauthorized certificate issuance Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Command Injection Vulnerability in ExifTool.pm Vulnerability: Out-of-Bounds Read in Wind River VxWorks 6.9 and 7 during IKE Initial Exchange Sensitive Parameters Logging Vulnerability in Puppet Bolt Remote Code Execution via PHP Deserialization in SuiteCRM Scheduled Reports Module Hardcoded Key and IV in Apache Doris LDAP Password Cipher Initialization Vulnerability Apache HTTP Server mod_sed Out-of-bounds Write Vulnerability Unauthenticated Access to /plugin API in Apache ShenYu 2.4.0 and 2.4.1 Unauthenticated Registration Vulnerability in Apache ShenYu 2.4.0 and 2.4.1 Stack-Based Buffer Overflow Vulnerability in KiCad EDA 6.0.1 and master commit de006fc010 Stack-Based Buffer Overflow Vulnerability in KiCad EDA 6.0.1 and Master Commit de006fc010 Insecure Mount Logic in Keylime Agent Allows Secret Leakage Unsanitized UUIDs in Keylime before 6.3.0 can lead to log spoofing on verifier and registrar Cross-Site Scripting (XSS) Vulnerability in weForms WordPress Plugin before 1.6.14 Fixed /tmp Path Vulnerability in Keylime Revocation Notifier Zip Bomb Vulnerability in Keylime World-readable keylime.conf file vulnerability Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS HTTP/1 Request Smuggling Vulnerability in Varnish Cache Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple e-Learning System 1.0 Spectre-BHB: Exploiting Cache Speculation in Arm Cortex and Neoverse Processors Remote Denial of Service Vulnerability in Xerox VersaLink Devices Path Traversal Vulnerability in ASUS RT-AX56U's update_json Function ASUS RT-AX56U Path Traversal Vulnerability in update_PLC/PORT File ASUS RT-AX56U's SQL Injection Vulnerability: Unauthenticated LAN Attackers Can Manipulate Database Vulnerability: Stack-Based Buffer Overflow in ASUS RT-AX56U's User Profile Configuration Function Apache Pinot Segment Upload Path Vulnerability CSRF Vulnerability in Access Demo Importer Plugin Allows Unauthorized Plugin Activation CSRF Vulnerability in Access Demo Importer Plugin Allows Data Reset Ultimate Reviews WordPress Plugin <= 3.0.15: Authenticated Stored XSS Vulnerability Unescaped Field Error Message in WordPress Comments Fields Plugin Allows Cross-Site Scripting Attacks Yasr WordPress Plugin XSS Vulnerability in 'source' Parameter WordPress Perfect Brands for WooCommerce Plugin (<= 2.0.4) Allows Unauthorized Brand Creation by Subscriber+ Users Server Information Exposure Vulnerability in WordPress Perfect Brands for WooCommerce Plugin (<= 2.0.4) CSRF Vulnerability in WP Content Copy Protection & No Right Click Plugin (<= 3.4.4) Allows Unauthorized Settings Update Critical Data Exposure Vulnerability Found in wpDiscuz WordPress Plugin (<= 7.3.11) Arbitrary Code Execution via Out-of-Bounds Write in Project File Processing Unauthenticated Remote SQL Injection Vulnerability in phpUploader v1.2 and Earlier Cross-Site Scripting Vulnerability in WS Form LITE and Pro WordPress Plugins Unsanitized Form Data in WS Form WordPress Plugins Allows XSS Attacks Denial of Service Vulnerability in Stormshield Network Security (SNS) WebGPU Use After Free Vulnerability in Google Chrome Integer Overflow in Expat's doProlog Function Arbitrary Command Execution Vulnerability in XCOM Data Transport 11.6 Releases Cross-Site Scripting (XSS) Vulnerability in pfSense CE and pfSense Plus Improper Access Control Vulnerability in StBedtimeModeReceiver Allows Unauthorized Bedtime Mode Changes Unprotected Component Vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 Unprotected Component Vulnerability: Unauthorized Bedtime Mode Activation in Wear OS 3.0 Theater Mode Disabling Vulnerability in Wear OS 3.0 Camera Access Control Vulnerability in Android R, Q, and P CpaReceiver PendingIntent Hijacking Vulnerability in KnoxPrivacyNoticeReceiver Arbitrary File Path Manipulation in dompdf/dompdf prior to 2.0.0 DataUsageReminderReceiver Vulnerability: Implicit Intent Hijacking for Unauthorized Media Access Edge Panel Information Disclosure Vulnerability: Clipboard Screenshot Access Improper Authorization Vulnerability in Link Sharing: Unauthorized Access to Protected Activity via PreconditionActivity Unprotected Intent Access Vulnerability in Bixby Vision (prior to version 3.7.50.6) Stored Cross-Site Scripting (XSS) Vulnerability in REDCap Messenger Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Unrestricted Information Disclosure Vulnerability in Mattermost Version 6.7.0 and Earlier Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14's GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: Exploiting Configuration Values in GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Kernel Stack Overflow Vulnerability in dlpfde.sys Driver Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14's GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14's GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality OpenShift Container Platform: Credentials Leak in oauth-serving-cert ConfigMaps SMM Memory Corruption Vulnerability in AhciBusDxe SMM Memory Corruption Vulnerability in NvmExpressDxe User Enumeration Vulnerability in Adenza AxiomSL ControllerView 10.8.1 Purge-Requested Intent Vulnerability in ONOS 2.5.1 Unauthenticated Access Vulnerability in Karmasis Informatics Infraskope SIEM+: Log Modification Unauthenticated Access Vulnerability in Karmasis Informatics Infraskope SIEM+ Unauthenticated Access Vulnerability in Karmasis Informatics Infraskope SIEM+ Desigo PXC4 and PXC5 XML Injection Vulnerability Reflected Cross-Site Scripting in WP Popup Builder WordPress Plugin Denial of Service (DoS) Vulnerability in Desigo DXR2, PXC3, PXC4, and PXC5 Password Hash Retrieval and Offline Cracking Vulnerability in Desigo DXR2 and PXC Series Persistent AuthToken Vulnerability in Desigo DXR2, PXC3, PXC4, and PXC5 Username Enumeration Vulnerability in Desigo Building Automation Systems Vulnerability: Lack of Countermeasures Against Password Spraying and Credential Stuffing Attacks in Desigo DXR2, Desigo PXC3, Desigo PXC4, and Desigo PXC5 Session Cookie Exposure in Desigo Building Automation Systems Arbitrary Code Execution Vulnerability in Sonos One Speaker (ZDI-CAN-15828) BMC Track-It! 20.21.01.102 Authentication Bypass Vulnerability MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability Stack-based Buffer Overflow in Sonos One Speaker ALAC Audio Codec (ZDI-CAN-15798) Arbitrary Popup Deletion Vulnerability in WP Popup Builder WordPress Plugin MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 via Malicious GIF Files (ZDI-CAN-14972) Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 via J2K File Parsing Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 via J2K File Parsing Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 via J2K File Parsing Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 Unrestricted File Size Import Vulnerability in Mattermost Slack Import Feature Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 13.2.0.21165 Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 13.2.0.21165 Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.8.0 via J2K Image Parsing Command Injection Vulnerability in cookiecutter before 2.1.1 via hg Argument Injection Incomplete Fix for Command Injection Vulnerability in simple-git SMM Callout Vulnerability in AhciBusDxe Stored Cross-Site Scripting Vulnerability in WP phpMyAdmin WordPress Plugin Memory Corruption Vulnerability in Subversion's mod_dav_svn Whale Browser Built-in Extension Rendering Process Compromise Vulnerability Arbitrary JavaScript Injection in Whale Browser Extension Store via Devtools API Web Request API Vulnerability in Whale Browser Allows Access Denial and Unauthorized Redirection Whale Bridge Extension Vulnerability: Remote Control Exploit Whale Browser Vulnerability: Local File Access via JavaScript Replacement in HWP Viewer Arbitrary Code Execution Vulnerability in Naver Cloud Explorer Beta Improper Restriction of Guest User Permissions in Mattermost Version 6.7.0 and Earlier Remote Code Execution via Exposed JMX Interface in On-Premise Pega Platform Installations Local Account Password Authentication Bypass Vulnerability Arbitrary Code Execution Vulnerability in Adobe Commerce Cross-Site Scripting (XSS) Vulnerability in Rough Chart WordPress Plugin Out-of-Bounds Read Vulnerability in Adobe Photoshop Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 21.007.20099 and Earlier Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 21.007.20099 and Earlier Arbitrary Code Execution Vulnerability in Adobe Commerce Versions 2.4.3-p1 and 2.3.7-p2 Stack-based Buffer Overflow Vulnerability in Adobe After Effects Stack-based Buffer Overflow Vulnerability in Adobe After Effects Heap-based Buffer Overflow Vulnerability in Adobe After Effects Out-of-Bounds Write Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Arbitrary Code Execution via PCX File Parsing in Adobe Photoshop Adobe Photoshop Out-of-Bounds Read Vulnerability Leading to Memory Disclosure Stored Cross-Site Scripting Vulnerability in mTouch Quiz WordPress Plugin Use-after-free vulnerability in Acrobat Reader DC versions 20.001.20085 and earlier, 20.005.3031x and earlier, and 17.012.30205 and earlier, leading to sensitive memory disclosure Use-After-Free Vulnerability in Acrobat Reader DC Versions 20.001.20085 and Earlier Use-After-Free Vulnerability in Acrobat Reader DC Versions 20.001.20085 and Earlier Use-After-Free Vulnerability in Acrobat Reader DC Versions 20.001.20085 and Earlier Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution JPEG Decoder Interleaved Flag Manipulation Vulnerability in Xpdf Integer Overflow Vulnerability in Xpdf JPXStream.cc Remote Code Execution and File Write Vulnerability in Skyoftech So Listing Tabs Module 2.2.0 for OpenCart Intent Key Manipulation Vulnerability in ONOS 2.5.1 Stored Cross-Site Scripting Vulnerability in Auto More Tag WordPress Plugin Unauthorized Password Reset Vulnerability in Kiteworks MFT 7.5 Unauthenticated Access to Portfolios in Mahara Vulnerability: Bypassing IP Restriction in Apache APISIX Batch-Requests Plugin Excessive Permissions in Acronis Products Lead to Local Privilege Escalation Race Condition Vulnerability in Acronis Cyber Protect Home Office and Acronis True Image 2021 (macOS) Unrestricted Loading of Unsigned Libraries Vulnerability in Acronis Cyber Protect Home Office and Acronis True Image 2021 (macOS) Inadequate Encryption Strength in General Electric Renewable Energy Products: iNET and iNET II (Before 8.3.0) Firmware Download Vulnerability in General Electric Renewable Energy Products Vulnerability: Unauthorized Reboot to Factory Default Configuration in General Electric Renewable Energy Products Hidden Remote Access Vulnerability in General Electric Renewable Energy Products Stored Cross-Site Scripting Vulnerability in Better Tag Cloud WordPress Plugin Cleartext Credential Storage Vulnerability in General Electric Renewable Energy Products Critical SQL Injection Vulnerability in Unified Office Total Connect Now: Cookie Parameter Exploitation Use-After-Free and Privilege Escalation in Linux Kernel with Unprivileged User Namespaces Remote Code Execution via Unsanitized Mermaid Block Rendering in MarkText SQL Injection Vulnerability in Casdoor's Query API Remote Code Execution Vulnerability in Bandai Namco FromSoftware Dark Souls III Matchmaking Servers Buffer Overflow Vulnerability in Dark Souls III NRSessionSearchResult Parser Stored Cross-Site Scripting (XSS) Vulnerability in REDCap 12.0.11: Arbitrary Code Injection in Project Title Privilege Escalation during Extension Installation in TimescaleDB Server-side Request Forgery (SSRF) Vulnerability in OIDC OP Plugin for Shibboleth Identity Provider Unsanitized Slide Title Injection Vulnerability in Slide Anything WordPress Plugin Buffer Overflow Vulnerability in xterm Patch 370 with Sixel Support Cross Site Scripting (XSS) Vulnerability in DouPHP v1.6 Release 20220121 Denial of Service (DoS) Vulnerability in phpshe V1.8 Cross Site Scripting (XSS) Vulnerability in QingScan 1.3.0 Search Functions Unrestricted Upload of Dangerous File Type Vulnerability in Hospital Management System v1.0 Privilege Escalation Vulnerability in IOBit Advanced System Care (Asc.exe) 15 and Action Download Center Privilege Escalation via Named Pipe Impersonation in IOBit Advanced System Care (AscService.exe) 15 XML External Entity (XXE) Vulnerability: Remote File Retrieval via Crafted HTTP Requests Vulnerability: Remote Code Execution via Fake Update Config File Named Pipe Impersonation Vulnerability in iTop VPN 3.2 Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Denial of Service via formSetFirewallCfg Stack Overflow Vulnerability in Tenda AX3 and AX12 Routers Command Injection Vulnerability in Tenda AX3 v16.03.12.10_CN Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formWifiBasicSet Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetQosBand Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS Exploitation via fromAdvSetMacMtuWan Function Command Injection Vulnerability in Tenda AX3 v16.03.12.10_CN Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via wpapsk_crypto Parameter Heap Buffer Overflow in WebGL in Google Chrome Command Injection Vulnerability in Tenda AX3 v16.03.12.10_CN Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Denial of Service via shareSpeed Parameter Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via fromSetRouteStatic Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formAddMacfilterRule Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Denial of Service via formSetRebootTimer Heap Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN's setSchedWifi Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetVirtualSer Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetMacFilterCfg Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via fromSetIpMacBind Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetPPTPServer Function Octopus Deploy Vulnerability: Unauthorized Enumeration of Environments Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetDeviceName Heap Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN's GetParentControlInfo Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Exploiting saveParentControlInfo Function for Denial of Service (DoS) Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via timeZone Parameter Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Vulnerability: Insufficient Validation in GitLab CE/EE for Importing Projects with 40 Hexadecimal Character Branch Names Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Cross-Site Scripting (XSS) Vulnerability in Ex Libris ALEPH 500 v18.1 and v20 Critical Unrestricted Upload Vulnerability in URVE Web Manager Arbitrary Code Injection via Host Header in PKP Open Journals System Insecure Direct Object Reference Vulnerability in Ourphoto App Version 1.4.1 Clear-text Password Disclosure in Ourphoto App Version 1.4.1: Exploiting Insecure Direct Object References for Unauthorized Access User Token Authorization Bypass Vulnerability in Ourphoto App Version 1.4.1 Critical Unrestricted Upload Vulnerability in URVE Web Manager Unauthenticated Account Binding Vulnerability in Ourphoto App Version 1.4.1 Buffer Overflow Vulnerability in HTMLDOC 1.9.14's gif_read_lzw Function Command Injection Vulnerability in CasaOS v0.2.7 and Earlier Versions iText v7.1.17 Out-of-Memory Denial of Service Vulnerability Stack-based Buffer Overflow in iText v7.1.17: Denial of Service via ByteBuffer.append Out-of-Bounds Exception in iText v7.1.17 ARCFOUREncryption.encryptARCFOUR Component Critical Unrestricted Upload Vulnerability in URVE Web Manager SQL Injection Vulnerability in Tongda2000 v11.10 via DEVICE_LIST Parameter Improper Type Validation in Socket.io JS Library Allows Arbitrary Function Placement Arbitrary File Deletion Vulnerability in eliteCMS v1.0 SQL Injection Vulnerability in eliteCMS v1.0 via /admin/edit_page.php SQL Injection Vulnerability in Feathers.js with feathers-sequelize Package SQL Injection Vulnerability in eliteCMS v1.0 via /admin/edit_post.php SQL Injection Vulnerability in eliteCMS v1.0 via /admin/functions/functions.php SQL Injection Vulnerability in eliteCMS v1.0 via /admin/edit_user.php SQL Injection Vulnerability in AtomCMS v2.0 via /admin/login.php Blind SQL Injection Vulnerability in Hospital Management System v4.0 Cross-Site Scripting (XSS) Vulnerability in BoltWire v7.10 and v8.00 via Crafted Payload in Name and Lastname Parameters Arbitrary Code Injection through ONLYOFFICE Document Server Example XSS Vulnerability Stored Cross-Site Scripting Vulnerability in DW Promobar WordPress Plugin SQL Injection Vulnerability in Simple Student Information System v1.0 via add/Student Arbitrary Code Execution Vulnerability in Hospital Patient Record Management System v1.0 CSRF Vulnerability in Snapt Aria v12.8 Management Portal Allows Privilege Escalation and Code Execution Insecure Permissions Vulnerability in Snapt Aria v12.8 Allows Email Spoofing Command Injection Vulnerability in Snapt Aria v12.8's snaptPowered2 Component Cross-Site Scripting (XSS) Vulnerability in ACEweb Online Portal 3.5.065 Unrestricted File Upload Vulnerability in ACEweb Online Portal 3.5.065 via attachments.awp Stored Cross-Site Scripting Vulnerability in Google Maps Anywhere WordPress Plugin SQL Injection Vulnerability in ACEweb Online Portal 3.5.065 via showschedule.awp External Controlled File Path and Name Vulnerability in ACEweb Online Portal 3.5.065 Arbitrary File Overwrite via Path Traversal in RiteCMS Admin Panel Arbitrary File Deletion via Path Traversal in RiteCMS Admin Panel Null Pointer Dereference Vulnerability in GPAC 1.1.0 via xtra_box_write Function Stored Cross-Site Scripting Vulnerability in WP DS Blog Map WordPress Plugin Authenticated Unrestricted File Upload Vulnerability in Extensis Portfolio v4.0 Unrestricted File Upload Vulnerability in Extensis Portfolio v4.0 FileTransferServlet Component Authenticated Unrestricted File Upload Vulnerability in Extensis Portfolio v4.0 Unrestricted File Upload Vulnerability in Extensis Portfolio v4.0 Backup/Restore Archive Component Hardcoded Credentials in Extensis Portfolio v4.0 Allow Unauthorized Administrator Access Privilege Escalation Vulnerability in Voipmonitor GUI (CVE-2021-XXXX) Stored Cross-Site Scripting Vulnerability in Thinkific Uploader WordPress Plugin Privilege Escalation via SQL Injection in Voipmonitor GUI v24.96 Arbitrary Command Execution Vulnerability in Voipmonitor GUI SQL Injection Vulnerability in Hospital Management System v4.0 via Email Parameter SQL Injection Vulnerability in Cuppa CMS v1.0 via search_word Parameter SQL Injection Vulnerability in Cuppa CMS v1.0 via menu_filter Parameter SQL Injection Vulnerability in Cuppa CMS v1.0 via order_by Parameter MongoDB Server v5.0: Invariant Assertion Vulnerability in $external Database Validation Directory Traversal Vulnerability in convert-svg-core before 0.6.4 Prototype Pollution in madlib-object-utils setValue Method Arbitrary HTTP Request Vulnerability in Jupyter Notebook Viewer in GitLab EE/CE Improper Input Validation vulnerability in Apache Pulsar Proxy allows TCP/IP Connection Spoofing Arbitrary Command Execution Vulnerability in SINEC NMS and SINEMA Server Insecure Deserialization Vulnerability in SINEC NMS and SINEMA Server Local Privilege Escalation Vulnerability in Acer Care Center 4.00.30xx Local Privilege Escalation Vulnerability in Acer QuickAccess Escape from WinCC Kiosk Mode via Missing Printer Configuration OS Command Injection Vulnerability in Apache Airflow Example DAGs Arbitrary Code Execution via Hessian Serialization in Apache Cayenne ROP CSV Injection Vulnerability in Ultimate SMS Notifications for WooCommerce Plugin Stack Overflow Vulnerability in Teamcenter Versions V12.4 - V14.0 HP Print Devices Vulnerability: Information Disclosure, Denial of Service, and Remote Code Execution HP Print Devices Vulnerability: Information Disclosure, Denial of Service, and Remote Code Execution HP Print Devices Vulnerability: Information Disclosure, Denial of Service, and Remote Code Execution Apache MXNet Regular Expression Denial-of-Service Vulnerability Command Injection Vulnerability in Okta Advanced Server Access Client for Windows Broken or Risky Cryptographic Algorithm Vulnerability in Multiple Air Conditioning Systems Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows Privilege Escalation via Local Access Denial of Service (DoS) Vulnerability in freeopcua/freeopcua Package: Excessive Memory Consumption via CloseSession Requests Arbitrary Command Execution Vulnerability in pfSense CE and pfSense Plus Stored Cross-Site Scripting Vulnerability in Visual Composer Website Builder Plugin for WordPress ItemStack Meta Injection Vulnerability in Minetest Inventory Manipulation Vulnerability in Minetest Race Condition in Paramiko's write_private_key_file Function Allows Unauthorized Information Disclosure File Deletion Vulnerability in Pillow before 9.0.1 due to Mishandling of Spaces in Temporary Pathnames Zoho ManageEngine SharePoint Manager Plus Vulnerability: Sensitive Data Leak and Privilege Escalation Account Takeover Vulnerability in Zoho ManageEngine SharePoint Manager Plus Incorrect Access Control in Mastodon before 3.3.2 and 3.4.x before 3.4.6 due to Uncompacted Signed JSON-LD Activities Information Disclosure Vulnerability in Automox Agent Installation Process XPath Constraint Bypass Vulnerability in Mendix Applications Arbitrary File Deletion Vulnerability in Download Manager Plugin for WordPress Heap-based Buffer Overflow Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Remote Code Execution Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Remote Code Execution Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Stack-based Buffer Overflow in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Out-of-bounds Read Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Denial of Service Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) CWE-665: Information Exposure Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Information Exposure Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Weak Encryption Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert Title: Man-in-the-Middle Attack Vulnerability in ClearSCADA and Geo SCADA Expert Cross-Site Request Forgery Vulnerability in Ecwid Ecommerce Shopping Cart Plugin for WordPress Title: Man-in-the-Middle Attack Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert Denial of Service Vulnerability in Geo SCADA Server via Malformed HTTP Request Buffer Overflow Vulnerability in EcoStruxure Control Expert (V15.0 SP1 and prior) Modicon Controller Communication Disruption Vulnerability Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22073) Excessive Permissions Exposed in JetBrains Hub Integration with JetBrains Account Unprivileged User Denial of Service Vulnerability in JetBrains Hub (CVE-2021-XXXXX) Dependency Locking Vulnerability in JetBrains Kotlin 1.5.0 and earlier WordPress Infinite Scroll – Ajax Load More Plugin Unauthenticated Arbitrary PHP Object Deserialization Vulnerability External Site Redirection Vulnerability in JetBrains TeamCity (CVE-2021-XXXX) GitLab Authentication Impersonation Vulnerability in JetBrains TeamCity Persistent Remember Me Cookie Vulnerability in JetBrains TeamCity Blind SSRF Vulnerability in JetBrains TeamCity before 2021.2 via XML-RPC Call Agent Push Vulnerability: Unauthorized Selection of Private Key in JetBrains TeamCity Time-of-check/Time-of-use (TOCTOU) Race-Condition Vulnerability in JetBrains TeamCity Agent Registration via XML-RPC Unauthenticated Remote Build Cancellation in JetBrains TeamCity Unauthorized Access to Health Items in JetBrains TeamCity Prior to 2021.2 Reflected XSS Vulnerability in JetBrains TeamCity before 2021.2.1 Stored XSS Vulnerability in JetBrains TeamCity before 2021.2.1 Unauthenticated Remote Code Execution in String Locator Plugin for WordPress XXE Vulnerability in JetBrains TeamCity Configuration File Parsing (CVE-2021-XXXX) Session Persistence Vulnerability in JetBrains TeamCity CSRF Vulnerability in JetBrains TeamCity before 2021.2.1 Arbitrary Custom Logo Setting Vulnerability in JetBrains YouTrack Stored XSS Vulnerability in JetBrains YouTrack before 2021.4.31698 Critical Security Vulnerability in JetBrains IntelliJ IDEA: Unauthorized Local Code Execution on Project Opening RLO Character Code Execution Vulnerability in JetBrains IntelliJ IDEA Stored XSS Vulnerability in JetBrains YouTrack via Project Icon Directory Traversal Vulnerability in Argo CD Allows Unauthorized Access to Helm Charts Reflected XSS Vulnerability in Zabbix Frontend Cross-Site Request Forgery Vulnerability in AnyMind Widget Plugin for WordPress Buffer Overflow Vulnerability in IhisiSmm in Insyde InsydeH2O Insyde InsydeH2O TOCTOU Race-Condition Vulnerability Arbitrary Code Execution Vulnerability in TP-Link AC1750 Routers Unauthenticated Remote Code Execution in TP-Link AC1750 Routers (ZDI-CAN-15769) Arbitrary Code Execution Vulnerability in TP-Link AC1750 Routers Arbitrary Code Execution Vulnerability in TP-Link TL-WR940N Routers Arbitrary Code Execution Vulnerability in Foxit PDF Reader Foxit Reader 11.0.1.0719 macOS Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 (ZDI-CAN-15703) Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 (ZDI-CAN-15702) Arbitrary PHP Object Deserialization Vulnerability in Download Manager Plugin for WordPress Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 (ZDI-CAN-15744) Arbitrary Code Execution via JPEG2000 Parsing in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution via AcroForms Parsing in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 (ZDI-CAN-15851) Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.1.0.52543 Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 via JP2 Image Parsing Arbitrary PHP Object Deserialization Vulnerability in Feed Them Social WordPress Plugin Remote Code Execution Vulnerability in Foxit PDF Reader 11.0.1.0719 macOS Arbitrary File Read Vulnerability in Linksys MR9600 Devices Regular Expression Denial of Service (ReDoS) in react-native-reanimated before 3.0.0-rc.1 Unspecified Cross-Site Scripting Vulnerability in a-blog cms Ver.2.8.x - Ver.3.0.x Denial of Service (DoS) Vulnerability in node-opcua Package Command Injection Vulnerability in git-promise Package Command Injection Vulnerability in package cycle-import-check before 1.3.2 Improper Initialization in Intel(R) Data Center Manager Software: Local Access Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel(R) Server System M70KLP Family BIOS Firmware Vulnerability: Untrusted Input Deserialization in Broken Link Checker Plugin for WordPress Denial of Service (DoS) Vulnerability in asneg/opcuastack Package: Unrestricted Chunk Reception Privilege Escalation Vulnerability in Intel(R) NUC Firmware Out-of-Bounds Read Vulnerability in [Product Name]: Risk of Code Execution SmarterTools SmarterTrack XSS Vulnerability Information Disclosure Vulnerability in SmarterTools SmarterTrack 100.0.8019.14010 Stored XSS Vulnerability in SmarterTools SmarterTrack 100.0.8019.14010 File Overwrite Vulnerability in SmarterTrack v100.0.8019.14010 Root Command Injection Vulnerability in rconfig 'date' in Fidelis Network and Deception Components Root Command Injection Vulnerability in rconfig cert_utils Remote Command Injection Vulnerability in rconfig SQL Injection Vulnerability in Fidelis Network and Deception CommandPost Command Injection Vulnerability in Fidelis Network and Deception CommandPost Command Injection Vulnerability in Fidelis Network and Deception CommandPost Command Injection Vulnerability in Fidelis Network and Deception CommandPost Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Unauthenticated Access to Administrative Functionalities in Simple Diagnostics Agent Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Unauthorized Information Access in SAP Business Objects Business Intelligence Platform Cross-Site Scripting (XSS) Vulnerability in SAP Focused Run (Real User Monitoring) - Versions 200, 300, REST Service TETRA Authentication Vulnerability: Predictable MS Challenge RAND2 Allows Setting Session Key DCK to Zero TETRA Air-Interface Encryption Vulnerability: Adversary-Induced Keystream Re-Use Inadequate Key Register Initialization in TETRA TEA1 Keystream Generator TETRA TA61 Identity Encryption Vulnerability Exploitable Weakness in TETRA Air-Interface Encryption: Manipulation of Cleartext Data by Active Adversary OS Command Injection in OX App Suite Documentconverter API Predictable Multipart/Form-Data Boundaries in OX App Suite 7.10.6 Allows SSRF and Injection into Internal Documentconverter API Calls SQL Injection Vulnerability in Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28 Privilege Escalation Vulnerability in SINUMERIK MC and SINUMERIK ONE Covert Timing Channel Vulnerability in Dell BSAFE SSL-J Remote Code Execution Vulnerability in ImageMagick Engine Plugin for WordPress Information Exposure Vulnerability in Dell BIOS via Debug Interfaces Elevation of Privilege Vulnerability in Dell PowerScale OneFS 8.2.2 and Above Improper Handling of Value Vulnerability in Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x Time-of-Check-to-Time-of-Use Vulnerability in Dell PowerScale OneFS: Risk of Data Loss Dell EMC CloudLink Auth Token Exposure in GET Requests Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Arbitrary PHP Object Deserialization Vulnerability in WPvivid WordPress Plugin Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell iDRAC9 Improper Authentication Vulnerability Dell iDRAC8 Denial of Service Vulnerability Dell EMC AppSync Path Traversal Vulnerability Local Privilege Escalation Vulnerability in Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 Dell PowerScale OneFS Privilege Escalation and Information Disclosure Vulnerability Arbitrary Code Injection Vulnerability in convert-svg-core Cross-Site Request Forgery Vulnerability in FreeMind WP Browser Plugin for WordPress Command Injection Vulnerability in abacus-ext-cmdline Package Persistent Cross-Site Scripting (XSS) in ipDIO Web Interface Allows Arbitrary JavaScript Injection Command Injection Vulnerability in simple-git before 3.3.0 Denial of Service Vulnerability in dicer Package Arbitrary Script Injection Vulnerability in phpUploader v1.2 and Earlier Power Management Throttling Vulnerability in Intel(R) Processors: Potential Information Disclosure via Network Access Command Injection Vulnerability in git-pull-or-clone Package Remote Code Execution (RCE) Vulnerability in gitpython Allows Injection of Malicious Remote URLs WordPress Plugin Visualizer: Tables and Charts Manager <= 3.7.9 - Unauthenticated Remote Code Execution Vulnerability Command Injection Vulnerability in cocoapods-downloader Code Injection Vulnerability in Snyk Package (CVE-2022-40764) Server-Side Template Injection (SSTI) Vulnerability in JetBrains YouTrack before 2021.4.40426 Session Fixation Vulnerability in Silverstripe Framework 4.10 Unauthorized Access to SSH Server and User Information in Zoho ManageEngine Key Manager Plus 6.1.6 Insecure SSL Certificate Export in Zoho ManageEngine Key Manager Plus Uninitialized Data Leakage in NFS Atomic Open Vulnerability Vulnerability in Solar appScreener 3.10.4: XXE and SSRF Attacks via Crafted XML Document Privilege Escalation via Misuse of Dynamically Provisioned Sandbox Accounts in NATS nats-server VP9 Video Extensions RCE Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Security Support Provider Interface Privilege Escalation Vulnerability Windows CD-ROM Driver Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions HEIF Image Extensions Remote Code Execution Vulnerability Windows Fax and Scan Service Privilege Escalation Vulnerability Windows Tablet UI Application Elevation of Privilege Vulnerability Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Word Security Feature Bypass Vulnerability: Exploiting Microsoft's Document Protection Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication .NET and Visual Studio DoS Vulnerability: Exploiting Software Resource Exhaustion iOS Security Feature Bypass Vulnerability in Microsoft Intune Portal Hyper-V Security Feature Bypass Vulnerability in Windows Critical Remote Code Execution Vulnerability in Azure Site Recovery Critical Remote Code Execution Vulnerability in Azure Site Recovery Azure Site Recovery Privilege Escalation Vulnerability Time Lag Vulnerability in Keystone Critical Remote Code Execution Vulnerability in Azure Site Recovery Critical Remote Code Execution Vulnerability in Azure Site Recovery Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Windows Win32k Privilege Escalation Vulnerability Edge Chromium Elevation of Privilege Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Telemetry Elevation of Privilege Vulnerability Stored Cross-Site Scripting Vulnerability in reSmush.it WordPress Plugin Outlook for Android Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability ALPC Privilege Escalation Vulnerability in Windows Windows Kernel Information Leakage Vulnerability Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability: Disrupting Cluster Shared Volumes on Windows Systems Win32 File Enumeration RCE Vulnerability Kerberos Privilege Escalation Vulnerability in Windows Windows LSA Remote Code Execution Vulnerability Windows Desktop Bridge Privilege Escalation Vulnerability CCF Elevation of Privilege Vulnerability CSRF Vulnerability in reSmush.it WordPress Plugin (Version 0.4.4 and below) Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Windows Network File System RCE Vulnerability RPC Runtime RCE Vulnerability Unveiling Sensitive Information: Microsoft LSA Server Vulnerability Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Windows DirectShow Remote Code Execution Vulnerability Windows LSA Elevation of Privilege Vulnerability Windows Network File System RCE Vulnerability Windows iSCSI Target Service Information Disclosure Vulnerability Exposes Sensitive Data Windows Installer Privilege Escalation Vulnerability Unauthorized Access to AJAX Actions in reSmush.it WordPress Plugin Critical Windows SMB Remote Code Execution Vulnerability Discovered VP9 Video Extensions RCE Vulnerability HTML Platform Security Bypass Vulnerability Exposed Remote Desktop Protocol Client Information Vulnerability Pervasive Windows PPTP Remote Code Execution Vulnerability ALPC Privilege Escalation Vulnerability in Windows Azure Site Recovery Privilege Escalation Vulnerability Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Win32 File Enumeration RCE Vulnerability Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Word Document Tampering Vulnerability in Microsoft Office Exploiting the .NET and Visual Studio Remote Code Execution Vulnerability Exploiting Visual Studio's Elevation of Privilege Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Azure Site Recovery Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Azure Site Recovery Windows Common Log File System Driver Privilege Escalation Vulnerability Skype Extension for Chrome Information Leakage Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Windows Update Stack Privilege Escalation Vulnerability Visual Studio Code URL Spoofing Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Endpoint Configuration Manager RPC Runtime RCE Vulnerability Use After Free vulnerability in gpac/gpac prior to 2.1-DEV Windows Installer Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Desktop Protocol Vulnerability Allows Remote Code Execution Stream Enumeration Remote Code Execution Vulnerability in Win32 Critical Remote Code Execution Vulnerability in Windows DNS Server Hyper-V Remote Code Execution Vulnerability in Windows Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability: Disrupting Cluster Shared Volumes on Windows Systems Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Integer Overflow or Wraparound in GPAC GitHub Repository ALPC Privilege Escalation Vulnerability in Windows Critical Remote Code Execution Vulnerability in Windows Server Service Windows Win32k Privilege Escalation Vulnerability Windows Upgrade Assistant RCE Vulnerability Kerberos Privilege Escalation Vulnerability in Windows Kerberos Remote Code Execution Vulnerability in Windows Windows DWM Core Library Privilege Escalation Vulnerability Windows Digital Media Receiver Privilege Escalation Vulnerability Microsoft Defender DoS Vulnerability Windows AppX Package Manager Privilege Escalation Vulnerability GitLab Business Logic Issue: Resource Exhaustion via Malicious Project Import Windows Telephony Server Privilege Escalation Vulnerability Unauthenticated Password Reset Vulnerability in StarWind Stack Arbitrary Command Injection Vulnerability in StarWind Stack REST API Remote Command Execution Vulnerability in Zfaka <= 1.4.5 Vulnerability: Unauthorized Visibility Change in GitLab CE/EE Arbitrary File System Access and Remote Code Execution Vulnerability in IOBit IOTransfer 4.3.1.1561 Stored XSS Vulnerability in Genixcms v1.1.11 via intro_title and intro_image parameters Cross Site Scripting (XSS) Vulnerability in Checkmk <=2.0.0p19 User Attribute Help Text Cross Site Scripting (XSS) Vulnerability in Checkmk <=2.0.0p19 and <=1.6.0p27 Cross Site Scripting (XSS) vulnerability in Checkmk <=2.0.0p19 and <=1.6.0p27 Server-Side Request Forgery (SSRF) Vulnerability in Novel-plus v3.6.0 Unlimited Login Attempts Vulnerability in Red Hat Process Automation Manager 7 SQL Injection Vulnerability in Car Driving School Management System v1.0 Login Page Cross Site Scripting (XSS) Vulnerability in Car Driving School Management System v1.0 User Enrollment Form (Username Field) Stored XSS Vulnerability in Element-IT HTTP Commander 7.0.0 Allows Unauthenticated Admin Access NULL Pointer Dereference in gf_dump_vrml_field.isra() in GPAC 1.0.1 Stack-Based Buffer Overflow in GPAC 1.0.1 via MP4Box Use After Free Vulnerability in GPAC 1.0.1 through MP4Box NULL Pointer Dereference Vulnerability in GPAC 1.0.1 Heap-Based Buffer Overflow in SFS_AddString() in GPAC 1.0.1 Title: XML External Entity Injection (XXE) Vulnerability: External Service Interaction and Internal File Read in Business Central and Kie-Server APIs Unauthenticated SMB Hash Capture Vulnerability in ACEweb Online Portal 3.5.065 XSS-PHPSESSID-Hijacking Vulnerability in Accounting Journal Management 1.0 Vulnerability: Unauthorized Reprogramming of Yubico OTP Functionality Stored XSS Vulnerability in PluXml v5.8.7: Arbitrary Code Execution via /core/admin/comment.php Stored XSS Vulnerability in PluXml v5.8.7: Arbitrary Code Execution via /core/admin/categories.php Stored XSS Vulnerability in PluXml v5.8.7 core/admin/medias.php Component Cross-Site Scripting (XSS) Vulnerability in Flatpress v1.2.1 Upload SVG File Function Stored Cross-Site Scripting (XSS) Vulnerability in Burden v3.0's Add Category Function Vulnerability: Email Invited Members Bypass Group Project Settings in GitLab EE Stored XSS Vulnerability in BackdropCMS v1.21.1 Add Link Function IP Address Forgery Vulnerability in Waline 1.6.1 Incorrect Access Control in Automotive Grade Linux Kooky Koi 11.0.0-11.0.5: Exploiting usr/bin/afb-daemon Vulnerability Memory Leak Vulnerability in printfileinfo Function of autofile Audio File Library 0.3.6 Multiple SQL Injection Vulnerabilities in WPDating WordPress Plugin (Before 7.4.0) SQL Injection Vulnerability in Luocms v2.0 Admin Login SQL Injection Vulnerability in Luocms v2.0's /admin/manager/admin_mod.php Allows for Unauthorized Data Access SQL Injection Vulnerability in Luocms v2.0's /admin/news/news_mod.php SQL Injection Vulnerability in Luocms v2.0 - /admin/news/sort_mod.php SQL Injection Vulnerability in Luocms v2.0's /admin/link/link_mod.php SQL Injection Vulnerability in Luocms v2.0's /admin/link/link_ok.php SQL Injection Vulnerability in Luocms v2.0 - /admin/news/sort_ok.php SQL Injection Vulnerability in Luocms v2.0's /admin/news/news_ok.php Cross Site Scripting (XSS) Vulnerability in Luocms v2.0 Arbitrary Shell File Write Vulnerability in Luocms v2.0 Unauthenticated Users Can Manipulate Transposh WordPress Translation Plugin Settings Wi-Fi Passphrase Visibility Vulnerability in Alecto DVC-215IP Camera Version 63.1.1.173 and Below Z-Wave S0 NonceGet Protocol Vulnerability Allows Local Attackers to Block Protected Z-Wave Networks Stored XSS vulnerability in EyesOfNetwork 5.3.11 ITSM Module via XML file upload Denial of Service Vulnerability in metadata-extractor Library JPEG File Denial of Service Vulnerability in metadata-extractor up to 2.16.0 Denial of Service Vulnerability in zip4j Library Insecure Permissions in Heimdal.Wizard.exe Installer Allows Privilege Escalation Sensitive Information Disclosure in Transposh WordPress Translation Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Piwigo Version 12.2.0 Allows Privilege Escalation and Cookie Theft Unauthenticated SQL Injection in AudioCodes Device Manager Express Authenticated SQL Injection in AudioCodes Device Manager Express Remote Code Execution via Directory Traversal in AudioCodes Device Manager Express Path Traversal Vulnerability in Rockwell Automation ISaGRAF Workbench Software Arbitrary Command Execution in AudioCodes Device Manager Express Stored XSS Vulnerability in AudioCodes Device Manager Express Directory Traversal Vulnerability in AudioCodes Device Manager Express User Enumeration Vulnerability in FileCloud Versions Prior to 21.3 Unauthenticated Remote Information Disclosure and Privilege Escalation in Open Web Analytics (OWA) Path Traversal Vulnerability in Rockwell Automation ISaGRAF Workbench Software OpenEMR Hospital Information Management System 6.0.0 - Stored XSS Vulnerability Remote Code Execution Vulnerability in ZZ Inc. KeyMouse Windows 3.08 and Prior SQL Injection Vulnerability in Hospital Management System v4.0's contact.php Arbitrary File Deletion Vulnerability in Cuppa CMS v1.0 Deserialization of Untrusted Data Vulnerability in Rockwell Automation ISaGRAF Workbench Software Arbitrary File Upload Vulnerability in SentCMS 4.0.x Arbitrary File Upload and PHP Code Execution in SentCMS 4.0.x Authenticated Stored XSS Vulnerability in INTELBRAS ATA 200 Firmware 74.19.10.21 via Field Server Address Field Stack Overflow Vulnerability in Netgear EX6100v1, CAX80, and DC112A: Arbitrary Code Execution without Authentication Cross Site Scripting (XSS) Vulnerability in HexoEditor 1.1.8 Goldshell ASIC Miners v2.1.x: Critical SSH Remote Access Vulnerability Path Traversal Vulnerability in Goldshell ASIC Miners v2.2.1 and Below: Arbitrary File Retrieval Quarkus 2.10.x HTTP Requests Header Context Termination Vulnerability Publicly Exposed Debug Interface in Goldshell ASIC Miners v2.2.1 and Below: A Gateway to Passwords and Sensitive Data Memory Corruption Vulnerability in Simcenter STAR-CCM+ Viewer (All versions < V2022.1) Allows Code Execution Arbitrary PHP Code Execution via WordPress Shortcodes in PHP Everywhere <= 2.0.3 WordPress Metabox PHP Code Execution Vulnerability WordPress Gutenberg Block PHP Code Execution Vulnerability Denial of Service Vulnerability in swift-nio-http2: Crash on Parsing HTTP/2 HEADERS Frame Denial of Service Vulnerability in swift-nio-http2: Crashing Servers with Specially Crafted HPACK-Encoded Header Blocks Denial of Service Vulnerability in swift-nio-http2: ALTSVC and ORIGIN Frame Handling Information Leakage Vulnerability: Exploiting Deployment Details for Network Service Probing Critical SQL Injection Vulnerability in SourceCodester Garage Management System 1.0 Unrestricted LDAP Queries: A Gateway to Configuration Entry Disclosure Privilege Escalation Vulnerability in Trend Micro Antivirus for Mac 11.0.2150 and Below Arbitrary Code Execution Vulnerability in Canon imageCLASS MF644Cdw 10.02 Printers Arbitrary Code Execution via SLP Protocol in Canon imageCLASS MF644Cdw 10.02 Printers Privilege Escalation Vulnerability in Canon imageCLASS MF644Cdw 10.02 Printers Stack Overflow Vulnerability in Go's encoding/pem Library Arbitrary File Upload Vulnerability in update_code function of Admin.php in HYBBS2 through 2.3.2 Remote Code Execution Vulnerability in Admin.php of HYBBS2 through 2.3.2 Resource Exhaustion Denial-of-Service Vulnerability in Trend Micro Security Agents Local Privilege Escalation Vulnerability in Trend Micro Products Critical SQL Injection Vulnerability in SourceCodester Garage Management System 1.0 Local Privilege Escalation Vulnerability in Trend Micro Products XSS Vulnerability in Zoho ManageEngine ADSelfService Plus Zimbra Collaboration Suite 8.8.x Calendar HTML Injection Vulnerability Arbitrary File Read Vulnerability in HashiCorp Nomad and Nomad Enterprise Panic Vulnerability in HashiCorp Nomad and Nomad Enterprise Excessive CPU Usage Vulnerability in HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 Race condition vulnerability in HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 allows for incorrect artifact downloads Consul Ingress Gateway Service Registration Vulnerability Unrestricted File Upload and Remote Code Execution in DSKNet Unauthenticated Access to Personal Data and Brute Force PIN Guessing in DSKNet Server-side Read-Out-of-Bounds Vulnerability in GNU SASL libgsasl with Malicious Authenticated GSS-API Client DSK DSKNet 2.16.136.0 and 2.17.136.5 PresAbs.php SQL Injection Vulnerability Blind Boolean-Based SQL Injection in DSKNet 2.16.136.0 and 2.17.136.5 Stored XSS Vulnerability in DSKNet's New Menu Option Hardcoded SSH Credentials Vulnerability in Baicells Nova436Q and Neutrino 430 Devices Folder Name Disclosure Vulnerability Bluetooth Classic Vulnerability: Device Information Leakage and Unauthorized Connection Establishment Local Privilege Escalation in Mirametrix Glance before 5.1.1.42207 Command Injection Vulnerability in Kylin's Cube Designer Function Reflected Cross-site Scripting (XSS) Vulnerability in Microweber CMS Buffer Overflow in WinAPRS 2.9.0 Allows Remote DoS via Malicious AX.25 Packet Buffer Overflow in national.txt Processing in WinAPRS 2.9.0 Remote Code Execution via Buffer Overflow in WinAPRS 2.9.0 VHF KISS TNC Component Buffer Overflow Vulnerability in rad_packet_recv Function Remote Code Execution Vulnerability in rad_packet_recv Function Unauthenticated Access and Privilege Escalation in Apache CouchDB SQL Injection and Time-Based Blind Injection Vulnerabilities in Anuko Time Tracker Puncher Plugin Unescaped JavaScript Execution in Anuko Time Tracker Unsanitized User Input in @awsui/components-react Allows JavaScript Injection Stack-based Buffer Overflow Vulnerability in EZVIZ Motion Detection Component Allows Remote Code Execution Cross-Site Scripting Vulnerability in Weblate Versions Prior to 4.11 Improper Input Validation Vulnerability in CodeIgniter4 Allows Execution of CLI Routes via HTTP Request CodeIgniter4 Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability Denial of Service Vulnerability in regex Crate (Versions <= 1.5.4) Access Control Vulnerability in Icinga Web 2 with IDO Writer Enabled Arbitrary Code Execution via SSH Resource File Creation in Icinga Web 2 Unauthenticated File Leakage in Icinga Web 2 Allows Access to Database Credentials Cross-Site Scripting (XSS) Vulnerability in SSR-Pages Path Traversal Vulnerability in SSR-Pages (CVE-2021-XXXX) Vulnerability in Fluture-Node: Exposing Confidential Headers in Redirects Improper Initialization Vulnerability in EZVIZ CS-C6N-A0-1C2WFR Allows Unauthorized Access to Encrypted Admin Password Arbitrary Command Execution in image_processing and Active Storage Improper Authorization Vulnerability in CometD Allows Unauthorized Access and Manipulation Cross-Site Scripting (XSS) Vulnerability in ViewComponent Gem Improper URL Parsing Due to Leading Whitespace in URI.js (CVE-2021-XXXX) Integer Overflow in cmark-gfm's Table Row Parsing (CVE-2021-12345) Exposure of Home Directory in Shescape Shell Escape Package Istio Control Plane Crash Vulnerability CKEditor 4 HTML Processing Module Vulnerability CKEditor4 Dialog Plugin Regular Expression Abuse Vulnerability Stored Cross-Site Scripting Vulnerability in WP-UserOnline Plugin for WordPress Path Traversal and Improper Access Control Vulnerability in Argo CD Path Traversal Vulnerability in Argo CD Allows Leakage of Sensitive Files Missing Password and Account Expiry Checking in Maddy Mail Server (Versions prior to 0.5.4) Clickjacking vulnerability in Sylius eCommerce platform versions prior to 1.9.10, 1.10.11, and 1.11.2 MyBB Admin CP Settings Module Remote Code Execution Vulnerability Lua Script Injection Vulnerability in Redis Redis Lua Scripting Vulnerability: NULL Pointer Dereference Session Cookie Exposure in HTTPie Unclaimed Funds Drain Vulnerability in Evmos Versions Prior to 2.0.1 Vulnerability in AllTube HTML Front End Allows Open Redirect and SSRF Attacks Unauthenticated Remote Macro Injection Vulnerability in Haas Controller Version 100.20.000.1110 Authentication Cookie Replacement Vulnerability in Volto Denial of Service Vulnerability in Nextcloud Server User Data Leakage Vulnerability in Sylius eCommerce Platform Multiple Use of Reset Password Token Vulnerability in Sylius eCommerce Platform Session Persistence Vulnerability in Shopware Guest Session Sharing Vulnerability in Shopware Code Injection Vulnerability in Shopware Voucher Code Form Improper HTTP Header Caching in Shopware 6.4.8.1 and below Improper API Route Checking Vulnerability in Shopware Cross-Site Scripting (XSS) Vulnerability in Sylius eCommerce Platform Insufficient Granularity of Access Control in Haas Controller Version 100.20.000.1110 Local Privilege Escalation Vulnerability in UltraVNC Versions Prior to 1.3.8.0 Race Condition Vulnerability in Zulip Group Chat Application Allows Continued Access by Deactivated Users SQL Injection Vulnerability in SyliusGridBundle Vulnerability in Stripe CLI on Windows Allows Arbitrary Code Execution Stack-buffer overflow vulnerability in PJSIP versions prior to 2.12 Bareos Director PAM Authentication Bypass Vulnerability Memory Leak Vulnerability in Bareos Director Unauthorized Access to Sensitive Information in Jupyter Server Logs Unauthorized Access to Sensitive Information in Jupyter Notebook Server Logs Improper Signature Validation in `@chainsafe/libp2p-noise` Null Pointer Dereference Bug in wavpack-5.4.0: AddressSanitizer SEGV in main Remote Code Execution (RCE) Vulnerability in Parse Server Versions Prior to 4.10.7 Vulnerability in Waitress Web Server Gateway Interface Server Cross-Origin Communication Interception in sysend.js Denial-of-Service Vulnerability in PJSIP XML Parsing Stack Buffer Overflow Vulnerability in PJSIP Versions 2.12 and Prior Vulnerability: Untrusted Parties Exploiting Git for Windows Directory Search HTTP Request Smuggling Vulnerability in mitmproxy 7.0.4 and below Vulnerability: DLL Hijacking in Git for Windows' Uninstaller Improper Access Control Vulnerability in Argo CD Privilege Escalation in Moby (Docker Engine) Prior to 20.10.14 Use After Free Vulnerability in Google Chrome's Guest View Arbitrary Command Execution via CSV File in `gradio` (CVE-2021-12345) RSA PKCS#1 v1.5 Signature Forgery Vulnerability in node-forge RSA PKCS#1 v1.5 Signature Verification Vulnerability in node-forge RSA PKCS#1 v1.5 Signature Verification ASN.1 Structure Vulnerability in node-forge Improper Input Validation in CycloneDX BOM Repository Server Allows Path Traversal Improper Header Parsing Vulnerability in GuzzleHTTP/PSR7 Open Redirect Vulnerability in Flask-AppBuilder Login Page (Versions below 3.4.5) Denial of Service Vulnerability in grpc-swift Server via Reachable Assertion Vulnerability: Authorization Bypass in imgcrypt's CheckAuthorization Function Remote Code Execution Vulnerability in Google Chrome PDF Handling Remote Code Execution Vulnerability in iTop User Portal Session Hijacking Vulnerability in Geon Board Game Data Leak in Discourse: Disclosure of Secure Category Names in User Activity Export Arbitrary Shell Code Execution Vulnerability in Deno Runtime (Versions 1.18.0 - 1.20.2) Password Hash Confirmation Vulnerability in Statamic CMS REST API Path Traversal Vulnerability in Moment.js Allows Unauthorized File Access Unparsed RTCP Feedback RPSI Packet Vulnerability in PJSIP Versions 2.12 and Prior Vulnerability in Vyper Smart Contract Language Allows Incorrect Word-for-Word Comparisons Buffer Overrun Vulnerability in Vyper Smart Contract Language (Versions < 0.3.2) C1 CMS v6.12 Authenticated SSRF and File Truncation Vulnerability File Directory Traversal Vulnerability in Google Chrome on Android HTTP Request Smuggling Vulnerability in Puma Server Use After Free Vulnerability in Wasmtime with Externrefs and Epoch Interruption Denial-of-Service Vulnerability in PJSIP 2.12 and Prior: Invalid WAV File Handling Buffer Overflow Vulnerability in PJSIP DNS Resolution (CVE-2023-27585) Open Redirect Vulnerability in Express OpenID Connect Middleware Integer Overflow and Heap Memory Corruption in yajl-ruby RaspberryMatic WebUI File Upload Remote Code Execution Vulnerability Pomerium Identity-Aware Access Proxy Exposes Sensitive Information and Allows Limited Denial of Service Unfiltered Password Hash Retrieval Vulnerability in Internet Routing Registry Daemon Version 4 Arbitrary Code Execution in Wire-Webapp Markdown Code Highlighting Heap Corruption Vulnerability in Google Chrome's Service Worker API Race condition vulnerability in October CMS prior to versions 1.0.476, 1.1.12, and 2.2.15 allows unauthenticated remote code execution HTTP Request Smuggling Vulnerability in Twisted Web HTTP 1.1 Server Prototype Pollution in deepmerge-ts: defaultMergeRecords() Arbitrary Command Execution in Asciidoctor-include-ext (CVE-2021-12345) Information Leakage: Group Name Exposure in Discourse Buffer Overflow Vulnerability in net-snmp Prior to Version 5.9.2 Improper Input Validation Vulnerability in net-snmp Prior to Version 5.9.2 Out-of-Bounds Memory Access Vulnerability in net-snmp NULL Pointer Dereference Vulnerability in net-snmp NULL Pointer Dereference Vulnerability in net-snmp (CVE-XXXX-XXXX) Use After Free Vulnerability in Google Chrome Views NULL Pointer Dereference Vulnerability in net-snmp Cross-Site Scripting (XSS) Vulnerability in Combodi iTop Privilege Escalation in Grafana Enterprise with Fine-Grained Access Control Vulnerability: Unauthenticated Anonymous Commenting in CreateWiki Extension Arbitrary JavaScript Execution via Rich Text HTML Interface in Directus (CVE-XXXX-XXXX) SQL Injection Vulnerability in JHipster Generated Applications with Reactive Spring WebFlux Remote Code Execution Vulnerability in JAI-EXT API via Jiffle Script Injection Code Injection via Malicious Kubeconfig in Flux2 Arbitrary Code Execution via Unchecked JNDI Lookups in GeoTools Library User Enumeration Vulnerability in XWiki Platform Arbitrary Code Execution Vulnerability in Nokia ASIK AirScale System Module Unauthenticated User Can List Documents in XWiki Platform Unrestricted Creation of Global SSX/JSX Vulnerability in XWiki Platform Podium Proxy Endpoint Denial of Service Vulnerability Insufficient Fix for Local Information Disclosure in Netty's Multipart Decoders Cache Poisoning Vulnerability in Discourse Bypassing Deny List in Smokescreen Proxy Vulnerability: Arbitrary Code Execution via Git LFS on Windows SQL Injection Vulnerability in Elide 6.1.2 - Bypassing Authorization Filters through Parameterized TEXT Columns Code Injection Vulnerability in Composer's VcsDriver::getFileContent Method Unauthenticated Access to Garden Dashboard Endpoint in Versions Prior to 0.12.39 Vulnerability: Permanent Disabling of Secure Boot in Nokia ASIK AirScale System Module Path Traversal Vulnerability in OpenClinica Prior to Version 3.16: Arbitrary File Read/Write and Remote Code Execution SQL Injection Vulnerability in OpenClinica Versions Prior to 3.16.1 LDAP Injection Vulnerability in GoCD LDAP Authentication Plugin Cross-Site Scripting (XSS) Vulnerability in PrivateBin < v1.4.0 Allows Code Execution via Crafted SVG Attachment Heap Overflow Vulnerability in Redis Lua Scripting Excessive Backtracking Vulnerability in Nokogiri < v1.13.4 Information Leakage of Uploaded Documents in HedgeDoc SMTP Command Injection in Nextcloud Calendar Java.lang.OutOfMemoryError vulnerability in Nokogiri's fork of org.cyberneko.html Bypassing Signature Check in Nokia ASIK AirScale System Module Version 474021A.101 Traversal vulnerability in django-s3file prior to 5.5.1 allows unauthorized access and deletion of files in AWS S3 bucket Authorization Bypass Vulnerability in Fleet Device Management Privilege Escalation via Service Account Creation in MinIO Arbitrary File Read Vulnerability in Gin-vue-admin 2.50 PostgreSQL JWT Authentication Bypass Vulnerability in Gin-Vue-Admin Unvalidated Return of `returns_int128()` in Vyper Smart Contract Language Arbitrary Code Execution via Unchecked JNDI Lookup in GeoWebCache Disk Quota Mechanism Unchecked JNDI Lookup Vulnerability in GeoServer Allows Arbitrary Code Execution SQL Injection Vulnerability in DHIS2 API Endpoint Potential Bot Token Exposure in DisCatSharp API Wrapper Vulnerability: Password Exposure in AutomationDirect Stride Field I/O Information Disclosure Vulnerability in Discourse Category Group Permissions Stored XSS and Path Traversal Vulnerabilities in LDAP Account Manager (LAM) Arbitrary URL Loading Vulnerability in Metabase Allows NTLM Relay Attack SQLite Database Connection Hijacking Vulnerability Cross Site Scripting (XSS) Vulnerability in Metabase Server-side Request Forgery (SSRF) Vulnerability in FlyteConsole Bypass of Multi Factor Authentication in django-mfa3 for Django Admin Login Vulnerability in next-auth versions 3.29.2 and 4.3.2 allows unauthorized redirects Infinite Loop Vulnerability in PyPDF2 Prior to 1.27.5 Critical OS Command Injection Vulnerability in WAVLINK WN535K2 and WN535K3 Use of Hard-coded Cryptographic Key Vulnerability in Databasir 1.01 Remote Code Execution Vulnerability in Databasir 1.01 Server-Side Request Forgery Vulnerability in Databasir 1.01 Denial of Service Vulnerability in http-swagger Prior to 1.2.6 Origin Protocol Website Allows for XSS via POST Request to /presale/join User Data Retrieval Vulnerability in HumHub User and Group Information Leakage in Discourse Assign Plugin Unfiltered LDAP Password Disclosure in GLPI Cross-Site Scripting (XSS) Vulnerability in GLPI Allows Injection of JavaScript via SVG Avatars Cross-Site Scripting (XSS) Vulnerability in GLPI Versions Prior to 10.0.0 Critical OS Command Injection Vulnerability in WAVLINK WN535K2 and WN535K3 Stored Cross-Site Scripting Vulnerability in iTop Customization Mechanism Vulnerability: Server-side Abuse of Shopware Admin SDK Vulnerability: Unauthorized Access to Sales Channel Permissions in Shopware Non-Stored Cross-Site Scripting Vulnerability in Shopware Storefront User Secrets Logging Vulnerability in CVEProject/cve-services (CVE-XXXX-XXXX) Cross-Site Scripting Vulnerability in GLPI Kanban View Path Traversal Vulnerability in kustomize-controller via Malicious `kustomization.yaml` Path Traversal Vulnerability in kustomize-controller via Malicious `kustomization.yaml` Vulnerability: Cross-Site Request Forgery (CSRF) Token Validation Malfunction in Shopware Critical OS Command Injection Vulnerability in WAVLINK WN535K2 and WN535K3 Bypassing Captcha Verification in flask-session-captcha Remote Code Execution Vulnerability in Ballcat Codegen Empty Password NTLM Authentication Vulnerability in FreeRDP Server Implementations Vulnerability: Server-side Authentication Bypass in FreeRDP Vulnerability: Signature Forgery in ecdsautils Bypassing Lock on Nextcloud Android App Unauthenticated Access to Contacts in Nextcloud Android App Arbitrary URL Opening Vulnerability in Nextcloud Talk File and Folder Name Injection Vulnerability in Nextcloud Server Unnecessary App Expansion Vulnerability in Nextcloud Server Critical SQL Injection Vulnerability in SourceCodester Simple E-Learning System 1.0 Indirect Webcam Activation Vulnerability in Nextcloud Talk Cross-Site Scripting Vulnerability in ESAPI Prior to Version 2.3.0.0 Multiple Password Reset Tokens Vulnerability in Shopware Memory corruption vulnerability during provisioning in ESP-BLE-MESH SDK Session Hijacking Vulnerability in Symfony HTTP Cache System Session Fixation Vulnerability in Symfony Framework Improper Authorization Verification in Tuleap Tracker Report Renderer and Chart Widgets Unsanctioned File Access Vulnerability in Velocity Scripts XML External Entity Injection in org.xwiki.commons:xwiki-commons-xml Code Injection Vulnerability in Contao CMS Versions Prior to 4.13.3 Critical SQL Injection Vulnerability in SourceCodester Simple E-Learning System 1.0 Path Traversal Vulnerability in Piano LED Visualizer (Versions 1.3 and prior) Apple Game Center Authentication Adapter URL Validation Vulnerability Uncontrolled Memory Consumption Vulnerability in TKVideoplayer Heap Buffer Overflow in Rsyslog TCP syslog reception with Octet-Counted Framing Symlink Following Vulnerability in Argo CD's Repo-Server Spoofing of Error Messages in Argo CD Login Screen Unauthenticated Access to Full Application Path in Nextcloud Deck Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 via JP2 Image Parsing Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 via JP2 Image Parsing Critical SQL Injection Vulnerability in SourceCodester Library Management System 1.0 Remote Code Execution Vulnerability in InHand Networks InRouter302 V3.5.4 Timing Attack Vulnerability in Atlantis Webhook Event Validator Insecure Temporary File Exposure in com.fasterxml.util:java-merge-sort (before 1.1.0) Code Injection Vulnerability in Web Application of Vulnerable Device Economic Griefing Vulnerability in Optimism before @eth-optimism/l2geth@0.5.11 Reflected JavaScript Code Execution via CSRF Token in Authenticated User Link Reflected JavaScript Code Execution via CSRF Token in Social Engineering Attacks Reflected JavaScript Code Execution via CSRF Token in Graphs Page Critical SQL Injection Vulnerability in SourceCodester Library Management System 1.0 Stack Exhaustion Vulnerability in Go's regexp.Compile Improper Access Control Vulnerability in Samsung SearchWidget: Arbitrary URL and Local File Loading Improper Access Control in LiveWallpaperService Allows Unauthorized System Directory Creation Permanent Denial of Service Vulnerability in Android SettingsProvider XSS Vulnerability in SmartTagPlugin Prior to Version 1.2.15-6 Privilege Escalation Vulnerability in Samsung Video Player RKP Security Misconfiguration Vulnerability Unauthenticated AppLock App Manipulation Vulnerability Unrestricted Data Access in openemr/openemr prior to 7.0.0 Untrusted Applications Exploit Improper Access Control to Reset Default App Settings in Wear OS 3.0 Dynamic Receiver Access Control Vulnerability in ApkInstaller Alternate Path Vulnerability in Setup Wizard Process Remote Code Execution Vulnerability in Kingsoft WPS Office through 11.2.0.10382 via wpsupdater.exe Lexmark Products: Critical Incorrect Access Control Vulnerability Vulnerability: Out-of-Bounds Error in GBL Parser Allows Flash Sign Key and OTA Decryption Key Overwrite Buffer Overflow Vulnerability in Silicon Labs Ember ZNet Ember ZNet Stack Vulnerability: Malformed Packet Triggers Stack Overflow and Reset Ember ZNet Stack Vulnerability: Malformed Packet Triggers Stack Overflow and Reset Stored Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0 Remote Code Execution Vulnerability in Micrium uC-HTTP 3.01.01 Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V and other models CSRF Vulnerability in Apache JSPWiki User Preferences Form Allows Account Takeover Apache JSPWiki User Preferences XSS Vulnerability Privilege Escalation to Root in Eternal Terminal: Race Condition, Buffer Overflow, and Logic Bug in PipeSocketHandler::listen() Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository microweber/microweber prior to 1.2.21 Race Condition in Eternal Terminal Allows Hijacking of SSH Authorization Socket Race Condition Vulnerability in Eternal Terminal Prior to Version 6.2.0 Allows Local Attacker to Hijack IPC Socket Denial of Service Vulnerabilities in Eternal Terminal Prior to Version 6.2.0 Insecure Option Handling in Crypt_GPG Extension for PHP Stack-Based Buffer Overflow in Foxit PDF Reader and Editor (Versions before 11.2.1) via XFA Subform and Draw Substrings Uncontrolled Search Path Element for DLL files in Foxit PDF Reader and Editor before 11.2.1 SQL Injection Vulnerability in Shopware B2B-Suite (Versions up to 4.4.1) Persistent XSS Vulnerability in DHC Vision eQMS (Version 5.4.8.322) Allows Attackers to Execute Malicious Code Improper Buffer Release in Linux Kernel USB Gadget Legacy Driver Memory Leak in yam_siocdevprivate in Linux Kernel Use After Free Vulnerability in PDFTron SDK 9.2.0 Unassociated Portainer Agent API Server Persistence Vulnerability Buffer Overflow Vulnerability in apr_encode functions of Apache Portable Runtime (APR) Stored Cross-site Scripting (XSS) Vulnerability in Black Rainbow NIMBUS before 3.7.0 WebSocket Connection Hijacking Vulnerability in Mellium XMPP Library Apache Dubbo Open Redirect and SSRF Vulnerability Vulnerability: Exfiltration of Integration Access Token in GitLab CE/EE Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 via JPEG2000 Image Parsing Unauthenticated Information Disclosure Vulnerability in TP-Link TL-WR940N Routers Arbitrary Code Execution Vulnerability in TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) Routers Email Link Rewriting Vulnerability GitBleed: Undisclosed Deleted Content Vulnerability in Git --mirror Documentation Authentication Bypass Vulnerability in Atheme IRC Services Remote Code Execution in ImpressCMS before 1.4.2 via Directory Traversal and Unsafe Interaction with CKEditor processImage.php Privilege Escalation Vulnerability in Zoho ManageEngine ADAudit Plus Unauthenticated Access to Internal Content Elements in Varnishcache Extension for TYPO3 Misattributed Pipeline Creator Vulnerability Unauthenticated SSRF Vulnerability in Kitodo.Presentation Extension for TYPO3 Reflected Cross-Site Scripting (XSS) Vulnerability in JQueryForm.com Forms Cleartext Credential Exposure in JQueryForm.com Forms Information Disclosure and Remote Code Execution in JQueryForm.com (CVE-2022-24984) Remote Code Execution via File Upload Vulnerability in JQueryForm.com Remote Authentication Bypass Vulnerability in JQueryForm.com Forms KDE KCron File Interception Vulnerability Off-by-one Buffer Overflow in PrimitivePolynomialField::new in galois_2p8 before 0.1.2 Remote Code Execution in TerraMaster NAS (CVE-2022-24990) Insecure Direct Object Reference Vulnerability in GitLab's Jira Integration TerraMaster NAS 4.2.29 and Earlier Information Disclosure Vulnerability Directory Traversal Vulnerability in QR Code Generator v5.2.7's process.php Component Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Exploiting fromSetSysTime Function for Denial of Service (DoS) Remote Code Execution Vulnerability in qs Library Stored XSS Vulnerability in GitLab CE/EE Versions Prior to 15.2.1 SQL Injection Vulnerability in Hospital Patient Record Management System v1.0 SQL Injection Vulnerability in Hospital Patient Record Management System v1.0 Unauthenticated Access Vulnerability in totolink EX300_v2 and EX1200T Bypassing IP Allow-listing to Download Artifacts in GitLab EE Root File System Vulnerability in Stepmania v5.1b2 and Below Weak Password Encryption in Argus Surveillance DVR v4.0 Multiple Reflected XSS Vulnerabilities in Ice Hrm 30.0.0.OS via key and fm Parameters in login.php Component Reflected Cross-Site Scripting (XSS) Vulnerability in Ice Hrm 30.0.0.OS via m Parameter in Dashboard Stored XSS Vulnerability in Ice Hrm 30.0.0.OS Allows Cookie Theft via Crafted First Name Field Payload Arbitrary File Upload Vulnerability in Home Owners Collection Management System v1.0 Command Injection Vulnerability in Hitron CHITA 7.2.2.0.3b6-CD Devices via Device/DDNS ddnsUsername Field Arbitrary Code Execution Vulnerability in Pluxml v5.8.7 Buffer Overflow Vulnerability in HCI IEC 60870-5-104 Function of RTU500 Series Pluxml v5.8.7 Cross-Site Scripting (XSS) Vulnerability in Thumbnail Path Cross-Site Scripting (XSS) Vulnerability in Htmly v2.8.1 Allows Arbitrary Code Execution via Crafted Blog Post Content Heap-Buffer Overflow in fouBytesToInt() Function in AudioFile.h Typecode Decoding Error in json2xml Package: Remote Denial of Service Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in Rocket TRUfusion Portal v7.9.2.1 Authentication Bypass Vulnerability in Rocket TRUfusion Portal v7.9.2.1 Cross-Site Scripting (XSS) Vulnerability in Home Owners Collection Management System v1.0 Vulnerability: Root Privilege Bypass and Unverified Firmware/Module Loading Unquoted Service Path Privilege Escalation in Remote Desktop Commander Suite Agent Cross-Site Scripting (XSS) Vulnerability in wanEditor v4.7.11 Cross-Site Scripting (XSS) Vulnerability in wanEditor v4.7.11 via Video Upload Function SQL Injection vulnerability in SDD-Baro software (before 2.8.432) allows unauthorized database access Incorrect Access Control Issue in OpenEMR v6.0.0 Stack Buffer Overflow in Espruino 2v11.251 via jsvNewFromString in src/jsvar.c Hardcoded Credentials Vulnerability in Home Owners Collection Management System v1.0 Arbitrary Code Execution Vulnerability in CWP v0.9.8.1122 via Path Traversal in loader.php Predictable Password Reset Tokens in CWP v0.9.8.1126 Root-level command injection vulnerability in CWP v0.9.8.1126, enabling unauthorized users to execute commands with root privileges. Memory Corruption Vulnerabilities in Firefox 102 and Thunderbird 102.1 Stack Overflow Vulnerability in rtl_433 21.12: Denial of Service (DoS) via Crafted File Off-by-one Error in cmr113_decode of rtl_433 21.12 when decoding crafted file Command Injection Vulnerability in TP-LINK TL-WR840N(ES)_V6.20_180709 via oal_startPing Component Command Injection Vulnerability in TP-LINK TL-WR840N(ES)_V6.20_180709 via oal_setIp6DefaultRoute Component Integer Overflow Vulnerability in TP-LINK TL-WR840N(ES)_V6.20_180709: Exploiting dm_checkString Function for DoS Attacks Remote Code Execution Vulnerability in TP-LINK TL-WR840N(ES)_V6.20_180709 via oal_wan6_setIpAddr Function DOM-based Cross-Site Scripting (XSS) Vulnerability in Mark Text v0.16.3 User Input Rendering Vulnerability in Octopus Deploy Stack Overflow in TP-Link Archer A54 Router Allows Arbitrary Code Execution Stack Overflow Vulnerability in TL-WR841Nv14_US_0.9.1_4.18 Routers: Unauthenticated Remote Code Execution Stack Overflow Vulnerability in TP-Link TL-WR902AC(US)_V3_191209 Routers: Remote Code Execution Command Injection Vulnerability in TOTOLink A3000RU V5.9c.2280_B20180512 Command Injection Vulnerability in TOTOLink A800R V4.1.2cu.5137_B20200730 Command Injection Vulnerability in TOTOLink A3100R V4.1.2cu.5050_B20200504 Command Injection Vulnerability in TOTOLink A3600R V4.1.2cu.5182_B20201102 Command Injection Vulnerability in TOTOLink A810R V4.1.2cu.5182_B20201026 Verbose Error Messaging Allows Unauthorized Resource Discovery in Octopus Server Command Injection Vulnerability in TOTOLink A830R V5.9c.4729_B20191112 Command Injection Vulnerability in TOTOLink T10 V5.9c.5061_B20200511 Main Function Command Injection Vulnerability in TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 Command Injection Vulnerability in TOTOLink A860R V4.1.2cu.5182_B20201027 Command Injection Vulnerability in TOTOLink T6 V5.9c.4085_B20190428 Main Function Privileged API Misuse in Printix Secure Cloud Print Management Double Free Vulnerability in gnutls_pkcs7_verify Function Insecure Permissions in Printix Secure Cloud Print Management Allows Privilege Escalation Unauthenticated Users Can Disclose Messages in Private Forums via Quote Reply Feature Remote Code Execution Vulnerability in Home Owners Collection Management System v1.0 via cover Parameter in SystemSettings.php Unauthenticated Account Compromise in Home Owners Collection Management System v1.0 SQL Injection Vulnerability in Home Owners Collection Management System v1.0 Arbitrary File Deletion Vulnerability in ECTouch v2 Arbitrary Code Execution Vulnerability in WBCE CMS v1.5.2 Arbitrary HTML Injection (XSS) Vulnerability in BlueSpice Extension:ExtendedSearch Arbitrary Code Execution Vulnerability in WBCE CMS v1.5.2 via /templates/install.php Arbitrary File Download Vulnerability in HorizontCMS v1.0.0-beta.2 Stack-based Buffer Overflow in D-Link DIR-859 v1.05 via genacgi_main Function NULL Pointer Dereference Vulnerability in Foxit PDF Reader and Editor and PhantomPDF Arbitrary HTML Injection via commonuserinterface Component Title Parameter in BlueSpice Reflected XSS Vulnerability in Event Management v1.0 via register.php Remote Code Execution (RCE) Vulnerability in Home Owners Collection Management System v1.0 Confidential Note Leakage Vulnerability in GitLab CE/EE SQL Injection Vulnerability in MCMS v5.2.4 via search.do in /mdiy/dict/listExcludeApp Clear-text Credential Storage Vulnerability in Hitachi Energy's PCM600 Command Injection Vulnerability in TOTOLINK Technology Routers T6 and T10 Command Injection Vulnerability in TOTOLINK Technology Routers T6 and T10 Command Injection Vulnerability in TOTOLINK Technology Router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 Command Injection Vulnerability in TOTOLINK Technology Router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 Command Injection Vulnerability in TOTOLINK Technology Router T6 V3 Firmware T6_V3_V4.1.5cu.748_B20211015 Command Injection Vulnerability in TOTOLINK T6 V3 Router Firmware Command Injection Vulnerability in TOTOLINK Technology Routers T6 and T10 Command Injection Vulnerability in TOTOLINK Technology Routers T6 and T10 Stored Cross-Site Scripting (XSS) Vulnerability in Axelor Open Suite v5.0 via Name Parameter Heap Use-After-Free Vulnerability in njs through 0.7.0 Reflected XSS Vulnerability in Fava Prior to v1.22 CSRF Token Exfiltration Vulnerability in Liferay Portal and Liferay DXP Integer Overflow or Wraparound Vulnerability in apr_base64 Functions of Apache Portable Runtime Utility (APR-util) Allows Buffer Overflow SQL Injection Vulnerability in WP Statistics WordPress Plugin SQL Injection Vulnerability in WP Statistics WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Banner WordPress Plugin (Versions up to 2.11.0) Privilege Escalation Vulnerability in Malwarebytes Binisoft Windows Firewall Control Sensitive Information Exposure and Cross-Site Scripting Vulnerability in ITarian Service Desk Module Vulnerability: Arbitrary Code Execution and System Takeover via ITarian Platform Procedure Approval Bypass Insecure OpenSSL Settings Allow Privilege Escalation in ITarian Endpoint Management Communication Client DLL Hijacking Vulnerability in Samsung Portable SSD T5 PC Software Allows Privilege Escalation Replay Attack Vulnerability in Mitsubishi Electric MELSEC PLC Series Weak Hash Vulnerability in Mitsubishi Electric MELSEC Industrial Control Systems Authentication Bypass via Password Hash Disclosure in Mitsubishi Electric MELSEC PLCs Cleartext Storage of Password Hashes vulnerability in Mitsubishi Electric MELSEC PLCs Authentication Bypass by Capture-replay Vulnerability in Mitsubishi Electric MELSEC iQ-F and iQ-R Series CPUs Stored Cross-Site Scripting Vulnerability in Visual Composer Website Builder Plugin for WordPress Cleartext Storage of Sensitive Information Vulnerability in Mitsubishi Electric MELSEC iQ-F and iQ-R Series CPUs Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series Remote Code Execution and Denial of Service Vulnerability in Mitsubishi Electric MELSEC-Q, MELSEC-L, and MELSEC iQ-R Series Cleartext Storage of Sensitive Information Vulnerability in Mitsubishi Electric GX Works3 and MX OPC UA Module Configurator-R TOCTOU Race Condition in Amazon AWS VPN Client Allows Arbitrary File Write Net-NTLMv2 Hash Leakage Vulnerability in Amazon AWS VPN Client 2.0.0 Remote Code Execution (RCE) Vulnerability in Apache Flume JMS Source with JNDI LDAP Data Source URI Arbitrary Command Injection in Apache Hadoop's FileUtil.unTar() API Apache Tika BPG Parser Memory Allocation Vulnerability Stored Cross-Site Scripting Vulnerability in Beaver Builder WordPress Page Builder Stack-Based Buffer Overflow Vulnerability in Project File Processing Command Injection Vulnerability in p4 Package (Versions before 0.0.7) Information Disclosure Vulnerability in InHand Networks InRouter302 V3.5.4: Session Cookie Missing HttpOnly Flag Jenkins Pipeline: Groovy Plugin Arbitrary OS Command Execution Vulnerability Jenkins Pipeline: Shared Groovy Libraries Plugin Arbitrary OS Command Execution Vulnerability Arbitrary OS Command Execution Vulnerability in Jenkins Pipeline: Multibranch Plugin Arbitrary File Read Vulnerability in Jenkins Pipeline: Groovy Plugin Arbitrary File Read Vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin Arbitrary File Read Vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin Arbitrary File Read Vulnerability in Jenkins Pipeline: Multibranch Plugin Cross-Site Request Forgery Vulnerability in Stockists Manager for Woocommerce Plugin Jenkins Pipeline: Groovy Plugin Password Parameter Leakage Vulnerability Sandbox Bypass Vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin Jenkins Pipeline: Shared Groovy Libraries Plugin Sandbox Bypass Vulnerability Arbitrary Code Execution in Jenkins Pipeline Shared Groovy Libraries Plugin Jenkins Pipeline: Build Step Plugin Default Password Parameter Disclosure Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Generic Webhook Trigger Plugin Jenkins HashiCorp Vault Plugin: Unauthorized Retrieval of Vault Secrets by Agent Processes Unredacted Sensitive Information in Jenkins Support Core Plugin Jenkins Fortify Plugin 20.2.34 and earlier - Unsanitized Parameters Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Custom Checkbox Parameter Plugin 1.1 and Earlier Double Free or Corruption Vulnerability in rotateImage() Function of libtiff 4.4.0rc1 Vulnerability: Enumeration of Credentials IDs in Jenkins Conjur Secrets Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Agent Server Parameter Plugin Jenkins Snow Commander Plugin CSRF Vulnerability Allows Unauthorized Credential Capture Unauthenticated Remote Code Execution in Jenkins Snow Commander Plugin CSRF Vulnerability in Jenkins Autonomiq Plugin Allows Unauthorized Server Connections Unauthenticated Remote Code Execution in Jenkins AutonomIQ Plugin Jenkins GitLab Authentication Plugin URL Redirection Vulnerability Arbitrary File Read Vulnerability in Jenkins HashiCorp Vault Plugin CSRF Vulnerability in Jenkins SCP Publisher Plugin Allows Unauthorized SSH Server Connections Vulnerability: Unauthorized SSH Server Connection in Jenkins SCP Publisher Plugin Sysmalloc Assertion Fail in libtiff 4.4.0rc1's rotateImage() Function Jenkins Checkmarx Plugin 2022.1.2 and Earlier: Cross-Site Request Forgery (CSRF) Vulnerability Allows Unauthorized Access to Jenkins Credentials Jenkins Checkmarx Plugin 2022.1.2 and Earlier Vulnerability: Unauthorized Access to Attacker-Specified Webserver Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Promoted Builds (Simple) Plugin 1.9 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Team Views Plugin 0.9.0 and Earlier Jenkins Doktor Plugin File Existence Disclosure Vulnerability Jenkins dbCharts Plugin 0.5.2 and Earlier: Cross-Site Request Forgery (CSRF) Vulnerability Jenkins dbCharts Plugin 0.5.2 and earlier: Unauthorized Database Access via JDBC Jenkins Chef Sinatra Plugin CSRF Vulnerability Jenkins Chef Sinatra Plugin 1.20 and Earlier: Missing Permission Check Allows HTTP Request Parsing Vulnerability XML External Entity (XXE) Vulnerability in Jenkins Chef Sinatra Plugin 1.20 and Earlier Invalid Pointer Free Vulnerability in libtiff 4.4.0rc1 Static Field Vulnerability in Jenkins Convertigo Mobile Platform Plugin Unauthenticated Remote Code Execution in Jenkins SWAMP Plugin CSRF Vulnerability in Jenkins SWAMP Plugin Allows Unauthorized Server Connections Vulnerability: Unauthorized Root Shell Access via Unprotected UART Port and Das U-Boot BIOS Shell Unauthenticated Remote Access to Sensitive Network Information and WPA Passphrases Unauthenticated Remote Access Control Vulnerability in LocalMACConfig.asp Absolute Path Traversal Vulnerability in DVDFab 12 Player (PlayerFab) Allows Unauthorized File Downloads Hard-coded Cryptographic Key Pair Vulnerability in Telnetd_Startup Service Vulnerability Title: Unauthenticated Remote Code Execution in telnetd_startup with RSA Algorithm Padding Issue Null Byte Interaction Error in Telnetd_Startup Daemon: Predictable Ephemeral Passwords (CVE-2022-25218) Heap-based Buffer Overflow in Vim Prior to 9.0.0061 Persistent JavaScript Injection Vulnerability in PeteReport Version 0.5 URL-based JavaScript Injection Vulnerability in Money Transfer Management System Version 1.0 SQL Injection Vulnerability in Money Transfer Management System Version 1.0 SQL Injection Vulnerability in Money Transfer Management System Version 1.0 Proton v0.2.0 Markdown File XSS and OS Command Injection Vulnerability SQL Injection and Remote Code Execution in Network Olympus v1.8.0 Unauthenticated Remote Code Execution in ThinVNC Version 1.0b1 Thinfinity VNC v4.0.0.1 Cross-Origin Resource Sharing (CORS) Vulnerability SQL Injection Vulnerabilities in CandidATS Version 3.0.0 Beta Stored XSS and OS Command Injection in Popcorn Time 0.4.7 via 'Movies API Server(s)' Field Reflected Cross-site Scripting (XSS) Vulnerability in beancount/fava prior to 1.22.2 CX-Programmer v9.76.1 and Earlier Use After Free Vulnerability in CXP File Parsing Denial of Service (DoS) Vulnerability in node-opcua Package CX-Programmer v9.76.1 Out-of-Bounds Write Vulnerability in CXP File Parsing Expat (libexpat) XML Parsing Vulnerability: Lack of Encoding Validation Expat (libexpat) XML Namespace URI Injection Vulnerability Authentication/Authorization Bypass Vulnerability in Bonita Web 2021.2 Cross-Site Scripting (XSS) Vulnerability in Silverstripe Framework CSV User Import Functionality CSRF Vulnerability CSRF Vulnerability in FileCloud before 21.3 Allows Unauthorized File Upload Wildcard Certificate Issuance Vulnerability in Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 Tokenization Key Exposure in Vault Enterprise Clusters Default Currency Name Disclosure Vulnerability in Zoho ManageEngine ServiceDesk Plus Hard-coded Credentials in Axeda Agent and Axeda Desktop Server for Windows Allow Remote Control Exploitation Unauthenticated Remote Code Execution in Axeda Agent and Axeda Desktop Server Information Disclosure Vulnerability in Axeda Agent and Axeda Desktop Server Directory Traversal Vulnerability in Axeda Agent and Axeda Desktop Server for Windows Excessive Authentication Attempts Vulnerability in janeczku/calibre-web prior to 0.6.20 Unauthenticated Remote Shutdown Vulnerability in Axeda Agent and Axeda Desktop Server Unauthenticated Remote Configuration Modification Vulnerability in Axeda Agent and Axeda Desktop Server Remote Unauthenticated Crash Vulnerability in Axeda Agent and Axeda Desktop Server Binary Execution Vulnerability in QProcess Cross-Site Scripting (XSS) Vulnerability in SAS Web Report Studio 4.4 Memory Corruption Vulnerability in USB Gadget Subsystem Reflected XSS Vulnerability in JetBrains Hub before 2021.1.14276 Use-After-Free Vulnerability in systemd's resolved-dns-stream.c Blind Server-Side Request Forgery (SSRF) Vulnerability in JetBrains Hub Reflected XSS Vulnerability in JetBrains TeamCity before 2021.2.2 SAML Request Takeover Vulnerability in JetBrains Hub before 2022.1.14434 OS Command Injection in JetBrains TeamCity Agent Push Configuration Sensitive Password Logging Vulnerability in JetBrains TeamCity Executable Attribute Vulnerability in Legacy Linux Kernel Versions Directory Traversal Vulnerability in Passwork On-Premise Edition before 4.6.13 Directory Traversal Vulnerability in Passwork On-Premise Edition before 4.6.13 CSRF Vulnerability in Passwork On-Premise Edition before 4.6.13 Multiple XSS Vulnerabilities in Passwork On-Premise Edition before 4.6.13 Arbitrary Content Injection Vulnerability in GitLab CE/EE Quick Edit Module Access Control Vulnerability Vulnerability: Improper Input Validation in Drupal Core's Form API Vulnerability: Improper Input Validation in Drupal Core's Form API Access Bypass Vulnerability in Drupal 9.3's Generic Entity Access API Insecure Derivative Image Access Vulnerability Insecure Domain Validation in Media oEmbed iframe Route Vulnerability: Improper Sanitization of Filenames with Dangerous Extensions in Drupal Core Vulnerability: Incorrect Form Element Access Evaluation in Drupal Core Insufficient Permissions Vulnerability in Octopus Deploy's Built-in Feed Insufficient Packet Sanitization in sFlow Decode Package: A Denial of Service Vulnerability Authenticated Remote Retrieval of Certificate Private Keys in WatchGuard Firebox and XTM Appliances Heap-based Buffer Overflow in WatchGuard Firebox and XTM Appliances via Malicious Firmware Update Image Remote Code Execution Vulnerability in WatchGuard Firebox and XTM Appliances via Malicious Firmware Update Systemd Stack-Based Buffer Overflow in WatchGuard Firebox and XTM Appliances Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Agent for Windows Open Redirect Vulnerability in gophish before 0.12.0 Prototype Pollution in bodymen package via handler function Arbitrary File Write Vulnerability in drogonframework/drogon before 1.7.5 Arbitrary File Fetch Vulnerability in sprinfall/webcc before 0.3.0 Arbitrary File Write Vulnerability in cesanta/mongoose before 7.6 Prototype Pollution vulnerability in jsgui-lang-essentials package Denial of Service (DoS) Vulnerability in asneg/opcuastack Package: Unvalidated Data Forwarding in OpcUaNodeIdBase.h Cross-site Scripting (XSS) Vulnerability in Whoogle-Search Package Unlimited Chunk Denial of Service (DoS) Vulnerability in opcua and asyncua Packages Cross-Site Scripting Vulnerability in WP Statistics WordPress Plugin Cross-Site Scripting Vulnerability in WP Statistics WordPress Plugin Cross-Site Scripting Vulnerability in WP Statistics WordPress Plugin Stack-based Buffer Overflow Vulnerability in Fribidi Package Heap-based Buffer Overflow Vulnerability in Fribidi's fribidi_cap_rtl_to_unicode() Function Path Traversal Vulnerability in GitLab EE Allows Unauthenticated Users to Perform Unauthorized Queries via Grafana API Fribidi Package SEGV Vulnerability in fribidi_remove_bidi_marks() Function Privilege Escalation Vulnerability in SINEC NMS and SINEMA Server XML External Entity (XXE) Injection Vulnerability in Any23 RDFa XSLTStylesheet Extractor Stack Exhaustion Vulnerability in Expat (libexpat) before 2.4.5 via Large Nesting Depth in DTD Element Integer Overflow in copyString in Expat (libexpat) before 2.4.5 Integer Overflow in storeRawNames in Expat (libexpat) before 2.4.5 Reflected XSS Vulnerability in Cerebrate's genericForm Incorrect Sharing Group ACL Allows Unauthorized Editing and Modification in Cerebrate 1.4 Open Endpoints Vulnerability Reflected Cross-Site Scripting in Feed Them Social WordPress Plugin Username Enumeration Vulnerability in Cerebrate 1.4 Cross-Site Scripting (XSS) Vulnerability in Cerebrate Bookmarks Component ZEROF Web Server 2.0 SQL Injection Vulnerability ZEROF Web Server 2.0 Vulnerability: /admin.back XSS Vulnerability: Denial of Service (DoS) in package bignum due to V8 Type-Check Exception CX-Programmer v9.76.1 and Earlier Use After Free Vulnerability in CXP File Parsing World-writable directory vulnerability in fscrypt v0.3.2 and below PAM Module for fscrypt Denial of Service Vulnerability Privilege Escalation Vulnerability in fscrypt Bash Completion Script Static Credential Authentication Vulnerability in Trend Micro ServerProtect 6.0/5.8 Information Server Authentication Bypass Vulnerability in GitLab Package Registries Remote Code Execution Vulnerability in Trend Micro ServerProtect 6.0/5.8 Information Server Remote Code Execution Vulnerability in Trend Micro ServerProtection 6.0/5.8 Information Server Timing Side Channel Vulnerability in AES Implementation on Texas Instruments OMAP L138 Vulnerability: Arbitrary Code Execution in Texas Instruments OMAP L138 TEE Vulnerability: Stack Overflow in Texas Instruments OMAP L138 TEE SK_LOAD Module Loading Routine Vulnerability: Lack of onlyOwner Modifier in RigoBlock Dragos' setMultipleAllowances Allows Token Manipulation Insecure Direct Object Reference (IDOR) Vulnerability in Ibexa DXP ezsystems/ezpublish-kernel 7.5.x and 1.3.x Injection Attacks via Image Filenames in Ibexa DXP ezsystems/ezpublish-kernel 7.5.x and 1.3.x Physical Proximity Access Control Vulnerability in ownCloud Android App Incorrect Access Control in ownCloud Android 2.20: Local Attackers Exploit Improper Data Handling in GitLab's Datadog Integration Leads to Disclosure of Contributor Emails Broken Access Control Vulnerability on Olivetti d-COLOR MF3555 2XD_S000.002.271 Devices Denial of Service Vulnerability in Olivetti d-COLOR MF3555 2XD_S000.002.271 Web Application Cross-Site Scripting (XSS) Vulnerability on Olivetti d-COLOR MF3555 2XD_S000.002.271 Devices Denial of Service (DoS) Vulnerability in @discordjs/opus Package Path Traversal Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Untrusted Search Path Vulnerability in AttacheCase ver. 4.0.2.7 and Earlier Cross-site Scripting (XSS) Vulnerability in materialize-css Autocomplete Component Unauthenticated Users Can Disclose Private/Draft/Pending Post Titles in SearchWP Live Ajax Search Plugin Command Injection Vulnerability in puppet-facter's getFact Function Prototype Pollution in libnested before 1.5.2 via set function in index.js Prototype Pollution in set-in package (versions before 2.0.3) via setIn method Improper Handling of HTTP Host Header in EC-CUBE Leads to Email Spoofing Vulnerability XML Injection Vulnerability in Alt-N MDaemon Security Gateway through 8.5.0 Improper Access Control in Pexip Infinity 27.x before 27.2 Path Traversal Vulnerability in awful-salmonella-tar before 0.0.4 Unauthenticated Remote File Manipulation Vulnerability in ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 Unauthenticated Setting Changes Vulnerability in Transposh WordPress Translation Plugin (Versions up to 1.0.8.1) Arbitrary File Upload Vulnerability in WatchGuard Firebox and XTM Appliances Arbitrary File Deletion Vulnerability in WatchGuard Firebox and XTM Appliances Privileged Management User Credential Modification Vulnerability in WatchGuard Firebox and XTM Appliances Default Built-in Build Cache Configuration Allows Anonymous Write Access in Gradle Enterprise Arbitrary File Movement Vulnerability in Docker Desktop on Windows DYLIB Injection Vulnerability in Cryptomator 1.6.5 Spectre BHB: Exploiting Shared Branch History for Cache Allocation Inference Reflected Cross-Site Scripting in WooCommerce PDF Invoices & Packing Slips WordPress Plugin Stored XSS Vulnerability in Apache OFBiz Birt Plugin Remote Code Execution Vulnerability in Apache OFBiz via Birt Plugin (CVE-2020-9484) Local Privilege Escalation Vulnerability in Pritunl Client for Windows Stored XSS Vulnerability in Zoho ManageEngine SupportCenter Plus before 11020 Insecure Logging of Inbound HTTP Requests in HashiCorp Terraform Enterprise RNDIS USB Gadget Size Validation Vulnerability Arbitrary File Read Vulnerability in Appwrite ACME-Challenge Endpoint Reflected Cross-Site Scripting in WP Hide & Security Enhancer WordPress Plugin Arbitrary File Download Vulnerability in DCN Firewall DCME-520 Vulnerability: Unauthorized Filtering of Issues by Contact and Organization in GitLab CE/EE Remote Command Execution (RCE) Vulnerability in DCN Firewall DCME-520 via /system/tool/ping.php Host Parameter SQL Injection Vulnerability in Simple Bakery Shop Management v1.0 SQL Injection Vulnerability in Medical Store Management System v1.0 via cid parameter in customer-add.php Multiple Reflected Cross-Site Scripting (XSS) Attacks in Cosmetics and Beauty Product Online Store v1.0 SQL Injection Vulnerability in Cosmetics and Beauty Product Online Store v1.0 via Search Parameter SQL Injection Vulnerability in Auto Spare Parts Management v1.0 SQL Injection Vulnerability in Simple Real Estate Portal System v1.0 via id Parameter Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting in Link Optimizer Lite Plugin for WordPress Arbitrary File Read Vulnerability in Cuppa CMS v1.0 Unauthenticated Access Control Vulnerability in HMS v1.0 Allows Unauthorized PHP File Access and Modification SQL Injection Vulnerability in HMS v1.0 via admin.php Component SQL Injection Vulnerability in Tongda2000 v11.10's delete.php via DELETE_STR Parameter SQL Injection Vulnerability in Tongda2000 v11.10's change_box.php via DELETE_STR Parameter SQL Injection Vulnerability in Tongda2000 v11.10's delete_query.php Stored XSS Vulnerability in Hospital Management System v1.0 via Doctor Parameter Stored XSS Vulnerability in Hospital Management System v1.0 via dpassword parameter at /admin-panel1.php Stored Cross-Site Scripting (XSS) Vulnerability in Hospital Management System v1.0 Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting in uContext for Amazon WordPress Plugin Stored XSS Vulnerability in Maxsite CMS v180 via f_file_description Parameter at /admin/files Maxsite CMS v180 Remote Code Execution (RCE) Vulnerability at /admin/options Arbitrary File Deletion Vulnerabilities in Maxsite CMS v180 Stored Cross-Site Scripting (XSS) Vulnerability in Maxsite CMS v108 via f_tags Parameter at /admin/page_edit/3 Stack Overflow Vulnerability in Tenda AC9 V15.03.2.21_cn via NPTR Parameter Stack Overflow Vulnerability in Tenda AC9 V15.03.2.21_cn via saveparentcontrolinfo Function Stack Overflow Vulnerability in Tenda AC9 V15.03.2.21_cn via openSchedWifi Function Vulnerability: Cross-Site Request Forgery and Cross-Site Scripting in uContext for Clickbank Plugin CLRF Injection Vulnerability in NTT Resonant Incorporated goo blog App Web Application 1.0 Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via schedendtime Parameter in openSchedWifi Function Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via deviceId Parameter in saveparentcontrolinfo Function Buffer Overflow Vulnerability in Tenda AC9 v15.03.2.21 via Time Parameter in saveparentcontrolinfo Function Arbitrary CSS Injection in Visual Portfolio WordPress Plugin Multiple Stack Overflow Vulnerabilities in Tenda AC9 v15.03.2.21 Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via urls Parameter in saveparentcontrolinfo Function Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 Firewall Configuration Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via SetStaticRoutecfg Function Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via SetVirtualServerCfg Function Remote Command Execution Vulnerability in Tenda AC9 v15.03.2.21 via SetIPTVCfg Function Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via SetIpMacBind Function Unauthenticated Directory Listing Vulnerability in Ninja Job Board WordPress Plugin Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via ntpserver Parameter Remote Command Execution Vulnerability in Tenda AC9 v15.03.2.21 via vlanid Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi PowerSaveSet Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via schedstarttime Parameter in openSchedWifi Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via schedendtime Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via openSchedWifi Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AC6 V15.03.05.09_multi via SetVirtualServerCfg Function Stack Overflow Vulnerability in Tenda AC6 V15.03.05.09_multi via setstaticroutecfg Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via URLs Parameter in saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via time Parameter in saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via loginpwd Parameter in SetFirewallCfg Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via SetIpMacBind Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via security_5g Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via ntpserver Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via cmdinput Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via S1 Parameter in SetSysTimeCfg Function Arbitrary HTML and JavaScript Injection in All-in-One WP Migration WordPress Plugin Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via endip Parameter in SetPptpServerCfg Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via SetPptpServerCfg Function Segmentation Fault Vulnerability in Yafu v2.0 via /factor/avx-ecm/vecarith52.c Stored XSS Vulnerability in DoraCMS v2.1.8's /admin/contenttemp Component Stack Buffer Overflow in Espruino 2v11 Release via jsvGetNextSibling in src/jsvar.c Denial-of-Service Vulnerability in Softing Secure Integration Server V1.22 OpenEMR 6.0.0 Insecure Direct Object Reference (IDOR) Vulnerability Unprotected PATHINFO Parameter in ThinkPHP Framework v5.0.24 Allows Access to System Environment Parameters Reachable Assertion in tcpprep v4.4.1: Assertion Failure in packet2tree() Local File Inclusion Vulnerability in CuppaCMS v1.0 Local File Inclusion Vulnerability in CuppaCMS v1.0 Remote Code Execution (RCE) Vulnerability in Atom CMS v2.0 via /admin/uploads.php SQL Injection Vulnerability in Atom CMS v2.0 via id parameter in /admin/ajax/avatar.php Reflected Cross-Site Scripting (XSS) Vulnerability in Atom CMS v2.0 NULL Pointer Dereference Vulnerability in gpac/gpac prior to v2.1.0-DEV SQL Injection Vulnerability in HMS v1.0 via editid Parameter in department.php SQL Injection Vulnerability in HMS v1.0 via editid Parameter in appointment.php SQL Injection Vulnerability in HMS v1.0 via medicineid Parameter in ajaxmedicine.php Reflected XSS Vulnerability in HMS v1.0 via treatmentrecord.php SQL Injection Vulnerability in Online Banking System v1.0 via staff_login.php Arbitrary File Upload and Code Execution Vulnerability in CuppaCMS v1.0 Arbitrary File Read Vulnerability in CuppaCMS v1.0 CuppaCMS v1.0 Remote Code Execution (RCE) Vulnerability in saveConfigData Function OS Command Injection in Hestia Control Panel (HestiaCP) prior to version 1.6.5 SQL Injection Vulnerability in Taocms v3.0.2 via id parameter in \include\Model\Category.php SQL Injection Vulnerability in FreeTAKServer-UI v1.9.8 via /AuthenticateUser API Endpoint Stored Cross-Site Scripting (XSS) Vulnerability in FreeTAKServer-UI v1.9.8 via Callsign Parameter Access Control Issue in FreeTAKServer v1.9.8: Unauthenticated DoS and Route Manipulation Vulnerability Unauthenticated Access to Full Site Backup in Duplicator WordPress Plugin Hardcoded Flask Secret Key in FreeTAKServer 1.9.8 Allows Authentication Bypass and Privilege Escalation Arbitrary File Placement Vulnerability in FreeTAKServer-UI v1.9.8 Sensitive API and Websocket Key Leakage in FreeTAKServer-UI v1.9.8 Heap-buffer-overflow vulnerability in stb_truetype.h v1.26 via ttUSHORT() function Heap-buffer-overflow vulnerability in stb_truetype.h v1.26 via ttULONG() function Heap-buffer-overflow vulnerability in stb_truetype.h v1.26 via stbtt__find_table SQL Injection Vulnerability in MyBatis Plus v3.4.3 via Column Parameter in AbstractWrapper.java Vulnerability: Password Exposure in CMDBuild Temporary Log Table Unauthenticated Information Disclosure in Duplicator WordPress Plugin Access Control Issue in NUUO v03.11.00 TypesetterCMS v5.1 Cross-Site Request Forgery (CSRF) Vulnerability Ignored Authfile Directive Allows Unauthorized Communication in Cluster Path Traversal Vulnerability in Enable Media Replace WordPress Plugin Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via ddnsUser Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via fromSetSysTime Function Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting fromSetSysTime Function for DoS Attacks Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via ddnsEn Parameter CSRF Vulnerability in Yotpo Reviews for WooCommerce WordPress Plugin Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Denial of Service via deviceName Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via ddnsDomain Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Denial of Service via ssid Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via ddnsPwd Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Denial of Service via saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting fromSetSysTime Function for DoS Attacks Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21: Denial of Service (DoS) via sub_42E328 Heap Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting saveParentControlInfo Function for DoS Attacks Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via formSetProvince Function Mailchimp for WooCommerce WordPress Plugin 2.7.2 Privilege Escalation and Network Scanning Vulnerability Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21: Denial of Service (DoS) via sub_4327CC Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21: Denial of Service (DoS) via sub_42DE00 Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting saveParentControlInfo Function for Denial of Service (DoS) MotionEye v0.42.1 and below: Sensitive Information Disclosure via Unconfigured Regular User Password Static SSH Key Reuse Vulnerability in Bettini Srl GAMS Product Line v4.3.0 Arbitrary File Download and Deletion Vulnerability in Team WordPress Plugin Privilege Escalation Vulnerability in Click Studios Passwordstate 9435 Critical Information Leak Vulnerability in Bluedon Internet Access Detector v1.0 Stored XSS Vulnerability in Image Upload Function of /admin/show.php Cross-Site Scripting (XSS) Vulnerabilities in Parking Management System v1.0 Cross-Site Request Forgery (CSRF) vulnerability in Anchor CMS v0.12.7 allows arbitrary post deletion Hardcoded Password Vulnerability in ALF-BanCO v8.2.5 and Below Code Injection Vulnerability in Taocms v3.0.2 via .htaccess File Editing Directory Listing Vulnerability in Simple Job Board WordPress Plugin Arbitrary File Upload and Code Injection Vulnerability in Classcms v2.5 and Below Stored XSS Vulnerability in ClassCMS v2.5 and Below: Column Module Allows Arbitrary Code Execution FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY Information Disclosure Vulnerability Stored XSS Vulnerability in Unioncms v1.0.13 Default Settings SQL Injection Vulnerability in Fluent Support WordPress Plugin Session Cookie Retention Vulnerability in SurveyKing v0.2.0 Arbitrary File Deletion Vulnerability in BlogEngine.NET v3.3.8.0 Sensitive Information Exposure in Microprogram's Parking Lot Management System Improper User Request Handling in ASUS RT-AC86U: LAN Denial of Service Vulnerability Heap-based Buffer Overflow Vulnerability in ASUS RT-AC56U Configuration Function Command Injection Vulnerability in ASUS RT-AC86U’s LPD Service Apache DolphinScheduler User Registration Regular Express Denial of Service (ReDoS) Vulnerability CSRF Vulnerability in Spiffy Calendar WordPress Plugin Allows Event Deletion Arbitrary File Deletion Vulnerability in EnterpriseDT CompleteFTP Server 22.1.0 CSRF Vulnerability in WP Google Map Plugin (<= 4.2.3) Allows Unauthorized Deletion and Copying of Maps Contact Form X WordPress Plugin <= 2.4 Reflected XSS Vulnerability in &tab Parameter Responsive Menu WordPress Plugin <= 4.1.7: Nonce Token Leak Vulnerability MaxGalleria WordPress Plugin Authenticated Stored XSS Vulnerability WordPress Price Table Plugin <= 0.2.2 Authenticated Stored XSS Vulnerability Title: Multiple Authenticated Stored XSS Vulnerabilities in WP-DownloadManager WordPress Plugin (<= 1.68.6) Title: WP-DownloadManager Plugin <= 1.68.6 Multiple Authenticated Stored XSS Vulnerabilities Critical Authenticated SQL Injection Vulnerability in FV Flowplayer Video Player WordPress Plugin (<= 7.5.15.727) CSRF Vulnerability in Yoo Slider – Image Slider & Video Slider WordPress Plugin Allows Unauthorized Slider Actions Stored Cross-Site Scripting (XSS) Vulnerability in Yoo Slider – Image Slider & Video Slider WordPress Plugin Arbitrary Code Execution via XML Deserialization in OPC Labs QuickOPC 2022.1 Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner Plugin <= 1.5.4 Simple Event Planner WordPress Plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) Vulnerabilities Title: Authenticated Persistent XSS Vulnerability in FV Flowplayer Video Player WordPress Plugin (<= 7.5.18.727) via &fv_wp_flowplayer_field_splash Parameter CSRF Vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar WordPress Plugin (<= 1.3.7) Allows Unauthorized Zoom Meeting Sync CSRF Vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar WordPress Plugin Allows Cache Deletion Code Snippets Plugin XSS Vulnerability via &orderby Parameter Authenticated Stored XSS Vulnerability in wpDataTables Plugin (<= 2.1.27) Command Injection Vulnerability in Profelis IT Consultancy SambaBox 4.0 and Prior Versions XSS Vulnerability in Profelis IT Consultancy SambaBox Group Functionality Arbitrary OS Command Execution Vulnerability in UNIVERGE WA Series Denial of Service Vulnerability in SIMATIC Industrial Control Systems Privilege Escalation Vulnerability in Symantec Management Agent Allows Local Account to Gain SYSTEM Level Access PAM User Exploitation: Unauthorized Access and Configuration Manipulation Unauthenticated Access to Identity Manager's Management Console Specific Page URLs Remote Command Execution Vulnerability in Symantec Identity Manager 14.4 XML External Entity Injection Vulnerability in Symantec Identity Manager 14.4 Management Console Arbitrary Code Execution via Malicious Annotations Stored Cross-Site Scripting Vulnerability in Tutor LMS WordPress Plugin XSS Vulnerability in Admin Group Policy Page Allows for Embedded Malicious Content Title: Elevation of Privilege Vulnerability in Symantec Endpoint Protection (CVE-2021-XXXX) Unintended Working Directory Vulnerability in Qt Buffer Overflow Vulnerability in Realtek Linux/Android Bluetooth Mesh SDK Heap Out-of-Bounds Write Privilege Escalation in Linux Kernel's nf_dup_netdev.c Certificate Validation Bypass in wolfSSL 5.2.0 and Earlier Prototype Pollution in Mongoose prior to 6.4.6 TLS 1.3 Mutual Authentication Bypass Vulnerability in wolfSSL Vulnerability: Cross-Reference Mishandling in Foxit PDF Reader, PDF Editor, and PhantomPDF XSS Vulnerability in Obyte Wallet Allows Remote Code Execution Privilege Escalation via User-Supplied Socket Pathname in seatd 0.6.x before 0.6.4 Arbitrary Code Execution Vulnerability in @pendo324/get-process-by-name Package Prototype Pollution in dset/merge mode allows for bypassing top-level path validation Cross-site Scripting (XSS) Vulnerability in x-data-spreadsheet Package Deserialization of Untrusted Data Vulnerability in com.google.code.gson:gson Command Injection Vulnerability in Git 1.11.0 and Earlier Improper Access Control Vulnerabilities in StoreApps Affiliate For WooCommerce Plugin Cross-Site Scripting Vulnerability in Simple Payment Donations & Subscriptions WordPress Plugin Protected Field Information Extraction Vulnerability Integer Overflow Vulnerability in Bluetooth Host Processing BT HFP-UNIT Profile Improper Hash Verification in Snapdragon Wired Infrastructure and Networking: A Cryptographic Vulnerability AVI File Processing Vulnerability Leads to Information Disclosure in Snapdragon Devices Kernel Memory Corruption Vulnerability in Snapdragon Platforms WLAN HAL Memory Corruption Vulnerability Improper Validation of Buffer Size in Snapdragon Platforms: Potential Integer Overflow and Memory Corruption Vulnerability Buffer Overflow Vulnerability in Snapdragon Platforms Processing Invalid MKV Clips Endianness-related Memory Corruption Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms when Parsing Invalid Bitmap Size in MKV Clips Heap Out-of-Bounds Memory Write Vulnerability in FFMPEG (CVE-2021-XXXX) Double Free Vulnerability in Snapdragon Kernel Untrusted Pointer Dereference Vulnerability in Snapdragon Platforms Untrusted Pointer Dereference Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Compute, Connectivity, and Consumer Electronics Connectivity: A Potential Denial of Service Threat GPU Data Exposure Vulnerability in Snapdragon Platforms Kernel Buffer Over Read Vulnerability in Snapdragon Platforms Multiple Thread Use After Free Vulnerability in Snapdragon Platforms ICMP Request Handling Vulnerability in Snapdragon Wired Infrastructure and Networking Double Free Vulnerability in Snapdragon Video Driver: Exploiting ASF Clip Parsing Critical Vulnerability: Buffer Over Read Leads to Denial of Service in Snapdragon Devices Stored Cross-Site Scripting Vulnerability in Form Builder CP WordPress Plugin Buffer Over Read Vulnerability in Snapdragon Devices Snapdragon Mobile Vulnerability: Denial of Service Exploit in MODEM Critical Denial of Service Vulnerability in Snapdragon Mobile Modems Vulnerability: Denial of Service in Snapdragon Mobile MODEM due to Reachable Assertion during Network Configuration Processing Critical Cryptographic Vulnerability in WPA/WPA2 Group Key Handshake in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music Vulnerability: Denial of Service in Snapdragon Compute, Industrial IOT, and Mobile due to Reachable Assertion in Modem Critical Vulnerability: Buffer Over-read in AVI File Parsing in Snapdragon Devices Use After Free Vulnerability in Diag Processing in Snapdragon Platforms Buffer Overwrite Vulnerability in CoAP Connection Leads to Memory Corruption in Modem Critical Vulnerability: Denial of Service Exploit in Snapdragon Devices' Video Broadcast Receivers Ansible Automation Platform Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Snapdragon Auto's Multimedia Processing Memory Corruption Vulnerability in Snapdragon Processors Out-of-Range Pointer Offset Vulnerability in MODEM UIM Decoding in Snapdragon Platforms Improper Authorization Vulnerability in Snapdragon Modules Leads to Denial of Service WAV File Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms: Corrupted Video Memory Exploitation Buffer Overflow Vulnerability in Snapdragon Platforms: Memory Corruption in Video Parsing Vulnerability: Denial of Service Exploit in Snapdragon Mobile Modem Cleartext Storage of OAuth Session Data Vulnerability Array Index Out of Bounds Vulnerability in ANQP Action Frame Parsing in Snapdragon Platforms Vulnerability: Denial of Service in Snapdragon Mobile Modem due to Invalid SCS and Bandwidth Settings in SIB1 Processing Vulnerability: Denial of Service in Modem during Common Config Procedure in Snapdragon Platforms Graphics Profiling Vulnerability in Snapdragon Connectivity and Snapdragon Mobile: Memory Corruption Exploitation Out-of-range Pointer Offset Vulnerability in UIM Leading to Memory Corruption in Modem Memory Corruption Vulnerability in Snapdragon Devices Race condition vulnerability in Snapdragon platforms leading to memory corruption in display Critical Memory Corruption Vulnerability in Snapdragon Mobile and Wearables: Improper Input Validation in i2c Driver Memory Corruption Vulnerability in Snapdragon Mobile and Wearables SPI Buses Vulnerability: Denial of Service in Modem through Reconfiguration Message Processing in Snapdragon Platforms Integer Overflow Vulnerability Leading to Buffer Overflow in Modem's APDU Response Handling Bluetooth Driver Buffer Over-read Vulnerability in Snapdragon Devices Buffer Overflow Vulnerability in Snapdragon Connectivity and Snapdragon Mobile WLAN Key Parsing Out-of-Range Pointer Offset Vulnerability in Modem's QMI Message Processing Heap-based Buffer Overflow in Vim Prior to 9.0.0101 Null Pointer Dereference Vulnerability in Snapdragon Devices Array Index Out of Bounds Vulnerability in Snapdragon Platforms Unbounded Buffer Copy Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in Automotive Systems: Exporting Shared Key without Proper Memory Bounds Restriction Type Casting Vulnerability Leads to Memory Corruption in Display Driver Unsafe Access to Data Members in Multimedia Framework Leads to Memory Corruption Double Free Vulnerability in Display Frame Buffer Allocation Improper Return Value Check in WLAN Authentication Handshake Vulnerability Improper Length Check Vulnerability in Snapdragon Connectivity Stack API Key Persistence Vulnerability Out-of-Bound Array Access Vulnerability in Snapdragon Connectivity Type Confusion Vulnerability in Video Driver Leads to Memory Corruption during Video Playback Memory Leakage Vulnerability in DSP Services Exploiting Use After Free Vulnerability in Snapdragon Mobile: Memory Corruption in Multimedia Buffer Overflow Vulnerability in Snapdragon Platforms: Exploiting Graphics Memory Corruption MODEM Denial of Service Vulnerability: Improper Pointer Handling Array Out of Bounds Access Vulnerability in Modem Data Handling Leads to Information Disclosure Critical Memory Corruption Vulnerability in Snapdragon IOT and Voice & Music Devices Modem Vulnerability: Information Disclosure through DNS Response Buffer Over-read Modem Memory Corruption: Improper Length Check Vulnerability Modem Vulnerability: IP Type Check Failure Leads to Information Disclosure Modem Vulnerability: Information Disclosure via DNS Packet Buffer Over-read Modem Vulnerability: Information Disclosure via DNS Client Buffer Over Read Modem Vulnerability: Denial of Service Exploit via DNS Packet Processing Vulnerability: Denial of Service in Modem Due to Missing Null Check in IP Packet Processing Vulnerability: Denial of Service in Modem due to Missing Null Check in TCP/UDP Packet Processing Vulnerability: Denial of Service in WLAN due to Out-of-Bound Read in Snapdragon Platforms Modem Vulnerability: Information Disclosure via Missing NULL Check Buffer Over-read Vulnerability in Modem Leads to Information Disclosure Critical Vulnerability: Denial of Service Exploit in Modem via Missing Null Check in IPv6 Packet Processing during ECM Call Stored Cross-Site Scripting Vulnerability in Meks Easy Social Share WordPress Plugin IPv6 Multicast Address Buffer Overflow Vulnerability in Modem Critical Denial of Service Vulnerability in Snapdragon Devices: Null Pointer Dereference in WLAN Infinite Loop Vulnerability in Snapdragon IOT Modems: Exploiting IGMPv2 Packet Parsing Critical Memory Corruption Vulnerability in Multiple Snapdragon Platforms Critical Vulnerability: Memory Corruption in Modem via CoAP Message Handling Kernel Memory Corruption Vulnerability: Missing Access Rights Checks in Memextent Mapping Update CoAP Message Parsing Vulnerability in Modem Leads to Information Disclosure WLAN Integer Overflow Vulnerability Leads to Buffer Overflow in Multiple Snapdragon Platforms Buffer Over-read Vulnerability in WLAN Parsing MDNS Frames in Multiple Snapdragon Platforms Stored Cross-Site Scripting Vulnerability in WBW Currency Switcher for WooCommerce WordPress Plugin Double Free Vulnerability in BTHOST: Exploiting Memory Corruption in Snapdragon Mobile HTTP Header Validation Vulnerability in SCALANCE X-Series Network Devices Insecure Session Management in SCALANCE X300 Series Network Devices Buffer Overflow Vulnerability in SCALANCE X-Series Network Devices Vulnerability: Remote Code Execution via SCALANCE X-Series Web Server Missing Security Headers in SCALANCE X-Series Network Devices Cross-Site Scripting (XSS) Vulnerability in SCALANCE X300 Series Improper Input Validation in Apache APISIX Allows Bypass of Request-Validation Plugin Vulnerability: Regular Expression Denial of Service (ReDoS) in scss-tokenizer package Remote Code Injection Vulnerability in convert-svg-core before 0.6.2 DTLS Resumption Handshake Vulnerability in Eclipse Californium Arbitrary Code Injection Vulnerability in accesslog Package Unlimited Chunk Denial of Service Vulnerability in open62541 WebSocket Connection Closure Vulnerability HTTP/2 Request Validation Vulnerability in Apache Traffic Server Command Injection Vulnerability in pdfkit 0.0.0: Improper Sanitization of URL Input Remote Code Execution (RCE) Vulnerability in ungit Package (Versions before 1.5.20) via Argument Injection Remote Code Execution and Arbitrary File Read Vulnerability in com.bstek.ureport:ureport2-console Critical SQL Injection Vulnerability in SourceCodester Garage Management System 1.0 Remote Code Execution via Cross-Site Scripting (XSS) in Mautic Web Tracking Component CSRF Vulnerability in Secomea GateManager Web UI Allows Phishing Attackers to Hijack User Sessions Insecure Audit Log Vulnerability in Secomea GateManager Critical Access Control Vulnerability in SourceCodester Garage Management System 1.0 Unauthorized Access to Devices Outside Scope in Secomea GateManager Web UI Secomea GateManager Web UI XSS Vulnerability Insufficient Privileges Exploit in Secomea GateManager Web UI Insufficient Logging Vulnerability in Secomea GateManager Web Server Cross-Site Scripting (XSS) Vulnerability in Secomea SiteManager Web GUI Arbitrary Code Execution Vulnerability in Secomea SiteManager Versions Prior to 9.7 Unprotected Alternate Channel Vulnerability in GateManager Debug Console Allows Unauthorized Access to Sensitive Information Secomea GateManager API Information Exposure Through Query Strings Vulnerability Buffer Overflow Vulnerability in Autodesk AutoCAD 2022 JT File Parsing AutoCAD Use-After-Free Vulnerability in DWF, 3DS, and DWFX Files Cross-Site Scripting (XSS) Vulnerability in SourceCodester Garage Management System 1.0 Boundary Write Vulnerability in Autodesk AutoCAD and Navisworks Memory Corruption Vulnerability in Autodesk AutoCAD and Navisworks Allows Code Execution via Malicious DLL Files Buffer Overflow Vulnerability in Autodesk AutoCAD and Navisworks Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max: Arbitrary Code Execution Out-Of-Bounds Read Vulnerability in Autodesk FBX Review Allows Code Execution and Information Disclosure Remote Code Execution Vulnerability in Autodesk TrueView 2022 and 2021 via Malicious DWG Files Remote Code Execution Vulnerability in Autodesk Navisworks 2022 Autodesk AutoCAD PDF Parsing Vulnerability Open Redirect Vulnerability in CERT/CC VINCE Software Prior to 1.50.0 Heap-based Buffer Overflow in Vim prior to 9.0.0102 SSRF Vulnerability in Best Practical RT for Incident Response (RTIR) SSRF Vulnerability in Best Practical RT for Incident Response (RTIR) Cross-Site Scripting (XSS) Vulnerability in Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 Open Redirect Vulnerability in Best Practical Request Tracker (RT) before 5.0.3 Insecure Permissions in IGEL Universal Management Suite (UMS) Allow Unauthorized Access to Superuser Credentials Cleartext LDAP Bind Credential Exposure in IGEL Universal Management Suite (UMS) 6.07.100 Hardcoded DES Key Vulnerability in IGEL Universal Management Suite (UMS) 6.07.100 Hardcoded DES Key Vulnerability in IGEL Universal Management Suite (UMS) 6.07.100 Alexa versus Alexa (AvA) Attack: Arbitrary Voice Command Execution on Amazon Echo Dot Devices GitHub Repository vim/vim Out-of-bounds Read Vulnerability Vulnerability: Privilege Escalation and Sensitive Action Exposure in Transposh WordPress Translation Plugin SQL Injection Vulnerability in Transposh WordPress Translation Plugin Unvalidated Debug Settings in Transposh WordPress Translation Plugin Allow for Remote Code Execution (RCE) Remote Code Execution (RCE) Vulnerability in Apache OFBiz eCommerce Plugin Wearable Manager Installer PendingIntent Hijacking Vulnerability Weather Application PendingIntent Hijacking Vulnerability Authentication Bypass Vulnerability in Samsung Lock and Mask Apps Setting One UI Home Vulnerability: Unauthorized Pinned-Shortcut Generation Arbitrary Code Execution Vulnerability in UWB Stack Prior to SMR Mar-2022 Release 1 Kernel Stack Memory Disclosure Vulnerability in HDCP2 Device Node Unencrypted Hash Leakage in AWS S3 Crypto SDK Fingerprint Matching Algorithm Vulnerability: Brute Force Attack on Screen Lock Password SMS Buffer Pointer Vulnerability in Shannon Baseband Prior to SMR Mar-2022 Release 1: OOB Read Kernel Crash Vulnerability in sdp Driver Prior to SMR Mar-2022 Release 1: Use After Free Information Exposure Vulnerability in Galaxy Watch Plugin: Unauthorized Access to User Information in Log Improper Access Control Vulnerability in BixbyTouch: Arbitrary URL and Local File Loading Improper Access Control Vulnerability in Samsung Account: Unauthorized Access to Authcode WiFiAp Password Information Exposure in Galaxy S3 Plugin (v2.2.03.22012751) Password Exposure in Galaxy Watch Plugin: Accessing WiFiAP Passwords Watch Active Plugin Information Exposure Vulnerability: Unauthorized Access to WiFiAp Passwords Watch Active2 Plugin Information Exposure Vulnerability: Unauthorized Access to WiFiAp Passwords Race Condition Vulnerability in HTTP Request Routing Password Exposure in Galaxy Watch3 Plugin: Accessing WiFiAP Passwords Improper Access Control Vulnerability in S Secure: Unauthorized Access to Secured Data S Secure Prior to SMR Apr-2022 Release 1: Unauthorized Access to Locked Myfiles App IMS Authentication Bypass Vulnerability in ImsService Arbitrary Command Execution via Crafted Filename in Percona XtraBackup Bluetooth® Low Energy Pairing Vulnerability: Unauthenticated MITM Attack via Passkey Brute Forcing Bluetooth® Pairing Vulnerability: Unauthenticated MITM Exploitation via Passkey Brute Forcing Laravel Fortify TOTP Reuse Vulnerability Improper Input Validation in package url-js allows for Hostname Spoofing Panic Vulnerability in dag-pb Codec when Decoding Invalid Blocks Uncontrolled Search Path Elements in Intel(R) Datacenter Group Event Android Application: Privilege Escalation Vulnerability Arbitrary File Write via Archive Extraction (Zip Slip) in com.alibaba.oneagent:one-java-agent-plugin Angular Package ReDoS Vulnerability in Custom Locale Rule Deserialization of Untrusted Data Vulnerability in com.alibaba:fastjson Cross-site Scripting (XSS) Vulnerability in serve-lite Package Insecure Path Joining in static-dev-server Cross-site Scripting (XSS) vulnerability in joyqi/hyper-down package (0.0.0) due to inadequate href attribute filtering in the markdown parser Use-after-free vulnerability in POSIX CPU timers when exec'ing from a non-leader thread Server-side Request Forgery (SSRF) Vulnerability in Proxyscotch Package Denial of Service (DoS) Vulnerability in jpeg-js Package before 0.4.4 Denial of Service (DoS) Vulnerability in pg-native and libpq Packages Command Injection Vulnerability in semver-tags Package XSS Vulnerability in @yaireo/tagify Package Command Injection Vulnerability in create-choo-app3 Package Directory Traversal Vulnerability in Argo Events GitArtifactReader API Denial of Service (DoS) Vulnerability in org.yaml:snakeyaml Package Regular Expression Denial of Service (ReDoS) Vulnerability in Terser Package NFT Object Cross-Table Reference Vulnerability Remote Code Execution (RCE) via simple-git package clone(), pull(), push(), and listRemote() methods (CVE-2022-25912) Prototype Pollution in sds 0.0.0 via set.js Unsanitized Input Vulnerability in gatsby-plugin-mdx Uncontrolled Search Path Vulnerability in Intel(R) oneMKL Software Command Injection Vulnerability in workspace-tools Package Command Injection Vulnerability in czproject/git-php Package NULL Pointer Dereference Vulnerability in io.socket:socket.io-client Insecure Page Caching in Internet Explorer Allows Cross-site Scripting (XSS) in Angular Package Heap Corruption Vulnerability in Chrome OS Audio Server Prototype Pollution vulnerability in querymen package Out-of-bounds Read Vulnerability in fast-string-search Package Cross-site Scripting (XSS) vulnerability in Vuetify's VCalendar component Cross-Site Scripting (XSS) Vulnerability in Svelte Package (Versions before 3.49.0) Server-side Request Forgery (SSRF) vulnerability in package link-preview-js before 2.1.16 Prototype Pollution in protobufjs before 6.11.3 allows Object.prototype Modification Zero-Handle Filter Removal Vulnerability in Linux Kernel's cls_route Implementation Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Cache Poisoning Vulnerability in http-cache-semantics Directory Traversal Vulnerability in onnx Package (Versions < 1.13.0) Vulnerability: Regular Expression Denial of Service (ReDoS) in semver package (versions before 7.5.2) Denial of Service Vulnerability in muhammara and hummus Packages Vulnerability: Regular Expression Denial of Service (ReDoS) in sanitize-html package Unlimited Chunk Denial of Service (DoS) Vulnerability in opcua Package Reflected Cross-site Scripting (XSS) Vulnerability in beancount/fava prior to 1.22.3 Command Injection Vulnerability in wifey Package's connect() Function Denial of Service (DoS) Vulnerability in github.com/containrrr/shoutrrr/pkg/util before 0.6.0 Denial of Service (DoS) Vulnerability in muhammara and hummus Packages Arbitrary Code Execution Vulnerability in vm2 Package (Versions before 3.9.10) Remote Code Execution (RCE) vulnerability in com.bstek.uflo:uflo-core via ExpressionContextImpl class Directory Traversal Vulnerability in lite-dev-server Session Regeneration Vulnerability in Passport Package Denial of Service (DoS) Vulnerability in org.eclipse.milo:sdk-server before 0.6.8 Improper Verification of Cryptographic Signature in jsrsasign before 10.5.25 Open AMT Cloud Toolkit Software Authentication Bypass Vulnerability Privilege Escalation via Copy-on-Write (COW) Race Condition in Linux Kernel Command Injection Vulnerability in git-clone Package Vulnerability: Regular Expression Denial of Service (ReDoS) in cookiejar package Unlimited Nesting Levels in opcua Package Leads to Denial of Service (DoS) Vulnerability Prototype Pollution in safe-eval Package: Object.prototype Modification via safeEval Function Uncontrolled Search Path Element Vulnerability in Intel(R) oneAPI Data Analytics Library (oneDAL) Command Injection Vulnerability in is-http2 Package Prototype Pollution Vulnerability in ts-deepmerge before 2.0.2 Command Injection Vulnerability in create-choo-electron Package Critical Denial of Service Vulnerability in TEM FLEX-1085 1.6.0 Remote Code Execution (RCE) in simple-git via ext transport protocol Remote Code Execution (RCE) vulnerability in com.google.cloud.tools:jib-core before 0.22.0 via isDockerInstalled function Access Control Bypass Vulnerability in ELECOM LAN Routers Command Injection in mt7688-wiscan before 0.8.3 Firmware Vulnerability in Intel(R) Server Board M50CYP Family: Potential Denial of Service via Local Access Regular Expression Denial of Service (ReDoS) vulnerability in shescape package (1.5.10 - 1.6.1) via insecure regex in escapeArgBash function Denial of Service Vulnerability in GitLab CE/EE Snippet Descriptions Arbitrary Code Execution Vulnerability in morgan-json Package