Vulnerability Index: Year 2023

Cortex XDR Agent Information Exposure Vulnerability: Cleartext Disclosure of Admin Password Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent on Windows Devices File Disclosure Vulnerability in Palo Alto Networks Cortex XSOAR Server Software Local File Deletion Vulnerability in Palo Alto Networks PAN-OS Software Vulnerability in Palo Alto Networks PAN-OS Software Exposes Plaintext Secrets and Encrypted API Keys Race condition vulnerability in Palo Alto Networks GlobalProtect app allows local file deletion with elevated privileges Cross-Site Scripting (XSS) Vulnerability in Palo Alto Networks PAN-OS Software on Panorama Appliances Race condition vulnerability in Palo Alto Networks PAN-OS software allows authenticated administrators to export local files through the web interface Local Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect App on Windows Reflected XSS Vulnerability in Palo Alto Networks PAN-OS Captive Portal Feature Arbitrary Command Execution via TOBY-L2 Serial Interface Privilege Escalation via SAP_LocalAdmin Membership in SAP Host Agent (Windows) Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Application Server ABAP Keyword Documentation Ambiguous Format Information Disclosure Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform XSS Vulnerability in SAP BusinessObjects Business Intelligence Platform SAP BPC MS 10.0 - Version 810 SQL Injection Vulnerability Unauthenticated Access Control Vulnerability in SAP NetWeaver AS for Java - Version 7.50 Stored XSS Vulnerability in SAP BusinessObjects Business Intelligence Platform CMC Application SAP GRC (Process Control) Remote-Enabled Function Module Data Exposure Vulnerability Unauthorized Access to Sensitive Information in SAP BusinessObjects Business Intelligence Platform Unauthenticated Code Injection Vulnerability in SAP NetWeaver Remote Code Execution Vulnerability in SAP BusinessObjects Business Intelligence Analysis Edition for OLAP Sensitive Data Exposure in SAP Bank Account Management Application Cross-Site Scripting Vulnerability in SAP Solution Manager (BSP Application) Version 720 SAP Solution Manager (BSP Application) - Version 720 Link Manipulation Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Modbus TCP Server AOI Unauthorized Information Disclosure Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in linagora/twake GitHub Repository (prior to 2023.Q1.1200+) Remote Denial of Service Vulnerability in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B Use-After-Free Vulnerability in Linux Kernel's Nouveau Driver Allows Privilege Escalation Stored Cross-Site Scripting Vulnerability in PDF Viewer WordPress Plugin Stored Cross-Site Scripting Vulnerability in JetWidgets For Elementor WordPress Plugin Authentication Bypass Vulnerability in softbus_client_stub in OpenHarmony-v3.0.5 and Prior Versions Authentication Bypass Vulnerability in OpenHarmony-v3.0.5 and Prior Versions: SA Relay Attack SQL Injection Vulnerability in 10Web Map Builder for Google Maps WordPress Plugin Stored Cross-Site Scripting Vulnerability in Survey Maker – Best WordPress Survey Plugin Plugin CRLF Injection Vulnerability in Async HTTP Client Insufficient Session Expiration in IBM Security Guardium 11.5 Allows User Takeover Arbitrary Protocol Redirection Vulnerability in GitLab Pages Reflected Cross-Site Scripting Vulnerability in Custom Add User WordPress Plugin Cross-Site Attack Vulnerability in Quarkus Form Authentication Delayed IBPB Vulnerability in prctl syscall GitHub Repository File and Resource Naming Vulnerability in lirantal/daloradius Code Injection Vulnerability in lirantal/daloradius GitHub Repository Critical Out-of-bounds Read Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Stored XSS Vulnerability in GitLab Allows Arbitrary Actions on Behalf of Victims Critical Heap-based Buffer Overflow in vim/vim Repository (CVE-XXXX-XXXX) Unauthenticated Command Execution in SAUTER Controls Nova 200–220 Series Clear-text Transmission of Sensitive Information in SAUTER Controls Nova 200–220 Series Critical Out-of-bounds Write Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Insecure Handling of Sensitive Cookies in pyload/pyload Repository Title: HAProxy Uncontrolled Resource Consumption Vulnerability Allows Remote Crash UI Layer or Frame Restriction Vulnerability in pyload/pyload (prior to 0.5.0b3.dev33) Vulnerability: Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) in Tiempo.com WordPress Plugin Stored Cross-Site Scripting Vulnerability in Youzify WordPress Plugin Stored Cross-Site Scripting Vulnerability in Responsive Gallery Grid WordPress Plugin Stored Cross-Site Scripting Vulnerability in Judge.me Product Reviews for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in EAN for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in WordPress Shortcodes Plugin Stored Cross-Site Scripting Vulnerability in eVision Responsive Column Layout Shortcodes WordPress Plugin Stored Cross-Site Scripting Vulnerability in i2 Pros & Cons WordPress Plugin Stored Cross-Site Scripting Vulnerability in Companion Sitemap Generator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Timed Content WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in WPaudio MP3 Player WordPress Plugin Stored Cross-Site Scripting Vulnerability in ResponsiveVoice Text To Speech WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Tabs WordPress Plugin Stored Cross-Site Scripting Vulnerability in WC Vendors Marketplace WordPress Plugin Stored Cross-Site Scripting Vulnerability in Client Logo Carousel WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Social Widget WordPress Plugin Stored Cross-Site Scripting Vulnerability in Amazon JS WordPress Plugin Stored Cross-Site Scripting Vulnerability in Download Attachments WordPress Plugin Integer Overflow Vulnerability in Synology Router Manager (SRM) CGI Component Stored XSS Vulnerability in Resume Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in Customer Reviews for WooCommerce WordPress Plugin Arbitrary File Inclusion and Remote Code Execution Vulnerability in Customer Reviews for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in MonsterInsights WordPress Plugin Stored Cross-Site Scripting Vulnerability in ExactMetrics WordPress Plugin ArKUI Framework Subsystem Improper Input Validation Vulnerability Stored Cross-Site Scripting Vulnerability in Metform Elementor Contact Form Builder Plugin for WordPress Vulnerability: reCaptcha Bypass in Metform Elementor Contact Form Builder Plugin Cross-Site Request Forgery Vulnerability in JetWidgets for Elementor Plugin Stored Cross-Site Scripting Vulnerability in Swifty Page Manager Plugin for WordPress Cross-Site Request Forgery Vulnerability in Swifty Page Manager Plugin for WordPress Remote Code Execution Vulnerability in Proofpoint Enterprise Protection (PPS/POD) Webutils Remote Code Execution Vulnerability in Proofpoint Enterprise Protection (PPS/POD) Webservices Keycloak Client Credential Flow Token Revocation Vulnerability Command Injection Vulnerability in Okta Advanced Server Access Client Stored Cross-Site Scripting Vulnerability in UpQode Google Maps WordPress Plugin Stored Cross-Site Scripting Vulnerability in Page View Count WordPress Plugin Stored Cross-Site Scripting Vulnerability in Happyforms WordPress Plugin Stored Cross-Site Scripting Vulnerability in The Post Grid, Post Carousel, & List Category Posts WordPress Plugin SQL Injection Vulnerability in Simple URLs WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Simple URLs WordPress Plugin HTTP Host Header Tampering Vulnerability in Eclipse BIRT Privilege Escalation Vulnerability in Nessus Versions 8.10.1 - 8.15.8 and 10.0.0 - 10.4.1 Missing Authentication in LS ELECTRIC XBC-DN32U OS 01.80 Allows Arbitrary File Deletion Denial-of-Service Vulnerability in LS ELECTRIC XBC-DN32U Operating System Version 01.80 ZipSlip Vulnerability in Weintek EasyBuilder Pro Email Trust Vulnerability in Keycloak: Impersonation and Lockout Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Netis Netcore Router Backup Handler Information Disclosure Vulnerability Cleartext Storage Vulnerability in Netis Netcore Router Backup Handler (VDB-217592) Unauthenticated Broadcast Vulnerability in Reminder Module Insecure Application Identity Verification in hwKitAssistant: Implications for MeeTime Availability Foreman Arbitrary Code Execution Vulnerability Stored Cross-site Scripting Vulnerability in Foreman's Comment Section Improper Permission Validation Allows Unauthorized Editing of Label Descriptions in GitLab Denial of Service Vulnerability in GitLab CE/EE: Resource Consumption via Malicious Test Report Artifacts Pre-Auth Denial of Service (DoS) Vulnerability in Linux Kernel NVMe Functionality Stack-Based Buffer Overflow in Delta Electronics DOPSoft Versions 4.00.16.22 and Prior Out-of-Bounds Write Vulnerability in Delta Electronics DOPSoft Software Cross-Site Scripting (XSS) Vulnerability in Control iD Gerencia Web 1.30 SMA1000 Firmware Version 12.4.2 Pre-Authentication Path Traversal Vulnerability Firmware_update Command Injection Vulnerability in Restricted Telnet Interface Use After Free Vulnerability in Google Chrome's Overview Mode on Chrome OS Heap Buffer Overflow in Google Chrome Network Service Spoofing Omnibox Contents via Fullscreen API in Google Chrome on Android Bypassing File Download Restrictions via Inappropriate iFrame Sandbox Implementation in Google Chrome Remote Code Execution via Insecure Permission Prompts in Google Chrome on Windows Bypassing Main Origin Permission Delegation in Google Chrome on Android Use After Free Vulnerability in Google Chrome's Cart Use After Free Vulnerability in Google Chrome's Cart Incorrect Security UI Execution Vulnerability in Fullscreen API in Google Chrome on Android Heap Buffer Overflow in Google Chrome Platform Apps on Chrome OS Heap Buffer Overflow in libphonenumber in Google Chrome Bypassing Download Restrictions in Google Chrome on Windows File System API Bypass Vulnerability in Google Chrome on Windows Cross-Origin Data Leakage Vulnerability in Google Chrome Uncontrolled Search Path Element Vulnerability in Synology DiskStation Manager (DSM) Backup Management Functionality Stored Cross-Site Scripting Vulnerability in Send PDF for Contact Form 7 WordPress Plugin Stored Cross-Site Scripting Vulnerability in Event Manager and Tickets Selling Plugin for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in Saan World Clock WordPress Plugin Stored Cross-Site Scripting Vulnerability in Naver Map WordPress Plugin Stored Cross-Site Scripting Vulnerability in Flexible Captcha WordPress Plugin Stored Cross-Site Scripting Vulnerability in Gallery Factory Lite WordPress Plugin Stored Cross-Site Scripting Vulnerability in WordPrezi WordPress Plugin Stored Cross-Site Scripting Vulnerability in Cloak Front End Email WordPress Plugin Stored Cross-Site Scripting Vulnerability in uTubeVideo Gallery WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Multi Store Locator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Vimeo Video Autoplay Automute WordPress Plugin Stored Cross-Site Scripting Vulnerability in GamiPress WordPress Plugin Open Redirect Vulnerability in GitLab CE/EE Versions Before 15.8.5, 15.9.4, 15.10.1 Arbitrary File Disclosure Vulnerability in AIOS WordPress Plugin Unescaped Log File Content Execution Vulnerability in AIOS WordPress Plugin Krill Vulnerability: Remote Crash via Direct Directory Query Arbitrary File Read and Remote Code Execution in Extensive VC Addons for WPBakery Page Builder WordPress Plugin Linux Kernel BPF Subsystem Deadlock Vulnerability Stored Cross-Site Scripting Vulnerability in CPO Companion WordPress Plugin Arbitrary Command Execution Vulnerability in OrangeScrum v2.0.11 Stored Cross-Site Scripting Vulnerability in Cost Calculator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product Slider for WooCommerce Plugin Stored Cross-Site Scripting Vulnerability in GetResponse for WordPress Plugin Stored Cross-Site Scripting Vulnerability in Olevmedia Shortcodes WordPress Plugin Stored Cross-Site Scripting Vulnerability in Zoho Forms WordPress Plugin Stored Cross-Site Scripting Vulnerability in Html5 Audio Player WordPress Plugin Stored Cross-Site Scripting Vulnerability in jQuery T(-) Countdown Widget WordPress Plugin Stored Cross-Site Scripting Vulnerability in Juicer WordPress Plugin Stored Cross-Site Scripting Vulnerability in Drag & Drop Sales Funnel Builder for WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP VR WordPress Plugin Stored Cross-Site Scripting Vulnerability in Responsive Clients Logo Gallery Plugin for WordPress Stored Cross-Site Scripting Vulnerability in RafflePress WordPress Plugin Stored Cross-Site Scripting Vulnerability in Social Like Box and Page WordPress Plugin Stored Cross-Site Scripting Vulnerability in Annual Archive WordPress Plugin Netfilter Subsystem Buffer Overflow Vulnerability in Linux Kernel NVIDIA GPU Display Driver for Linux Kernel Mode Layer Handler Vulnerability Memory Permissions Vulnerability in NVIDIA GPU Display Driver for Windows and Linux Critical Vulnerability in NVIDIA GPU Display Driver for Windows: Out-of-Bounds Write Exploit Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Linux Critical Vulnerability in NVIDIA GPU Display Driver for Windows and Linux: Denial of Service, Privilege Escalation, Information Disclosure, and Data Tampering Unsigned to Signed Conversion Vulnerability in NVIDIA GPU Display Driver for Linux Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Windows Out-of-Bounds Read Vulnerability in NVIDIA GPU Display Driver for Windows and Linux Out-of-Bounds Read Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver for Linux Kernel Mode Layer Handler Vulnerability NVIDIA GPU Display Driver for Linux: Kernel Mode NULL Pointer Dereference Vulnerability Out-of-Bounds Access Vulnerability in NVIDIA GPU Display Driver for Windows and Linux Privilege Escalation and Information Disclosure Vulnerability in NVIDIA GPU Display Driver for Windows Vulnerability in NVIDIA CUDA Toolkit SDK's cuobjdump Allows Limited Denial of Service and Information Disclosure Denial of Service Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver for Windows Kernel Mode Layer Information Leak Vulnerability Null-pointer dereference vulnerability in NVIDIA CUDA Toolkit SDK's cuobjdump NVIDIA vGPU Software Vulnerability: Denial of Service via NULL-Pointer Dereference NVIDIA GPU Display Driver for Linux Kernel Mode Layer Memory Buffer Vulnerability Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Windows and Linux Vulnerability in NVIDIA DGX-2 OFBD Allows for Code Execution and Privilege Escalation Critical Vulnerability in NVIDIA DGX-2 SBIOS Allows Code Execution and Information Disclosure Vulnerability in NVIDIA DGX A100 SBIOS Allows Arbitrary Memory Modification and Privilege Escalation Insufficient Granularity of Access Control in NVIDIA ConnectX NIC Firmware: Denial of Service Vulnerability Vulnerability in NVIDIA ConnectX NIC Firmware Allows Denial of Service Attacks Insufficient Granularity of Access Control in NVIDIA ConnectX NIC Firmware: Denial of Service Vulnerability Vulnerability in NVIDIA DGX A100 SBIOS Allows Arbitrary Memory Modification and Privilege Escalation Vulnerability: NVIDIA DGX-2 SBIOS ServerSetup NVRAM Variable Modification Heap-based Buffer Overflow in NVIDIA DCGM HostEngine: Denial of Service and Data Tampering Vulnerability Vulnerability in NVIDIA DGX-1 SBIOS Uncore PEI Module: Arbitrary Code Execution and Privilege Escalation Critical Vulnerability: Linux Kernel's ksmbd NTLMv2 Authentication Crash Stored Cross-Site Scripting Vulnerability in Advanced Recent Posts WordPress Plugin Elevation of Privilege: DLL Hijacking in M-Files Installer Arbitrary Content Injection Vulnerability in Skyhigh SWG Use-after-free vulnerability in BIO_new_NDEF function Invalid Pointer Dereference Vulnerability in OpenSSL's PKCS7 Parsing Functions Invalid Pointer Dereference on Read in EVP_PKEY_public_check() Function Stored Cross-Site Scripting (XSS) Vulnerability in FluentSMTP WordPress Plugin SQL Injection Vulnerability in Pinpoint Booking System WordPress Plugin Local Privilege Escalation Vulnerability in ACC Prior to Version 8.3.4 Unauthorized Access to Release Descriptions in GitLab API SQL Injection Vulnerability in GiveWP WordPress Plugin (<=2.24.1) Incomplete Access Check on dnsHostName Attribute Allows Unauthorized Deletion in Samba Insufficient Session Expiration in pyload GitHub Repository Authentication Bypass Vulnerability in ABB Symphony Plus S+ Operations Privilege Escalation Vulnerability in OpenShift's apiserver-library-go Stored Cross-Site Scripting Vulnerability in VK All in One Expansion Unit WordPress Plugin Stored Cross-Site Scripting Vulnerability in ShopLentor WordPress Plugin Unserialization Vulnerability in ShopLentor WordPress Plugin Stored Cross-Site Scripting Vulnerability in ActiveCampaign WordPress Plugin Authenticated SQL Injection in SiteGround Security WordPress Plugin Reflected Cross-Site Scripting in Tutor LMS WordPress Plugin (<=2.0.10) Vulnerability in WARP Mobile Client (<=6.29) for Android Allows Malicious App to Manipulate Task Behavior Use-after-free Vulnerability in io_uring's io_prep_async_work Function Directory Traversal Vulnerability in pgAdmin 4: Unauthorized User Settings Modification and Database Alteration Privilege Escalation via Unchecked Write Permissions in Velociraptor Critical SQL Injection Vulnerability in TuziCMS 2.0.6 Critical SQL Injection Vulnerability in TuziCMS 2.0.6 (VDB-218152) Critical SQL Injection Vulnerability in SourceCodester Online Flight Booking Management System (VDB-218153) Cross-Site Scripting (XSS) Vulnerability in earclink ESPCMS P8.21120101 Content Handler Uncontrolled Search Path Element Vulnerability in bits-and-blooms/bloom prior to 3.3.1 Physical Access Vulnerability: Memory Recovery in Kantech Gen1 ioSmart Card Reader (Firmware < 1.07.02) Out-of-Bounds Write Vulnerability in Delta Electronics DIAScreen Versions 1.2.1.23 and Prior Stack-Based Buffer Overflow in Delta Electronics DIAScreen Versions 1.2.1.23 and Prior Buffer Overflow Vulnerability in Delta Electronics DIAScreen Versions 1.2.1.23 and Prior Stored Cross-Site Scripting Vulnerability in Contextual Related Posts WordPress Plugin Stored Cross-Site Scripting Vulnerability in Real Media Library WordPress Plugin SQL Injection Vulnerability in Simple Membership WP User Import Plugin Arbitrary File Upload Vulnerability in Enable Media Replace WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System 2.0 Unrestricted Upload Vulnerability in SourceCodester Online Food Ordering System 2.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Food Ordering System 2.0 SQL Injection Vulnerability in WP Google Review Slider WordPress Plugin SQL Injection Vulnerability in WP Review Slider WordPress Plugin SQL Injection Vulnerability in WP TripAdvisor Review Slider WordPress Plugin SQL Injection Vulnerability in WP Airbnb Review Slider WordPress Plugin SQL Injection Vulnerability in WP Yelp Review Slider WordPress Plugin OpenID Connect User Authentication Vulnerability in Keycloak: Impersonation and Session Token Generation Authenticated Remote Command Execution in Uvdesk Version 1.1.1 via Profile Picture Upload Use-after-free vulnerability in ALSA PCM package in Linux Kernel allows privilege escalation Stored Cross-Site Scripting Vulnerability in Ultimate Carousel for WPBakery Page Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in Mega Addons For WPBakery Page Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in YaMaps for WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Font Awesome WordPress Plugin Stored Cross-Site Scripting Vulnerability in NEX-Forms WordPress Plugin Stored Cross-Site Scripting Vulnerability in Custom Content Shortcode WordPress Plugin Stored Cross-Site Scripting Vulnerability in URL Params WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Accept Payments for PayPal WordPress Plugin Stored Cross-Site Scripting Vulnerability in Weaver Xtreme Theme Support WordPress Plugin SQL Injection Vulnerability in WC Fields Factory WordPress Plugin SQL Injection Vulnerability in GeoDirectory WordPress Plugin SQL Injection Vulnerability in Media Library Assistant WordPress Plugin Stored Cross-Site Scripting Vulnerability in Ultimate Carousel For Elementor WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Flight Booking Management System (VDB-218276) Cross-Site Scripting Vulnerability in YourChannel WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Flight Booking Management System LDAP User ID Manipulation Vulnerability in Tribe29 Checkmk Stored Cross-Site Scripting Vulnerability in Real Media Library WordPress Plugin Type Confusion Vulnerability in X.400 Address Processing in X.509 GeneralName Cross-Site Scripting (XSS) Vulnerability in ityouknow favorites-web's Comment Handler Heap-based Buffer Overflow in Vim Prior to 9.0.1189 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository craigk5n/webcalendar Directory Traversal Vulnerability in Rapid7 Velociraptor Authorization Bypass Vulnerability in Quiz And Survey Master for WordPress Allows Arbitrary Media File Deletion Cross-Site Request Forgery Vulnerability in Quiz And Survey Master WordPress Plugin (Versions up to 8.0.8) Authorization Bypass Vulnerability in Mediamatic – Media Library Folders WordPress Plugin Cross-Site Request Forgery Vulnerability in Mediamatic – Media Library Folders WordPress Plugin (Versions up to 2.8.1) Stored Cross-Site Scripting Vulnerability in Launchpad WordPress Plugin Vulnerability in etcd grpc-proxy Health Checks Port (CVE-2023-0296) Code Injection Vulnerability in pyload/pyload prior to 0.5.0b3.dev31 GitHub Repository Firefly-III/Firefly-III Prior to 5.8.0 Incorrect Authorization Vulnerability Unvalidated Input Vulnerability in GitHub Repository Publify/Publify (prior to 9.2.10) Reflected Cross-site Scripting (XSS) Vulnerability in alf.io prior to 2.0-M4-2301 Stored Cross-site Scripting (XSS) Vulnerability in alfio-event/alf.io prior to Alf.io 2.0-M4-2301 Special Element Injection Vulnerability in GitHub Repository radareorg/radare2 prior to 5.8.2 Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System (VDB-218384) Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Insecure Password Requirements in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Authentication Bypass in GitHub repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Command Injection Vulnerability in froxlor/froxlor prior to 2.0.8 GitHub Repository Path Traversal Vulnerability in froxlor/froxlor prior to 2.0.0 Unprotected Alternate Channel Vulnerability in GateManager Debug Console: Exposing Sensitive Information Unauthorized Access to Restricted Environment Names in GitLab Stored Cross-Site Scripting Vulnerability in Izmir Katip Celebi University UBYS Vulnerability: Unauthorized Access to Configuration Files in Campbell Scientific Dataloggers Reflected XSS Vulnerability in Talent Software UNIS (CVE-2021-XXXX) Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.14 SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-218426) Unauthenticated Remote Stored XSS Vulnerability in Uvdesk Version 1.1.1 Authorization Header Leakage in GitLab DAST API Scanner Cross-Site Scripting (XSS) Vulnerability in saemorris TheRadSystem's users.php (VDB-218454) Inadequate Privilege Checks in WPCode WordPress Plugin Allow Unauthorized Access to Authentication Endpoints SQL Injection Vulnerability in Elementor Website Builder WordPress Plugin LSI53C895A Device Vulnerability in QEMU: DMA-MMIO Reentrancy Exploit Leading to Memory Corruption Arbitrary File Download Vulnerability in Correos Oficial WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System 2.0 (VDB-218472) Stored Cross-Site Scripting Vulnerability in TemplatesNext ToolKit WordPress Plugin Reflected Cross-Site Scripting in ShortPixel Adaptive Images WordPress Plugin CSRF and Broken Access Control Vulnerabilities in WP Shamsi WordPress Plugin Allow Unauthorized Attachment Deletion CSRF and Broken Access Control Vulnerabilities in OoohBoi Steroids for Elementor WordPress Plugin Reflected Cross-site Scripting (XSS) Vulnerability in lirantal/daloradius GitHub Repository Reflected Cross-site Scripting (XSS) Vulnerability in lirantal/daloradius GitHub Repository Authentication Bypass Vulnerability in ForgeRock Access Management Web Policy Agent Arbitrary File Inclusion and Remote Code Execution Vulnerability in Custom Content Shortcode WordPress Plugin Stack Buffer Overflow in ec_glob function of editorconfig-core-c before v0.12.6 Insecure Storage of PEM Key File Passwords in MongoDB Ops Manager Diagnostics Archive Static IV and Key in Akuvox E11 Encryption Function: Potential Message Decryption Vulnerability Insecure Option in Custom Dropbear SSH Server of Akuvox E11 Default SSH Server with Unchangeable Root Password Unencrypted HTTP Connection in Akuvox E11 Cloud Login Allows Unauthorized Access Akuvox E11 Device Identification Vulnerability Unrestricted Direct SIP Calling Vulnerability in Akuvox E11 Unauthenticated Access to Camera Capture in Akuvox E11 libvoice Library File Extension Bypass Vulnerability in Akuvox E11 Command Injection Vulnerability in Akuvox E11 Web Server Backend Library Akuvox E11 Password Recovery Webpage Vulnerability Weak Encryption and Hard-Coded Password Vulnerability in Akuvox E11 Unauthenticated Access to Akuvox E11 Web Server Allows Unauthorized Information Retrieval and Packet Capture Hard-coded Cryptographic Key Vulnerability in Akuvox E11 Weak Encryption of Credentials in SOCOMEC MODULYS GP Netvision Versions 7.20 and Earlier Unauthenticated Remote XSS Exploit in Helpy Version 2.8.0 Use After Free vulnerability in gpac/gpac prior to 2.3.0-DEV Null Pointer Dereference Vulnerability in handle_ra_input Stored Cross-Site Scripting Vulnerability in Location Weather WordPress Plugin Timing Side-Channel Vulnerability in GnuTLS Allows Key Recovery in RSA ClientKeyExchange Messages Stored Cross-Site Scripting Vulnerability in Themify Portfolio Post WordPress Plugin Stored Cross-Site Scripting Vulnerability in Scheduled Announcements Widget WordPress Plugin Stored Cross-Site Scripting Vulnerability in real.Kit WordPress Plugin Stored Cross-Site Scripting Vulnerability in React Webcam WordPress Plugin Stored Cross-Site Scripting Vulnerability in Loan Comparison WordPress Plugin Stored Cross-Site Scripting Vulnerability in Pricing Tables For WPBakery Page Builder Plugin Stored Cross-Site Scripting Vulnerability in Responsive Tabs For WPBakery Page Builder Plugin Stored Cross-Site Scripting Vulnerability in GoToWP WordPress Plugin Stored Cross-Site Scripting Vulnerability in WPB Advanced FAQ WordPress Plugin Stored Cross-Site Scripting Vulnerability in EmbedSocial WordPress Plugin Stored Cross-Site Scripting Vulnerability in EmbedStories WordPress Plugin Stored Cross-Site Scripting Vulnerability in Lightweight Accordion WordPress Plugin Stored Cross-Site Scripting Vulnerability in W4 Post List WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Affiliate Links WordPress Plugin Stored Cross-Site Scripting Vulnerability in Qubely WordPress Plugin Stored Cross-Site Scripting Vulnerability in Scriptless Social Sharing WordPress Plugin Stored Cross-Site Scripting Vulnerability in Greenshift WordPress Plugin Stored Cross-Site Scripting Vulnerability in Spotlight Social Feeds WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Digital Downloads WordPress Plugin SQL Injection Vulnerability in GigPress WordPress Plugin Denial of Service Vulnerability in M-Files Server before 23.4.12528.1 Uncontrolled Memory Consumption Vulnerability in M-Files Server (before 23.4.12528.1) Uncontrolled Memory Consumption in M-Files Server: A Potential Denial of Service Vulnerability Cross-Site Request Forgery Vulnerability in Custom 404 Pro Plugin for WordPress Privilege Escalation Vulnerability in Linux Kernel's OverlayFS Subsystem SQL Injection Vulnerability in Random Text WordPress Plugin Stored Cross-Site Scripting Vulnerability in Calculated Fields Form WordPress Plugin Static SSL Certificate Vulnerability in MGT-COMMERCE CloudPanel Unquoted Path Vulnerability in LDAP Agent Update Service NULL Pointer Dereference Vulnerability in rawv6_push_pending_frames in Linux Kernel Stored Cross-Site Scripting Vulnerability in Menu Shortcode WordPress Plugin Bluetooth Controller Vulnerability: Buffer Overreads in HCI Command Response Processing Bluetooth Controller Denial of Service Vulnerability in le_read_buffer_size_complete CSRF Vulnerability in modoboa/modoboa prior to 2.0.4 Stored Cross-Site Scripting Vulnerability in Image Over Image For WPBakery Page Builder WordPress Plugin Local User Bypasses DLP Controls in Windows 11.9.x Vulnerability: NULL Pointer Dereference in PKCS7 Signature Verification Authorization Bypass Vulnerability in Social Warfare WordPress Plugin Cross-Site Request Forgery Vulnerability in Social Warfare WordPress Plugin (Versions up to 4.4.0) Authorization Bypass Vulnerability in Events Made Easy WordPress Plugin Arbitrary Post Modification Vulnerability in GPT AI Power WordPress Plugin CSRF Vulnerability in modoboa/modoboa prior to 2.0.4 Cross-site Scripting (XSS) Vulnerability in GitHub Repository Builderio/qwik prior to 0.1.0-beta5 Denial of Service Vulnerability in Wireshark Dissectors TIPC Dissector Denial of Service Vulnerability Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10: Dissection Engine Bug EAP Dissector Crash Vulnerability in Wireshark 4.0.0 to 4.0.2 iSCSI Dissector Denial of Service Vulnerability GNW Dissector Denial of Service Vulnerability NFS Dissector Memory Leak Vulnerability in Wireshark Stored Cross-Site Scripting Vulnerability in Video Central for WordPress Plugin Stored Cross-Site Scripting Vulnerability in Font Awesome WordPress Plugin Stored Cross-Site Scripting via CSRF in Custom Post Type and Taxonomy GUI Manager WordPress Plugin Unsanitized Query Parameter in Cloud Manager WordPress Plugin Allows for XSS Attack Stored XSS Vulnerability in Article Directory WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WordPress Amazon S3 Plugin Stored Cross-Site Scripting Vulnerability in MS-Reviews WordPress Plugin Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F and AC 900F Stack-based Buffer Overflow Vulnerability in ABB Freelance Controllers AC 700F and AC 900F Reflected Cross-Site Scripting Vulnerability in Watu Quiz WordPress Plugin Stored Cross-Site Scripting Vulnerability in Watu Quiz WordPress Plugin Vulnerability: Failure to Check OCSP Revocation Status for S/Mime Signatures in Thunderbird Stored Cross-Site Scripting Vulnerability in File Away WordPress Plugin Authenticated Command Injection Vulnerability in Web Configuration Service Heap-based Buffer Overflow in Vim prior to 9.0.1225 Improper Input Validation in pyload/pyload: Prior to 0.5.0b3.dev40 Excessive Attack Surface in pyload/pyload: Prior to 0.5.0b3.dev41 Information Disclosure in MongoDB Atlas Kubernetes Operator Infinite Loop Vulnerability in MongoDB C Driver CSRF Vulnerability in modoboa/modoboa prior to 2.0.4 Stored Cross-Site Scripting Vulnerability in NEX-Forms WordPress Plugin Unpatched Vulnerability in GitHub Repository healthchecks/healthchecks (prior to v2.6) Arbitrary Option Update Vulnerability in Gallery Blocks with Lightbox WordPress Plugin Unvalidated Query Parameters in Loan Comparison WordPress Plugin Could Lead to JavaScript Injection Disclosure of Freemius Secret Key in AnyWhere Elementor WordPress Plugin Privilege Escalation Vulnerability in Delta Electronics InfraSuite Device Master 00.00.02a Stored Cross-Site Scripting Vulnerability in My YouTube Channel WordPress Plugin Authorization Bypass Vulnerability in My YouTube Channel WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP Helper Lite WordPress Plugin GitLab Vulnerability: Ambiguous Branch Name Social Engineering Lack of Password Requirement in Econolite EOS Versions Prior to 3.2.23 Allows Unauthorized Access to Sensitive Information Weak Hash Algorithm Used for Encrypting Privileged User Credentials in Econolite EOS Versions Prior to 3.2.23 Insecure Access Control in WP Private Message WordPress Plugin Arbitrary File Deletion Vulnerability in OrangeScrum v2.0.11 Unrestricted File Upload Vulnerability in GitHub Repository unilogies/bumsys prior to v1.0.3-beta APICast OIDC Module Mismatched Token Vulnerability Plaintext Password Storage Vulnerability in Mitsubishi Electric Corporation MELSEC Series Speculative Pointer Dereference Vulnerability in Linux Kernel's do_prlimit() Function Vulnerability: Bypassing access_ok Check in copy_from_user() on 64-bit Linux Kernel YouTube Embedded SDK Remote Code Execution Vulnerability Linux Kernel Use-After-Free Vulnerability Allows Local Privilege Escalation Arbitrary Code Execution Vulnerability in Foreman via YAML Payload Offline Mode Bypass Vulnerability in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 OpenSSL X.509 Certificate Chain Policy Constraints Denial-of-Service Vulnerability Vulnerability: Bypassing Certificate Policy Checks Vulnerability: Inconsistent Behavior of X509_VERIFY_PARAM_add0_policy() Function Local File Inclusion Vulnerability in WP Dark Mode WordPress Plugin Race Condition in io_uring/poll.c Leads to Use-After-Free Vulnerability in Linux Kernel Use-After-Free Vulnerability in Linux Kernel's io_uring Subcomponent Leads to Denial of Service Stored Cross-site Scripting (XSS) Vulnerability in modoboa/modoboa prior to 2.0.4 WebTransport Use After Free Vulnerability in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome Type Confusion Vulnerability in Google Chrome's ServiceWorker API Use After Free Vulnerability in GuestView in Google Chrome Vulnerability: Decompression Bomb Attack in HashiCorp Go-Getter LDAP Injection Vulnerability in Tenable.sc Allows Blind Injection Arbitrary File Upload Vulnerability in Auto Featured Image WordPress Plugin Reflected XSS Vulnerability in Print Invoice & Delivery Notes for WooCommerce WordPress Plugin CSRF Vulnerability in VitalPBX Version 3.2.3-8 Allows Unauthorized Access to Administrator Account Insecure File Permissions in RestEasy Reactive Implementation of Quarkus Insecure File Permissions in RESTEasy's Temp File Creation GitLab Vulnerability: Unauthorized Extraction of Datadog Integration API Key CSRF Vulnerability in Contact Form 7 Widget Plugin Allows Arbitrary Plugin Activation Privilege Escalation Vulnerability in GitLab Unauthenticated XSS Vulnerability in VitalPBX Version 3.2.3-8 Allows Administrator Account Takeover SQL Injection Vulnerability in My Sticky Elements WordPress Plugin Stored Cross-site Scripting (XSS) vulnerability in pyload/pyload prior to 0.5.0b3.dev42 Stored Cross-Site Scripting Vulnerability in SlideOnline WordPress Plugin Stored Cross-Site Scripting Vulnerability in f(x) TOC WordPress Plugin Stored Cross-Site Scripting Vulnerability in Schedulicity WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Products Slider for WooCommerce WordPress Plugin Improper Neutralization of Special Elements in GitHub Repository btcpayserver/btcpayserver prior to 1.7.5 Dangling Pointer Vulnerability in X.Org Allows for Local Privilege Elevation and Remote Code Execution CSRF Vulnerability in HT Slider For Elementor WordPress Plugin CSRF Vulnerability in HT Event WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in HT Portfolio WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in WP Education WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in QuickSwish WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in WP Film Studio WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in WP Insurance WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in WP News WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in Free WooCommerce Theme 99fy Extension WordPress Plugin CSRF Vulnerability in HT Politic WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in Ever Compare WordPress Plugin Allows Arbitrary Plugin Activation Privilege Escalation Vulnerability in ByDemes Group Airspace CCTV Web Service (2.616.BY00.11) Allows Unauthorized Administrator Access Stored XSS Vulnerability in Grafana GeoMap Plugin Open Redirection Vulnerability in GitLab CE/EE via NPM Package API Improper Certificate Validation in pyload/pyload: Version 0.5.0b3.dev44 and earlier Authentication Bypass Vulnerability in ForgeRock Access Management Java Policy Agent Critical Divide By Zero Vulnerability in vim/vim Repository (prior to 9.0.1247) Cross-Site Scripting (XSS) Vulnerability in isoftforce Dreamer CMS up to 4.0.1 (VDB-219334) Reflected Cross-Site Scripting Vulnerability in Membership Database WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 GitLab CE/EE DoS Vulnerability via Malicious Helm Chart Upload Stored Cross-site Scripting (XSS) Vulnerability in modoboa/modoboa prior to 2.0.4 Stored Cross-Site Scripting Vulnerability in RapidExpCart WordPress Plugin CSRF Vulnerability in Enable/Disable Auto Login when Register WordPress Plugin XSS Vulnerability via Malicious Email Address in GitLab Privilege Escalation through Environment Variable Modification in Tenable Plugin Weak Encoding for Password Vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27, GT25, GT23, GT21, GOT SIMPLE Series GS25, GS21, GT Designer3 Version1 (GOT2000), and GT SoftGOT2000 Versions 1.295H and Prior Stored Cross-Site Scripting Vulnerability in Post Shortcode WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Online Security Guards Hiring System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219597) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219603) Stored Cross-Site Scripting Vulnerability in Donation Block For PayPal WordPress Plugin Stored Cross-Site Scripting Vulnerability in Wp-D3 WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product Slider For WooCommerce Lite WordPress Plugin Stored Cross-Site Scripting Vulnerability in Campaign URL Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Insever Portfolio WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Filterable Portfolio WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Books Showcase WordPress Plugin Stored Cross-Site Scripting Vulnerability in Custom Post Type List Shortcode WordPress Plugin Stored Cross-Site Scripting Vulnerability in Arigato Autoresponder and Newsletter WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Login Box WordPress Plugin Stored Cross-Site Scripting Vulnerability in Hostel WordPress Plugin Arbitrary JavaScript Injection in Contact Form Plugin WordPress Plugin Unverified Revoked Certificate Acceptance in Thunderbird S/Mime Encryption Stored Cross-Site Scripting Vulnerability in Namaste! LMS WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in YAFNET up to 3.1.10 Insecure Direct Object Reference vulnerability in Quick Restaurant Menu plugin for WordPress Unauthenticated User Can Delete Arbitrary Attachments in REST API TO MiniProgram WordPress Plugin Open Redirect Vulnerability in Registration Forms WordPress Plugin Stored Cross-Site Scripting Vulnerability in Quick Restaurant Menu WordPress Plugin (Versions up to 2.0.2) Cross-Site Request Forgery Vulnerability in Quick Restaurant Menu WordPress Plugin Authorization Bypass Vulnerability in Quick Restaurant Menu Plugin for WordPress Authorization Bypass Vulnerability in ContentStudio WordPress Plugin Sensitive Information Exposure in ContentStudio WordPress Plugin (up to v1.2.5) Authorization Bypass Vulnerability in ContentStudio WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Portfolio for Envato WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219701) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219702) Critical SQL Injection Vulnerability in PHPGurukul Bank Locker Management System 1.0 (VDB-219716) Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Bank Locker Management System 1.0 Insecure Password Requirements in froxlor/froxlor Repository Business Logic Errors in Froxlor Repository: Exploiting Vulnerabilities in Versions Prior to 2.0.10 Cross-site Scripting Vulnerability in froxlor/froxlor prior to 2.0.10 Invalid Blowfish Hash Acceptance Vulnerability in PHP 8.0.X, 8.1.X, and 8.2.X Buffer Overflow Vulnerability in PHP Path Resolution Function Insecure Password Requirements in GitHub Repository Publify/Publify Prior to 9.2.10 Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219729) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Canteen Management System 1.0 Unchecked Error Condition in Froxlor GitHub Repository Yugabyte Managed Server-Side Request Forgery (SSRF) and Authentication Abuse Vulnerability Code Injection and Privilege Abuse in Yugabyte DB Cross-Site Scripting (XSS) Vulnerability in ASOS Information Technologies SOBIAD Cross-Site Scripting (XSS) Vulnerability in ASOS Information Technologies Book Cites SQL Injection Vulnerability in YARPP WordPress Plugin Insecure Storage of Sensitive Information in ABB My Control System (on-premise) Vulnerability: Bypassing Login Restrictions in PrivateContent WordPress Plugin CVE-2023-0582 VK Blocks Plugin for WordPress: Improper Authorization Vulnerability VK Blocks Plugin for WordPress Improper Authorization Vulnerability Stored Cross-Site Scripting Vulnerability in All in One SEO Pack Plugin for WordPress Stored Cross-Site Scripting Vulnerability in All in One SEO Pack Plugin for WordPress Arbitrary File Upload Vulnerability in Trend Micro Apex One Server Build 11110 Reflected Cross-Site Scripting in Catalyst Connect Zoho CRM Client Portal WordPress Plugin Cross-Site Scripting Vulnerability in WP Image Carousel WordPress Plugin Race condition in qdisc_graft() in Linux Kernel leads to use-after-free vulnerability and denial of service Path Traversal Vulnerability in ubi-reader 0.8.5 Path Traversal Vulnerability in Jefferson's JFFS2 Filesystem Extractor Path Traversal Vulnerability in yaffshiv YAFFS Filesystem Extractor Stored XSS Vulnerability in Grafana Trace View Visualization Improper Output Neutralization for Logs in Geo SCADA Server Memory Leak Vulnerability in Linux Kernel's CPU Entry Area Mapping Code Injection Vulnerability in GE Digital Proficy iFIX Stored Cross Site Scripting Vulnerability in Rapid7 Metasploit Pro Versions 4.21.2 and Lower SQL Injection Vulnerability in WP Visitor Statistics Plugin Reflected XSS Vulnerability in Twittee Text Tweet WordPress Plugin CSRF Vulnerability in Sloth Logo Customizer WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Food Manager WordPress Plugin Stored Cross-Site Scripting Vulnerability in Auto Rename Media On Upload WordPress Plugin Reflected Cross-site Scripting (XSS) Vulnerability in Ampache Repository Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository ProjectSend/ProjectSend prior to r1606 Cross-site Scripting (XSS) Vulnerability in microweber/microweber prior to 1.3.2 GitHub Repository Wallabag/Wallabag Prior to 2.5.3 - Improper Authorization Vulnerability GitHub Repository Wallabag/Wallabag Prior to 2.5.3 - Improper Authorization Vulnerability Critical Command Injection Vulnerability in TRENDnet TEW-652BRP 3.04B01 Critical Buffer Overflow Vulnerability in TRENDnet TEW-811DRU 1.0.10.0 (VDB-219936) Critical Remote Memory Corruption Vulnerability in TRENDnet TEW-811DRU 1.0.10.0 Insufficient Fix for Confidential Attribute Disclosure via LDAP Filters in Samba AD DC Vulnerability in Linux Kernel V4L2 and Vivid Test Code: Memory Leak, Divide by Zero, and Integer Overflow Denial of Service (DoS) Vulnerability in Thunderbird < 102.8 Critical Buffer Overflow Vulnerability in TRENDNet TEW-811DRU 1.0.10.0 Critical Remote Code Execution Vulnerability in TRENDnet TEW-652BRP 3.04B01 (VDB-219958) Authorization Bypass Vulnerability in Kraken.io Image Optimizer Plugin for WordPress SQL Injection Vulnerability in HashiCorp Vault and Vault Enterprise Out-of-Bounds Read Vulnerability in Cscape Envision RV Version 4.60 Out-of-Bounds Write Vulnerability in Cscape Envision RV Version 4.60 Out-of-Bounds Write Vulnerability in Cscape Envision RV Version 4.60 Arbitrary User Account Retrieval Vulnerability in OrangeScrum 2.0.11 Remote Code Execution (RCE) in Docker Desktop before 4.12.0 via Crafted Extension Description or Changelog Remote Code Execution (RCE) via Query Parameters in Docker Desktop's Message-Box Route Docker Desktop 4.11.x IPC Response Spoofing Vulnerability Arbitrary Command Execution in Docker Desktop via Crafted docker-desktop:// URL Docker Desktop Enhanced Container Isolation Bypass SQL Injection Vulnerability in Slimstat Analytics WordPress Plugin SQL Injection Vulnerability in Paid Memberships Pro WordPress Plugin Regular Expression Denial of Service Vulnerability in GitLab's Harbor Registry Search Argument Injection Vulnerability in Docker Desktop Installer Privilege Escalation Vulnerability in ABB Ltd. ASPECT®-Enterprise, NEXUS Series, and MATRIX Series Command Injection Vulnerability in ABB Ltd. ASPECT®-Enterprise, NEXUS Series, and MATRIX Series Critical Remote Memory Corruption Vulnerability in TRENDnet TEW-811DRU 1.0.10.0 Critical Command Injection Vulnerability in TRENDnet TEW-811DRU 1.0.10.0 Web Interface (VDB-220018) Cross-Site Scripting (XSS) Vulnerability in TRENDnet TEW-652BRP 3.04b01 Critical Command Injection Vulnerability in TRENDnet TEW-652BRP 3.04b01 Web Interface (VDB-220020) Weak Password Requirements in PHPGurukul Employee Leaves Management System 1.0 (Vulnerability VDB-220021) CSRF Vulnerability in GitHub Repository squidex/squidex prior to 7.4.0 GitHub Repository Squidex/Squidex Prior to 7.4.0 - Improper Handling of Additional Special Element Vulnerability Reflected Cross-Site Scripting Vulnerability in PushAssist WordPress Plugin Out of Bounds Read Vulnerability in libjxl's Exif Handler Critical Command Injection Vulnerability in dst-admin 1.5.0 (VDB-220033) Critical Command Injection Vulnerability in dst-admin 1.5.0 (VDB-220034) Critical Command Injection Vulnerability in dst-admin 1.5.0 (VDB-220035) Critical Command Injection Vulnerability in dst-admin 1.5.0 (VDB-220036) YAFNET up to 3.1.11 Cross Site Scripting Vulnerability Unrestricted Upload Vulnerability in FastCMS 0.1.0 Privilege Escalation via Hardlink Vulnerability in Cloudflare WARP Client for Windows WARP Mobile Client for Android Tapjacking Vulnerability Sensitive Information Disclosure Vulnerability in SonicWall Email Security SonicOS Stack-based Buffer Overflow Vulnerability: Remote DoS Exploit Critical Information Disclosure Vulnerability in Multilaser RE057 and RE170 2.1/2.2 Backup File Handler Critical Information Disclosure Vulnerability in BDCOM 1704-WGL 2.0.6314 Stored Cross-Site Scripting Vulnerability in Smart Slider 3 WordPress Plugin Improper Access Control in Devolutions Server: Unauthorized Access to Sensitive Data Excessive HTTP Form Upload Vulnerability in PHP 8.x Critical SQL Injection Vulnerability in Calendar Event Management System 2.3.0 (VDB-220175) Privilege Escalation Vulnerability in QEMU Guest Agent for Windows Authorization Bypass in HashiCorp Vault's PKI Mount Issuer Endpoints Heap-based Buffer Overflow in Wireshark Version 4.0.5 and Prior Heap-based Buffer Overflow in Wireshark 4.0.5 and Prior: Code Execution Vulnerability Heap-based Buffer Overflow in Wireshark Version 4.0.5 and Prior Pre-Authentication Command Injection Vulnerability in Fortra GoAnywhere MFT License Response Servlet Remote Code Execution through Image Upload in Ulearn Version a5a7ca20de859051ea0470542844980a66dfc05d Code Injection Vulnerability in froxlor/froxlor prior to 2.0.10 Critical SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0 Cross-Site Request Forgery (CSRF) Vulnerability in XXL-JOB 2.3.1 Critical SQL Injection Vulnerability in Calendar Event Management System 2.3.0 (CVE-2021-220197) Reflected Cross-Site Scripting (XSS) Vulnerability in phpipam/phpipam prior to 1.5.1 Reflected Cross-site Scripting (XSS) Vulnerability in phpipam/phpipam prior to v1.5.1 Unauthenticated Access to phpipam/phpipam Repository Prior to v1.5.1 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (CVE-2020-220220) Open Redirect Vulnerability in Rapid7 InsightVM Versions 6.6.178 and Lower Privilege Escalation Vulnerability in XCC API Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Critical SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0 Critical Buffer Overflow Vulnerability in GNU C Library 2.38 (VDB-220246) Information Disclosure Vulnerability in Metform Elementor Contact Form Builder for WordPress Information Disclosure Vulnerability in Metform Elementor Contact Form Builder for WordPress Plaintext Storage of Credentials in HashiCorp Boundary PKI Worker Disk Information Disclosure Vulnerability in Metform Elementor Contact Form Builder for WordPress Metform Elementor Contact Form Builder for WordPress Information Disclosure Vulnerability Metform Elementor Contact Form Builder for WordPress Information Disclosure Vulnerability Metform Elementor Contact Form Builder for WordPress Information Disclosure Vulnerability Metform Elementor Contact Form Builder for WordPress Cross-Site Scripting Vulnerability Type Confusion Vulnerability in V8 Allows Remote Code Execution in Google Chrome Spoofing Vulnerability in Full Screen Mode on Google Chrome for Android Out of Bounds Read Vulnerability in WebRTC in Google Chrome GPU Use After Free Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Heap Buffer Overflow in Google Chrome WebUI Type Confusion Vulnerability in Google Chrome Data Transfer Type Confusion Vulnerability in Google Chrome DevTools Bypassing Same Origin Policy and Proxy Settings in Google Chrome DevTools Heap Corruption Vulnerability in Google Chrome Critical SQL Injection Vulnerability in SourceCodester Medical Certificate Generator App 1.0 (VDB-220340) SQL Injection Vulnerability in SourceCodester Medical Certificate Generator App 1.0 (Function.php - delete_record) [VDB-220346] Metform Elementor Contact Form Builder for WordPress Cross-Site Scripting Vulnerability Metform Elementor Contact Form Builder for WordPress Cross-Site Scripting Vulnerability Metform Elementor Contact Form Builder for WordPress Cross-Site Scripting Vulnerability Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin CSV Injection Vulnerability in Metform Elementor Contact Form Builder Plugin for WordPress Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Stored Cross-Site Scripting Vulnerability in Interactive Geo Maps Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Eyewear Shop 1.0 Stored Cross-Site Scripting Vulnerability in Newsletter Popup WordPress Plugin GitHub Repository Wallabag/Wallabag Prior to 2.5.4 - Improper Authorization Vulnerability CSRF Vulnerability in wallabag/wallabag prior to 2.5.4 Stored Cross-site Scripting (XSS) Vulnerability in wallabag/wallabag prior to 2.5.4 Arbitrary User Account Retrieval Vulnerability in OrangeScrum 2.0.11 Race Condition Vulnerability in GitHub repository answerdev/answer prior to 1.0.4 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to version 1.0.4 DOM-based Cross-site Scripting (XSS) vulnerability in GitHub repository answerdev/answer prior to version 1.0.4 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to version 1.0.4 Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to 1.0.4 GitHub Repository answerdev/answer Prior to 1.0.4: Improper Access Control Vulnerability Path Traversal Vulnerability in Yugabyte Anywhere's High Availability Functionality Unauthenticated Reflected Cross-Site Scripting in GigaVUE-FM Help Page Stored Cross-site Scripting (XSS) Vulnerability in btcpayserver/btcpayserver prior to 1.7.6 Open Redirect Vulnerability in btcpayserver/btcpayserver prior to 1.7.6 Arbitrary Post Retrieval Vulnerability in Ocean Extra WordPress Plugin Authentication Bypass Vulnerability in Yellobrik PEC-1864 GELI Vulnerability: Silent Use of NULL Key File and Trivial Recovery of Master Key Integer Overflow Vulnerability Array Index Out of Bounds Vulnerability Arbitrary Code Execution via Specially Crafted Repository Names in GitLab Arbitrary Code Upload and Unauthorized Access Vulnerability in PHOENIX CONTACT MULTIPROG and ProConOS eCLR (SDK) Critical SQL Injection Vulnerability in glorylion JFinalOA 1.0.2 (VDB-220469) Privilege Chaining Vulnerability in GitHub Repository Cockpit-HQ/Cockpit Prior to 2.3.8 Heap-based Buffer Overflow in gpac/gpac prior to V2.1.0-DEV CSRF Vulnerability in Clock In Portal- Staff & Attendance Management WordPress Plugin CSRF Vulnerability in Clock In Portal- Staff & Attendance Management WordPress Plugin CSRF Vulnerability in Clock In Portal- Staff & Attendance Management WordPress Plugin Stored Cross-Site Scripting Vulnerability in The Gallery by BestWebSoft WordPress Plugin Blind SQL Injection Vulnerability in The Gallery by BestWebSoft WordPress Plugin CSRF Vulnerability in Newsletter Popup WordPress Plugin Arbitrary Memory Write Vulnerability in PKCS 12 Cert Bundle Handling SQL Injection Vulnerability in Avirato Hotels Online Booking Engine WordPress Plugin Reflected Cross-Site Scripting in hiWeb Migration Simple WordPress Plugin Stack-based Buffer Overflow in gpac/gpac prior to 2.2 Critical SQL Injection Vulnerability in Ampache GitHub Repository (prior to 5.5.7,develop) Arbitrary Post Retrieval Vulnerability in Popup Builder by OptinMonster WordPress Plugin Uniview IP Camera: Remote Control Vulnerability Critical SQL Injection Vulnerability in SourceCodester Medical Certificate Generator App 1.0 (VDB-220558) Bluetooth LE Stack Denial-of-Service Vulnerability Remote Shell Code Exploitation via HTTP Command Injections in Baicells LTE TDD eNodeB Devices Critical Authentication Bypass Vulnerability in modoboa/modoboa < 2.0.4 Podman Vulnerability: Time-of-check Time-of-use (TOCTOU) Flaw Allows Arbitrary File Access Invalid Pointer Exploitation: Crashing and Beyond UI Layer or Frame Restriction Vulnerability in GitHub Repository Cockpit-HQ/Cockpit (prior to version 2.3.9-dev) Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (CVE-2021-220624) Critical Out-of-Bounds Write Vulnerability in Tenda AC23 16.03.07.45 Critical Unrestricted Upload Vulnerability in EcShop 4.1.5 (VDB-220641) Critical SQL Injection Vulnerability in SourceCodester Best Online News Portal 1.0 Sensitive Information Exposure in SourceCodester Best Online News Portal 1.0 via check_availability.php Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Code Injection Vulnerability in phpMyFAQ Prior to Version 3.1.11 Command Injection Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Uncaught Exception Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Code Injection Vulnerability in phpMyFAQ Prior to Version 3.1.11 Insecure Password Requirements in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0 Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0 Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0 Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0's tiffcrop Persistent Access to Public Projects in GitLab EE Hard-coded Password Vulnerability in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471 Memory Allocation Vulnerability in Mosquitto 2.0.16 and Earlier Stored Cross-site Scripting (XSS) Vulnerability in btcpayserver/btcpayserver prior to 1.7.11 Improper Access Controls on UM Password Storage in Omron CJ1M Unit v4.0 and Prior Unauthenticated Data Disclosure in Active Directory Integration WordPress Plugin Authentication Bypass Vulnerability in OpenShift Console's Network Observability Plugin Sensitive Information Disclosure in Profile Builder Plugin for WordPress Sensitive Information Disclosure in OpenNMS Meridian and Horizon via Jetty Log Files IP Address Spoofing and Anti-Spam Bypass Vulnerability in Formidable Forms WordPress Plugin Buffer Over-read Vulnerability in GitHub Repository gpac/gpac prior to v2.3.0-DEV Off-by-one Error in gpac/gpac GitHub Repository Prior to v2.3.0-DEV Heap-based Buffer Overflow in GPAC GitHub Repository Prior to v2.3.0-DEV Arbitrary Privilege Escalation in User Role by BestWebSoft WordPress Plugin Excessive Disk Usage Vulnerability in HashiCorp Nomad Improper Authorization Vulnerability in DIAEnergie (versions prior to v1.9.03.001) Stored Cross-Site Scripting Vulnerability in Cookie Notice & Compliance Plugin Vulnerability: Stored XSS via CSRF Attack in User Registration & User Profile WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 1.5.17 Cross-Site Scripting (XSS) Vulnerability in Pandora FMS v767 and Prior Versions Plesk 17.0-18.0.31 Cross-Site Scripting Vulnerability Critical Remote Command Injection Vulnerability in EasyNAS 1.1.0 (VDB-220950) Cross-Site Request Forgery Vulnerability in Under Construction Plugin for WordPress Cross-Site Request Forgery Vulnerability in Under Construction Plugin for WordPress Information Disclosure Vulnerability in Red Hat AMQ-Streams via Illegal Header Value Privilege Escalation Vulnerability in HYPR Workforce Access on MacOS Arbitrary Local File Access in markdown-pdf version 11.0.0 Uninitialized Buffer Leak in HAProxy's FCGI_BEGIN_REQUEST Encoding TeamViewer Remote: Unauthorized Modification of Locked Local Device Settings Vulnerability Webhook URL Manipulation Vulnerability in GitLab Account Footprinting Vulnerability in ProMIS Process Co. InSCADA Cross-Site Scripting (XSS) Vulnerability in PHPCrazy 1.1.1 Critical Heap-Based Buffer Overflow Vulnerability in GPAC 2.3-DEV-rev40-g3602a5ded (VDB-221087) Prototype Pollution Vulnerability in xml2js version 0.4.23 Stored Cross-Site Scripting Vulnerability in Namaste! LMS WordPress Plugin Authenticated User Can Trigger Consul Server and Client Agent Crash Vulnerability Unauthenticated Stored XSS Vulnerability in OpenNMS Horizon and Meridian DASH 7 Alliance Protocol Sub-IoT Out-of-Bounds Write Vulnerability Remote Denial of Service Vulnerability in Netgear WNDR3700v2 1.0.1.14 Critical Command Injection Vulnerability in Netgear WNDR3700v2 1.0.1.14 Web Interface Remote Denial of Service Vulnerability in Netgear WNDR3700v2 1.0.1.14 Buffer Overflow Vulnerability in CPCA Resource Download Process of Office/Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability in Office/Small Office Multifunction Printers and Laser Printers Vulnerability: Buffer Overflow in mDNS NSEC Record Registering Process of Office/Small Office Multifunction Printers and Laser Printers Vulnerability: Buffer Overflow in NetBIOS QNAME Registering and Communication Process of Office/Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability in IPP Number-Up Attribute Processing of Office/Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability in Office/Small Office Multifunction Printers and Laser Printers Vulnerability: Unauthorized Access to Office/Small Office Multifunction Printers and Laser Printers RemoteUI Authentication Bypass Vulnerability in Office/Small Office Multifunction Printers and Laser Printers Arbitrary File Installation Vulnerability in Office/Small Office Multifunction Printers and Laser Printers Excessive Authentication Attempts Vulnerability in modoboa/modoboa-installer prior to 2.0.4 Command Injection Vulnerability in NetModule NSRW Web Administration Interface Path Traversal Vulnerability in NetModule NSRW Web Administration Interface Improper Authentication Vulnerability in ABB Terra AC Wallbox Series Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC Wallbox Series Insecure User Address Management in WooCommerce Multiple Customer Addresses & Shipping Plugin Heap-based Buffer Overflow in GPAC GitHub Repository Prior to Version 2.3.0-DEV Multiple Stored and Reflected Cross-Site Scripting Vulnerabilities in OpenNMS Meridian and Horizon: Confidential Session Information Exposure Reflected Cross-Site Scripting Vulnerability in OpenNMS Meridian and Horizon Allows Session Cookie Theft Cross-Site Scripting Vulnerability in OpenNMS Meridian and Horizon Allows Access to Confidential Session Information Cross-Site Request Forgery Vulnerability in OpenNMS Meridian and Horizon XXE Injection Vulnerability in OpenMNS Horizon 31.0.8 and Earlier Elevation of Privilege Vulnerability in Horizon REST API Stored Cross-Site Scripting Vulnerability in Kanban Boards for WordPress Plugin Stored Cross-Site Scripting Vulnerability in Klaviyo WordPress Plugin Blind SQL Injection Vulnerability in WP Meta SEO WordPress Plugin Arbitrary Redirect Vulnerability in WP Meta SEO WordPress Plugin Code Injection Vulnerability in froxlor/froxlor prior to 2.0.11 Cross-site Scripting (XSS) Vulnerability in GitHub Repository nuxt/framework prior to 3.2.1 Stored Cross-site Scripting (XSS) Vulnerability in btcpayserver/btcpayserver prior to 1.7.12 Input Misinterpretation in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Authorization Bypass and Privilege Abuse Vulnerability in Kron Tech Single Connect 2.16 Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-221350) Unquoted Search Path Vulnerability in phjounin TFTPD64-SE 4.64 (VDB-221351) WiFi Battery Embedded Web Server Vulnerability: Unauthorized Administrative Access Arbitrary Blog Options Update Vulnerability in Themeflection Numbers WordPress Plugin WordPress Shortcodes Plugin - Unauthorized Access to Draft, Private, and Password Protected Posts Stored Cross-Site Scripting Vulnerability in StagTools WordPress Plugin Stored Cross-Site Scripting Vulnerability in BizLibrary WordPress Plugin Stored Cross-Site Scripting Vulnerability in Time Sheets WordPress Plugin Stored Cross-Site Scripting Vulnerability in Pickup | Delivery | Dine-in Date Time WordPress Plugin Time-Based SQL Injection Vulnerability in WP Coder Plugin for WordPress Default Password Vulnerability in Lenovo Smart Clock Essential with Alexa Built In Session Hijack Vulnerability in Sielco PolyEco1000 Code Execution Vulnerability in General Electric MiCOM S1 Agile Stored Cross-Site Scripting Vulnerability in Steveas WP Live Chat Shoutbox WordPress Plugin SQL Injection Vulnerability in Pricing Table Builder WordPress Plugin Unauthorized Access to Sensitive Information in GitHub Repository pixelfed/pixelfed prior to 0.11.4 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Food Ordering System 1.0 (CVE-2021-221451) Critical SQL Injection Vulnerability in SourceCodester Employee Task Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Employee Task Management System 1.0 (VDB-221453) Critical Remote Code Execution Vulnerability in SourceCodester Employee Task Management System 1.0 Critical Authentication Bypass Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Denial of Service Vulnerability in Filseclab Twister Antivirus 8.17 (VDB-221456) Denial of Service Vulnerability in Xoslab Easy File Locker 2.2.0.184 Local Denial of Service Vulnerability in cxasm notepad-- 1.22 Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-221476) Arbitrary User Meta Retrieval Vulnerability in Shortcodes Ultimate WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Auto Dealer Management System 1.0 (VDB-221481) Critical SQL Injection Vulnerability in SourceCodester Auto Dealer Management System 1.0 (VDB-221482) GitHub Repository Pixelfed/Pixelfed Prior to 0.11.4: Improper Authorization Vulnerability Critical SQL Injection Vulnerability in SourceCodester Auto Dealer Management System 1.0 (VDB-221490) Improper Access Controls in SourceCodester Auto Dealer Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Simple Customer Relationship Management System 1.0 (VDB-221493) Critical Unrestricted Upload Vulnerability in Pharmacy Management System 1.0 Missing Authentication for Critical Function in GitHub Repository GitLab CE/EE CPU Saturation Vulnerability via Large Issue Description in GraphQL Default Password Transmission Vulnerability in Samba AD DC Administration Tool Insecure Access Control in Kubernetes Service for Notebooks in RHODS Arbitrary File Upload Vulnerability in ZYREX POPUP WordPress Plugin Remote Code Execution via Deserialization in webMethods OneData Use After Free Vulnerability in Web Payments API in Google Chrome on Android Use After Free Vulnerability in SwiftShader in Google Chrome Vulnerability Title: Use After Free Heap Corruption in Vulkan in Google Chrome Heap Buffer Overflow in Video in Google Chrome Use After Free Vulnerability in Video Element in Google Chrome Use after free vulnerability in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 Integer Overflow Vulnerability in PDF Parsing in Google Chrome Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to 1.0.5 Critical Remote OS Command Injection Vulnerability in DolphinPHP up to 1.5.1 (CVE-2021-46097) Denial of Service Vulnerability in TP-Link Archer C50 V2_160801 Reflected Cross-Site Scripting Vulnerability in VK All in One Expansion Unit WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (CVE-2021-XXXX) SQL Injection vulnerability in NTN Information Technologies Online Services Software (before 1.17) Unauthenticated Password Reset Vulnerability in ProfileGrid WordPress Plugin Critical Use After Free Vulnerability in Google Chrome Prompts Reflected Cross-Site Scripting Vulnerability in Japanized For WooCommerce Plugin for WordPress Unrestricted File Upload Vulnerability in SourceCodester Best POS Management System 1.0 Arbitrary User Session Data Modification via IDOR in Bhima v1.27.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Best POS Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Best POS Management System 1.0 (VDB-221593) GitHub Repository Path Traversal Vulnerability in FlatPress Blog (prior to 1.3) Reflected Cross-Site Scripting in Japanized For WooCommerce WordPress Plugin Reflected Cross-site Scripting (XSS) Vulnerability in modoboa/modoboa prior to 2.0.5 Array Index Underflow Vulnerability in LibreOffice Spreadsheet Component Privilege Escalation Vulnerability in Devolutions Server 2022.3.12 and Earlier Improper Access Controls in Devolutions Server 2022.3.12 and Earlier SQL Injection Vulnerability in Devolutions Server 2022.3.12 and Earlier Credential Compromise Vulnerability in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ Cameras SQL Injection Vulnerability in WP Statistics WordPress Plugin Path Traversal Vulnerability in TEL-STER TelWin SCADA WebInterface Cross-Site WebSocket Hijacking (CSWSH) Vulnerability in Gitpod Unauthenticated Installation of Inisev WordPress Plugins CSRF Vulnerability in Bhima Version 1.27.0 Allows Privilege Escalation via Malicious Link Remote Code Execution Vulnerability in SeaCMS 11.6 Picture Management Component Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (VDB-221632) Critical Remote Code Execution Vulnerability in SourceCodester Music Gallery Site 1.0 Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 Buffer Clearing Vulnerability in Silicon Labs Gecko Platform SDK v4.2.1 and Earlier Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Eyewear Shop 1.0 IDOR Vulnerability in Bhima Version 1.27.0 Allows Unauthorized Access to Sensitive User Data Reflected Cross-Site Scripting Vulnerability in Watu Quiz Plugin for WordPress Z/IP Gateway 7.18.01 and Earlier: Authenticated Attacker Can Manipulate Array Pointer to Disclose Global Memory Contents Buffer Overflow Vulnerabilities in SiLabs Z/IP Gateway SDK: Exploiting Invasive Physical Access to Z-Wave Controller Device Authentication Bypass and Remote Administration Vulnerability in SiLabs Z/IP Gateway SDK Stack Buffer Overflow Vulnerability in SiLabs Z/IP Gateway 7.18.01 and Earlier Null Pointer Dereference Vulnerability in STEPTools v18SP1 ifcmesh Library (v18.1) Trellix Agent for Windows Local Privilege Escalation Vulnerability Command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 Heap-based Overflow Vulnerability in Trellix Agent (Windows and Linux) Version 5.7.8 and Earlier Command Injection Vulnerability in Trellix Intelligent Sandbox CLI SQL Injection Vulnerability in MedData MedDataPACS SQL Injection Vulnerability in SourceCodester Yoga Class Registration System 1.0 SQL Injection Vulnerability in SourceCodester Yoga Class Registration System 1.0 Critical SQL Injection Vulnerability in SourceCodester Yoga Class Registration System 1.0 (VDB-221677) Stored Cross-Site Scripting in stylish-cost-calculator-premium WordPress Plugin Account Takeover Vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24, and Helmholz' myREX24 and myREX24.virtual (<= 2.13.3) Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Cross-Site Request Forgery Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-221681) Information Disclosure Vulnerability in GitLab CE/EE: Unauthorized Extraction of CI/CD Variables Stored Cross-Site Scripting Vulnerability in Shield Security Plugin for WordPress (up to version 17.0.17) via 'User-Agent' Header Vulnerability: Missing Authorization and Cross-Site Scripting in Shield Security Plugin for WordPress Unauthorized Access to Sensitive Information in GitHub Repository francoisjacquet/rosariosis prior to 10.8.2 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository unilogies/bumsys prior to v2.0.1 Buffer Overflow Vulnerability in Emscripten Wrapper for libheif's Strided Image Data Parsing Code Critical SQL Injection Vulnerability in SourceCodester Moosikay E-Commerce System 1.0 Critical Access Control Vulnerability in SourceCodester Alphaware Simple E-Commerce System 1.0 Cross-Site Request Forgery (CSRF) Vulnerability in SourceCodester Sales Tracker Management System 1.0 CVE-2023-1000 Path Traversal Vulnerability in MuYuCMS 2.2 (VDB-221735) Code Injection Vulnerability in Typora up to 1.5.5 on Windows Critical Code Injection Vulnerability in MarkText up to 0.17.1 on Windows (VDB-221737) Critical Code Injection Vulnerability in JP1016 Markdown-Electron Cross-Site Scripting (XSS) Vulnerability in SourceCodester Medical Certificate Generator App 1.0 Critical Local Access Control Vulnerability in Twister Antivirus 8.17 (VDB-221740) Denial of Service Vulnerability in Twister Antivirus 8.17 (VDB-221741) Path Traversal Vulnerability in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 (Unsupported) Critical Heap-Based Buffer Overflow Vulnerability in vox2png 1.0 (VDB-221743) Unescaped Output and CSRF Vulnerability in AI ChatBot WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Virames Vira-Investing Account Footprinting Vulnerability in Virames Vira-Investing SQL Injection Vulnerability in Intuitive Custom Post Order Plugin for WordPress (Versions up to 3.1.3) TPM2.0 Module Library Out-of-Bounds Write Vulnerability TPM2.0 Module Library Out-of-Bounds Read Vulnerability Cross-Site Scripting Vulnerability in Help Desk WP WordPress Plugin SQL Injection in Steveas WP Live Chat Shoutbox WordPress Plugin Stored Cross-Site Scripting Vulnerability in amr ical events lists WordPress Plugin Unauthorized Options Update Vulnerability in WP Meta SEO Plugin Unauthenticated Plugin Settings Update Vulnerability in WP Meta SEO Plugin Unauthorized Sitemap Generation Vulnerability in WP Meta SEO Plugin Stored Cross-Site Scripting Vulnerability in Simple File List WordPress Plugin Unauthenticated Access to Post Listings by Category in WP Meta SEO Plugin Unauthenticated Sitemap Generation Vulnerability in WP Meta SEO Plugin Cross-Site Request Forgery (CSRF) Vulnerability in WP Meta SEO Plugin Cross-Site Request Forgery vulnerability in WP Meta SEO plugin allows unauthorized Sitemap regeneration Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Boat Reservation System 1.0 Remote Code Execution Vulnerability in MonicaHQ 4.0.0 via CSTI in `settings` Endpoint Double Free Vulnerability in Linux Kernel's io_uring IORING_OP_SOCKET Operation CSRF Vulnerability in froxlor/froxlor Repository (Version < 2.0.11) GitHub Repository Path Traversal Vulnerability in salesagility/suitecrm prior to 7.12.9 Critical SQL Injection Vulnerability in SourceCodester Clinics Patient Management System 1.0 (VDB-221784) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Dental Clinic Appointment Reservation System 1.0 Critical SQL Injection Vulnerability in SourceCodester Dental Clinic Appointment Reservation System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Reviewer Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Class and Exam Timetabling System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (CVE-2021-XXXX) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Responsive Tourism Website 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Pet Shop We App 1.0 Relative Path Traversal Vulnerability in MuYuCMS 2.2 (VDB-221802) Relative Path Traversal Vulnerability in MuYuCMS 2.2 Relative Path Traversal Vulnerability in MuYuCMS 2.2 Critical Server-Side Request Forgery Vulnerability in MuYuCMS 2.2 (VDB-221805) Critical Vulnerability in TechPowerUp RealTemp 3.7.0.0: Improper Initialization in WinRing0x64.sys Library (VDB-221806) Critical Vulnerability in TechPowerUp Ryzen DRAM Calculator 1.2.0.5: Improper Initialization in WinRing0x64.sys Library Code Injection Vulnerability in HMI Project File Loading SQL Injection Vulnerability in As Koc Energy Web Report System Reflected XSS Vulnerability in As Koc Energy Web Report System Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (VDB-221819) Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (VDB-221820) Vulnerability: LDAP UserPassword Decoding Flaw in RHDS 11 and RHDS 12 Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 (CVE-2021-XXXX) SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 Reflected XSS Vulnerability in YKM CRM (before 23.03.30) Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 (VDB-221825) Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 SQL Injection vulnerability in Uzay Baskul Weighbridge Automation Software before 1.1 Data Obfuscation Vulnerability in Snyk Kubernetes Monitor Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.18 Cross-Site Request Forgery Vulnerability in Download Read More Excerpt Link Plugin for WordPress (up to 1.6.0) Stored Cross-Site Scripting Vulnerability in Complianz WordPress Plugin Arbitrary File Path Manipulation in GitHub Repository nilsteampassnet/teampass prior to 3.0.0.22 Improper Permissions Check Allows Unauthorized Removal of Issue from Epic in GitLab GitLab Vulnerability: Resource Depletion Attack via Improper Filtering Linux Kernel HID Subsystem Memory Corruption Vulnerability Memory Leak Vulnerability in Linux Kernel's Stream Control Transmission Protocol (SCTP) Allows Denial of Service Vulnerability: Type Confusion in tls_is_tx_ready() Function Hardcoded UID in Linux Kernel's tun/tap sockets can bypass network filters Type Confusion Vulnerability in pick_next_rt_entity() Function of Linux Kernel Linux Kernel RDS Protocol Type Confusion Vulnerability Use-after-free vulnerability in asus_kbd_backlight_set in Linux kernel Reflected Cross-Site Scripting Vulnerability in GN Publisher Plugin for WordPress Stored Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3.3 CVE-2023-1082 CVE-2023-1083 Privilege Escalation via Crafted Project Access Token in GitLab CE/EE CSRF Vulnerability in Preview Link Generator WordPress Plugin CSRF Vulnerability in WC Sales Notification WordPress Plugin CSRF Vulnerability in WP Plugin Manager WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in Coupon Zen WordPress Plugin Allows Arbitrary Plugin Activation Stored Cross-Site Scripting Vulnerability in SMTP Mailing Queue WordPress Plugin SQL Injection Vulnerability in Alpata Licensed Warehousing Automation System CSRF Vulnerability in OAuth Single Sign On WordPress Plugins CSRF Vulnerability in OAuth Single Sign On WordPress Plugin Remote Code Execution Vulnerability in MonicaHQ 4.0.0 via CSTI in `people:id/food` Endpoint NULL pointer dereference vulnerability in nf_tables_updtable SnapCenter Vulnerability: Remote Unauthenticated Access as Admin User Baicells EG7035-M11 Firmware BCE-ODU-1.0.8 - HTTP GET Command Injection Vulnerability GitLab EE/CE Vulnerability: Password Leakage in Repository Mirror Configuration Critical SQL Injection Vulnerability in SourceCodester Online Student Management System 1.0 (CVE-2022-222002) Critical SQL Injection Vulnerability in SourceCodester Online Catering Reservation System 1.0 Excessive MFA Attempts Vulnerability in SonicOS SSLVPN Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 Arbitrary File Path Manipulation in flatpressblog/flatpress prior to 1.3 Reflected Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to 1.3 Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 Undertow Denial of Service Vulnerability: Endless Loop in SslConduit Unrestricted File System Access in Phoenix Contacts ENERGY AXC PU Web Service Stored Cross-Site Scripting Vulnerability in Yellow Yard Searchbar WordPress Plugin Critical Path Traversal Vulnerability in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress (VDB-222072) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Payroll System 1.0 Eskom e-Belediye Missing Authorization Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.18 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.18 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.18 Linux Kernel Infrared Receiver/Transceiver Driver Use After Free Vulnerability Cross-Site Scripting (XSS) Vulnerability in WP-Optimize and SrbTransLatin WordPress Plugins Stored Cross-Site Scripting Vulnerability in Simple Giveaways WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Giveaways WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Giveaways WordPress Plugin LFI Vulnerability in Shopping Cart & eCommerce Store WordPress Plugin Insecure Ticket Ownership Verification in Ruby Help Desk WordPress Plugin Cross-Site Scripting Vulnerability in WP FEvents Book WordPress Plugin Critical Divide By Zero Vulnerability in vim/vim Repository (prior to 9.0.1367) User Impersonation Vulnerability in WP FEvents Book WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 (VDB-222105) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 (customer.php) - VDB-222106 Buffer Clearing Vulnerability in sli_se_driver_key_agreement Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Path Traversal Vulnerability in Delta Electronics InfraSuite Device Master Local Privilege Escalation in Delta Electronics InfraSuite Device Master versions prior to 1.0.5 Authentication Bypass Vulnerability in Delta Electronics InfraSuite Device Master Privilege Escalation Vulnerability in Delta Electronics InfraSuite Device Master Improper Access Control Vulnerability in Delta Electronics InfraSuite Device Master Deserialization Vulnerability in Delta Electronics InfraSuite Device Master Unauthenticated Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Command Injection Vulnerability in Delta Electronics InfraSuite Device Master URL Decoding Vulnerability in Delta Electronics InfraSuite Device Master Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Versions Prior to 1.0.5 Improper Access Control Vulnerability in Delta Electronics InfraSuite Device Master Deserialization Vulnerability in Delta Electronics InfraSuite Device Master Cross-site Scripting (XSS) Vulnerability in FlatPress Blog Software Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 GitHub Repository btcpayserver/btcpayserver Prior to Version 1.8.0: Improper Neutralization of Equivalent Special Elements Vulnerability Uncontrolled Resource Consumption Vulnerability in Series WAGO 750-3x/-8x Products Critical SQL Injection Vulnerability in SourceCodester Electronic Medical Records System 1.0 SQL Injection Vulnerability in Utarit Information Technologies Persolus: Version 2.03.93 and earlier SQL Injection Vulnerability in Pacsrapor: Before 1.22 Reflected XSS Vulnerability in Pacsrapor v1.22 and Earlier Stored Cross-Site Scripting Vulnerability in Cost Calculator Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in SourceCodester Health Center Patient Record Management System 1.0 Denial of Service Vulnerability in finixbit elf-parser (CVE-2022-222222) Unauthorized Access to Dashboard Prompts in Hitachi Vantara Pentaho Business Analytics Server Stored Cross-Site Scripting Vulnerability in Bookly Plugin for WordPress Platform-Dependent Third Party Component Vulnerability in cockpit-hq/cockpit prior to 2.4.0 Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 via ISO 15765 and ISO 10681 Dissector Crash Command Injection Vulnerability in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 (Unsupported) Critical Path Traversal Vulnerability in Unsupported DrayTek Vigor 2960 1.5.1.4/1.5.1.5 Critical Authorization Vulnerability in KylinSoft kylin-activation on KylinOS (VDB-222260) Critical SQL Injection Vulnerability in Zhong Bang CRMEB Java 1.3.4 (VDB-222261) Stored Cross-Site Scripting Vulnerability in USM-Premium WordPress Plugin Unauthorized Access to Security Reports in Merge Requests in Gitlab EE Authenticated Remote Code Execution in AOS-CX Network Analytics Engine Missing Authorization Vulnerability in OoohBoi Steroids for Elementor WordPress Plugin (Versions up to 2.1.4) Critical Heap-based Buffer Overflow in vim/vim Repository (CVE-XXXX-XXXX) Stored Cross-Site Scripting Vulnerability in Bookly WordPress Plugin (Versions up to 21.5) Remote Access Vulnerability in minikube on macOS with Docker Driver Buffer Overflow Vulnerability in vim/vim prior to 9.0.1378 Absolute Path Traversal Vulnerability in mlflow/mlflow (prior to 2.2.2) Path Traversal Vulnerability in mlflow/mlflow prior to 2.2.1 Vulnerability: File Integrity Compromise in GitLab CE/EE Cross-Site Scripting (XSS) Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Health Center Patient Record Management System 1.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository icret/easyimages2.0 prior to 2.6.7 Libreoffice Package Vulnerability: Arbitrary File Write via Crafted ODB Unrestricted Upload Vulnerability in ECshop up to 4.1.8 Unrestricted Upload Vulnerability in ECshop up to 4.1.8 Null Pointer Dereference Vulnerability in FabulaTech Webcam for Remote Desktop 2.8.42 (VDB-222358) Denial of Service Vulnerability in FabulaTech Webcam for Remote Desktop 2.8.42 Denial of Service Vulnerability in FabulaTech Webcam for Remote Desktop 2.8.42 (VDB-222360) Denial of Service Vulnerability in WiseCleaner Wise Folder Hider 4.4.3.202 Buffer Overflow Vulnerability in xiaozhuai imageinfo up to 3.0.3 (VDB-222362) Remote Path Traversal Vulnerability in fastcms Use-After-Free Vulnerability in CIFS in Linux Kernel Use-After-Free Vulnerability in KSMBD Implementation of Linux Kernel Samba Server and CIFS Out-of-Bounds Memory Read Vulnerability in KSMBD Implementation of Samba Server and CIFS in Linux Kernel Use-after-free vulnerability in reconn_set_ipaddr_from_hostname in Linux kernel PHP Object Injection Vulnerability in Advanced Custom Fields (ACF) WordPress Plugins Stored Cross-site Scripting (XSS) Vulnerability in uvdesk/community-skeleton prior to 1.1.0 SQL Injection Vulnerability in Starcities: through 1.3 Cross Site Scripting (XSS) Vulnerability in ehuacui bbs Insecure Access Control in Devolutions Server 2022.3.12 and Below: Unauthorized Access to Secure Messages Permission Bypass via ID Collision in User Vault Import/Synchronization Sensitive Data Exposure in Hub Business Submodule of Devolutions Remote Desktop Manager PowerShell Module Unverified Email Exposure Vulnerability in GitLab CE/EE Cross-Site Request Forgery Vulnerability in NETGEAR Nighthawk WiFi6 Router IPv6 Connection Lookup Table Hash Collision Vulnerability Arbitrary SQL Execution via Import Functionality in HTTP Headers WordPress Plugin Arbitrary File Write Vulnerability in HTTP Headers WordPress Plugin ServiceNow Cross-Site Scripting (XSS) Vulnerability User Email Leakage Vulnerability in GitLab SQL Injection Vulnerability in phpipam/phpipam prior to v1.5.2 Stored Cross-site Scripting (XSS) Vulnerability in phpipam/phpipam prior to v1.5.2 Use After Free Vulnerability in Swiftshader in Google Chrome Type Confusion Vulnerability in V8 Engine Allows Remote Heap Corruption Type Confusion Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome DevTools Stack Buffer Overflow in Crash Reporting in Google Chrome on Windows WebRTC Use After Free Vulnerability in Google Chrome Heap Buffer Overflow in Metrics in Google Chrome Heap Buffer Overflow in UMA in Google Chrome: Remote Code Execution Vulnerability Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome Heap Buffer Overflow in Web Audio API in Google Chrome Cross-Origin Data Leakage in Autofill in Google Chrome on Android Bypassing Navigation Restrictions in Web Payments API in Google Chrome Bypassing Same Origin Policy in Navigation in Google Chrome on iOS Bypassing Content Security Policy in Web Payments API in Google Chrome Use After Free Vulnerability in Google Chrome on Lacros prior to 111.0.5563.64 Bypassing Navigation Restrictions in Google Chrome on Android Bypassing Navigation Restrictions in Google Chrome via Crafted HTML Page Spoofing Vulnerability in Google Chrome Android WebApp Installer Autofill Spoofing Vulnerability in Google Chrome on Android Insufficient Policy Enforcement in Resource Timing in Google Chrome: Information Disclosure Vulnerability Insufficient Policy Enforcement in Resource Timing Allows Information Disclosure via Malicious Chrome Extension Domain Spoofing Vulnerability in Google Chrome on Android Type Confusion Vulnerability in Google Chrome DevTools Origin Spoofing Vulnerability in Google Chrome Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 External Parties Can Access Sensitive Data in Starcities: through 1.3 Cross-Site Scripting (XSS) Vulnerability in OTRS Ticket Actions Modules Use-After-Free Vulnerability in Linux Kernel's Core Dump Subsystem Code Injection via ACL Manipulation in OTRS and ((OTRS)) Community Edition SQL Injection Vulnerability in Akinsoft Wolvox (before 8.02.03) Use-after-free vulnerability in Linux kernel's Ext4 File System with overlay FS usage Critical SQL Injection Vulnerability in SourceCodester Health Center Patient Record Management System 1.0 (VDB-222483) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Health Center Patient Record Management System 1.0 (birthing_print.php) Vulnerability Title: Crash Vulnerability in AES-XTS Cipher Decryption on 64-bit ARM Platform Unauthenticated Remote Data Read and Tampering Vulnerability in AVEVA Plant SCADA and AVEVA Telemetry Server Physical Access Vulnerability: Unauthorized BIOS Access and System Compromise Flow-X Firmware Vulnerability: Unauthorized Access to Sensitive Information Stored Cross-Site Scripting Vulnerability in Hotjar Plugin for WordPress Kube-apiserver Authentication Bypass Vulnerability Allows Evasion of SCC Admission Restrictions Silicon Labs Wi-SUN SDK v1.5.0 and Earlier Vulnerability: Exploitable MAC Layer Security Gap Allows Malicious Node to Route Malicious Messages Silicon Labs Wi-SUN Linux Border Router Vulnerability: Exploitable MAC Layer Security Gap Information Exposure Vulnerability in CMP – Coming Soon & Maintenance Plugin for WordPress NULL Pointer Dereference Vulnerability in vim/vim Session Token Leakage Vulnerability in GitLab SQL Injection Vulnerability in Ulkem Company PtteM Kart (Version 2.1 and earlier) Hard-coded Credentials Vulnerability in GitHub Repository alextselegidis/easyappointments prior to 1.5.0 Cross-site Scripting Vulnerability in btcpayserver/btcpayserver prior to 1.8.3 LFI Vulnerability in ND Shortcodes WordPress Plugin Vulnerability: Local File Inclusion (LFI) in Pricing Tables For WPBakery Page Builder Plugin Cross-Site Scripting (XSS) Vulnerability in SourceCodester Phone Shop Sales Managements System 1.0 Critical SQL Injection Vulnerability in SUL1SS_shop's Order.php Controller Critical Command Injection Vulnerability in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin (VDB-222600) Cross-Site Scripting (XSS) Vulnerability in IBOS up to 4.5.5 via mobil/index.php GitLab URL Redirection Vulnerability Use After Free Vulnerability in Linux Kernel Traffic Control Index Filter (tcindex) Allows Privilege Escalation Reflected Cross-Site Scripting Vulnerability in Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard and Remote Storage Integrations WordPress Plugins Code Injection Vulnerability in GitHub Repository Builderio/qwik (prior to 0.21.0) Signal Handler Race Condition Vulnerability in Mitsubishi Electric India GC-ENET-COM Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 XSL Template Remote Code Execution Vulnerability in ENOVIA Live Collaboration V6R2013xE XML External Entity Injection (XXE) Vulnerability in ENOVIA Live Collaboration V6R2013xE Allows Server File Read Access ImageMagick SVG File Denial of Service Vulnerability Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 (VDB-222645) Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 (CVE-2021-222646) Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (CVE-2021-222647) Critical SQL Injection Vulnerability in SourceCodester File Tracker Manager System 1.0 (VDB-222648) Privilege Escalation Vulnerability in Linux Kernel's io_uring IORING_OP_CLOSE Operation Variable Denial of Service Vulnerability in HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 Cluster Peering Vulnerability in Consul and Consul Enterprise Allows Denial of Service ServiceNow Polaris Layout Reflected XSS Vulnerability Privilege Escalation via Workload Identity and Task API in HashiCorp Nomad 1.5.0 Critical SQL Injection Vulnerability in SourceCodester COVID 19 Testing Management System 1.0 (CVE-2021-222661) Critical SQL Injection Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 (VDB-222662) Cross-Site Scripting (XSS) Vulnerability in SourceCodester File Tracker Manager System 1.0 Unrestricted File Upload Vulnerability in UCMS 1.6 Jinja Template Injection Vulnerability in getattr() Method Arbitrary File Read/Write Vulnerability via Exposed Box Object Exposed resource.db() Accessor Method Allows Code Execution via Jinja Template Smuggling GitHub Repository Authentication Bypass Vulnerability in froxlor/froxlor (prior to 2.0.13) Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (CVE-2021-222697) Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (VDB-222698) Critical SQL Injection Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 (VDB-222699) Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 Unrestricted File Upload Vulnerability in GitHub Repository Cockpit-HQ/Cockpit Prior to 2.4.1 Privilege Escalation Vulnerability in Cloudflared Installer for Windows 32-bit Devices Reflected Cross-Site Scripting (XSS) Vulnerability in osticket/osticket prior to v1.16.6 Stored Cross-site Scripting (XSS) Vulnerability in osTicket GitHub Repository (prior to v1.16.6) Reflected Cross-Site Scripting (XSS) Vulnerability in osticket/osticket prior to v1.16.6 Cross-site Scripting (XSS) Vulnerability in osticket/osticket prior to v1.16.6 Stored Cross-site Scripting (XSS) Vulnerability in osTicket GitHub Repository (prior to v1.16.6) Stored Cross-site Scripting (XSS) Vulnerability in osTicket GitHub Repository (prior to v1.16.6) Critical SQL Injection Vulnerability in lmxcms 1.41 (CVE-2021-222727) Critical SQL Injection Vulnerability in lmxcms 1.41 (VDB-222728) Stored Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Privilege Escalation Vulnerability in apport-cli 2.26.0 and Earlier Authentication Bypass Vulnerability in Netgear RAX30 (AX2400) Unrestricted Upload Vulnerability in Guizhou 115cms 4.2 (VDB-222738) HP Multifunction Printers (MFPs) Vulnerability: Buffer Overflow and Remote Code Execution Risk with HP Workpath Solutions CSRF Vulnerability in Redirection WordPress Plugin CSRF Vulnerability in Redirection WordPress Plugin Allows Unauthorized Deletion of Redirections Unauthenticated Data Loss Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Cache Modification Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Plugin Settings Update Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Attackers Can Disable Caching in RapidLoad Power-Up for Autoptimize Plugin Vulnerability: Unauthorized Data Loss in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Cache Modification Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Access Control Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin (Versions up to 1.7.1) Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin (Versions up to 1.7.1) Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin Customizer Export/Import WordPress Plugin Unserialized PHP Object Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in Hsycms 3.1 Add Category Module (CVE-2021-222842) Critical OS Command Injection Vulnerability in liferea (VDB-222848) Critical SQL Injection Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 (CVE-2021-222849) Critical SQL Injection Vulnerability in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 (CVE-2021-222853) NULL Pointer Dereference Vulnerability in vim/vim Reflected Cross-Site Scripting Vulnerability in IDAttend's IDWeb Application 3.1.052 and Earlier Critical SQL Injection Vulnerability in SourceCodester Simple Bakery Shop Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Gadget Works Online Ordering System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Gadget Works Online Ordering System 1.0 Critical SQL Injection Vulnerability in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 Critical SQL Injection Vulnerability in unilogies/bumsys (prior to v2.0.2) UI Layer or Frame Rendering Vulnerability in GitHub Repository unilogies/bumsys (prior to v2.0.2) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-222871) Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-222872) Critical SQL Injection Vulnerability in SourceCodester Yoga Class Registration System 1.0 (VDB-222873) Code Injection Vulnerability in easyappointments prior to 1.5.0 Critical SQL Injection Vulnerability in XHCMS 1.0 (VDB-222874) Denial of Service Vulnerability in TG Soft Vir.IT eXplorer 9.4.86.0 Stack Overflow Vulnerability in Json-smart Unprotected Password-Protected Posts Vulnerability in W4 Post List WordPress Plugin Stored Cross-Site Scripting Vulnerability in WH Testimonials Plugin for WordPress Reflected Cross-Site Scripting in W4 Post List WordPress Plugin Stored Cross-Site Scripting Vulnerability in Solidres WordPress Plugin (Versions up to 0.9.4) Vulnerability: Unauthorized Cache Deletion in WP Fastest Cache Plugin Reflected Cross-Site Scripting Vulnerability in Solidres WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 (VDB-222904) Critical SQL Injection Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 (VDB-223127) Denial of Service Vulnerability in brcmf_get_assoc_ies in Linux Kernel WP Meta SEO Plugin PHAR Deserialization and Remote Code Execution Vulnerability Data Race Vulnerability in Linux Kernel: NULL Pointer Dereference in TIPC Protocol Local Service Registration Vulnerability Arbitrary Code Execution Vulnerability in amzn.thin.pl's setMediaSource Function Offline PIN Brute-Forcing Vulnerability in Amazon Fire TV Stick and Insignia TV with FireOS Privilege Escalation Vulnerability in QEMU's 9pfs Implementation Potential JWT Leakage in Grafana via URL Query Parameter Heap-based Overflow Vulnerability in TA Prior to Version 5.7.9: Remote Alteration of Page Heap in macmnsvc Process Memory Block Command Injection Vulnerability in TP-Link Archer AX21 (AX1800) Firmware Linux Kernel TIPC Module Remote Denial of Service Vulnerability Unrestricted Upload Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-222978) Critical Unrestricted Upload Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-222979) Use-After-Free Vulnerability in X.Org Server Overlay Window Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (VDB-222981) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Yoga Class Registration System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Student Management System 1.0 (profile.php) Critical Path Traversal Vulnerability in XiaoBingBy TeaCMS 2.0 (VDB-222985) Untrusted Data Deserialization Vulnerability in N6854A Geolocation Server versions 2.4.2 Stored Cross-Site Scripting Vulnerability in Modern Events Calendar Lite WordPress Plugin GitLab DAST Scanner Authorization Cookie Leakage Vulnerability Role-Based Access Control Vulnerability in Course Participation Report Stored Cross-Site Scripting Vulnerability in Weaver Xtreme Theme for WordPress Stored Cross-Site Scripting Vulnerability in Weaver Show Posts Plugin for WordPress (Versions up to 1.6) Unserialized PHP Object Injection in Formidable Forms WordPress Plugin Remote Code Execution Vulnerability in JetEngine WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 SQL Injection Vulnerability in Video List Manager WordPress Plugin Insecure Client Certificate Validation in MongoDB Server on Windows and macOS Stored XSS Vulnerability in Grafana's Graphite FunctionDescription Tooltip Privilege Escalation via Improper Access Control in Cloudflare WARP Client for Windows Reflected Cross-Site Scripting Vulnerability in WP VR WordPress Plugin Arbitrary Tour Update Vulnerability in WP VR WordPress Plugin Critical Unrestricted Upload Vulnerability in Simple Art Gallery 1.0 (VDB-223126) Critical SQL Injection Vulnerability in Simple Art Gallery 1.0 (VDB-223128) Unauthorized User Exploits Vulnerability to Add Child Epics in Unrelated GitLab Groups Cross-Site Scripting (XSS) Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 Reflected Cross-Site Scripting in Ajax Search Lite and Ajax Search Pro WordPress Plugins Reflected Cross-Site Scripting Vulnerability in Mattermost OAuth Flow Completion Endpoints Buffer Overflow Vulnerability in Mitsubishi Electric MELSEC iQ-F and iQ-R Series CPU Modules SQL Injection Vulnerability in Groundhogg WordPress Plugin (Versions before 2.7.9.4) Title: WP Tiles WordPress Plugin 1.1.2 Allows Unauthorized Access to Draft and Private Post Titles Path Traversal Vulnerability in The Photo Gallery by 10Web WordPress Plugin Vulnerability: gRPC C++ Implementation Aborts on Certain HTTP2 Headers Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 Unauthenticated Attackers Can Manipulate Subscriptions in FluentCRM WordPress Plugin (Versions up to 2.7.40) Sensitive Information Exposure in WP Simple Shopping Cart Plugin Improper Access Controls in SourceCodester Online Food Ordering System 2.0 Unrestricted File Upload Vulnerability in SourceCodester Gadget Works Online Ordering System 1.0 Reflected Cross-Site Scripting Vulnerability in Ajax Search Pro WordPress Plugin Jettison JSONArray Construction Vulnerability Untrusted Pointer Vulnerability in Advantech WebAccess/SCADA Critical SQL Injection Vulnerability in SourceCodester Medicine Tracker System 1.0 (VDB-223283) Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 (CVE-2021-223285) Unrestricted Upload Vulnerability in Meizhou Qingyunke QYKCMS 4.3.0 Remote Denial of Service Vulnerability in Filseclab Twister Antivirus 8 Critical Denial of Service Vulnerability in Filseclab Twister Antivirus 8 (VDB-223289) Denial of Service Vulnerability in Filseclab Twister Antivirus 8 (VDB-223290) Denial of Service Vulnerability in Watchdog Anti-Virus 1.4.214.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Medicine Tracker System 1.0 Heap-based Buffer Overflow in GPAC 2.3-DEV-rev35-gbbca86917-master (VDB-223293) Double Free Vulnerability in GPAC 2.3-DEV-rev35-gbbca86917-master Local Denial of Service Vulnerability in MP4v2 2.1.2 (CVE-2021-223295) Denial of Service Vulnerability in MP4v2 2.1.2 (CVE-2021-223296) Critical Buffer Overflow Vulnerability in GPAC 2.3-DEV-rev35-gbbca86917-master (VDB-223297) Critical Local Access Control Vulnerability in Watchdog Anti-Virus 1.4.214.0 (VDB-223298) Critical SQL Injection Vulnerability in jeecg-boot 3.5.0 (VDB-223299) Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (CVE-2021-223304) Critical Remote Authentication Bypass Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (VDB-223306) User-Controlled Key Authorization Bypass Vulnerability in DigiKent: Pre-23.03.20 User-Controlled Key Authorization Bypass in Teampass prior to 3.0.0.23 Critical Remote Code Execution Vulnerability in SourceCodester Medicine Tracker System 1.0 Reflected Cross-Site Scripting Vulnerability in WP EasyPay WordPress Plugin SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (CVE-2021-223325) Critical Path Traversal Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (VDB-223326) Critical SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 Stored Cross-Site Scripting Vulnerability in WP Express Checkout Plugin Stored Cross-Site Scripting Vulnerability in eCommerce Product Catalog Plugin for WordPress SQL Injection Vulnerability in WP Popup Banners Plugin (Versions up to 1.2.5) Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin (Versions up to 1.7.1) Reflected Cross-Site Scripting Vulnerability in MetaSlider WordPress Plugin 3.29.0 Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (VDB-223337) Race Condition in Linux Kernel's mm/mremap Memory Address Space Accounting Source Code Authentication Abuse Vulnerability in HYPR Keycloak Authenticator Extension Path Traversal Vulnerability in Hummingbird WordPress Plugin Unrestricted File Upload Vulnerability in SourceCodester Simple Music Player 1.0 (VDB-223362) Critical SQL Injection Vulnerability in SourceCodester Monitoring of Students Cyber Accounts System 1.0 (VDB-223363) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Monitoring of Students Cyber Accounts System 1.0 Remote Code Injection Vulnerability in HkCms 2.2.4.230206 Critical SQL Injection Vulnerability in XiaoBingBy TeaCMS up to 2.0.2 (VDB-223366) Unrestricted File Upload Vulnerability in xzjie CMS (CVE-2021-223367) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 Improper Access Controls in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54 Denial of Service Vulnerability in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 Denial of Service Vulnerability in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 Critical Local Access Control Vulnerability in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 Critical Local Access Control Vulnerability in Max Secure Anti Virus Plus 19.0.2.1 (VDB-223376) Critical Local Access Control Vulnerability in Max Secure Anti Virus Plus 19.0.2.1 (VDB-223377) Denial of Service Vulnerability in Max Secure Anti Virus Plus 19.0.2.1 (VDB-223378) Denial of Service Vulnerability in Max Secure Anti Virus Plus 19.0.2.1 Critical SQL Injection Vulnerability in IBOS 4.5.5 (VDB-223380) Critical SQL Injection Vulnerability in Rebuild (up to version 3.2.3) - Remote Code Execution Possible Reflected Cross-site Scripting (XSS) Vulnerability in imgproxy/imgproxy prior to 3.14.0 Unrestricted File Upload Vulnerability in SourceCodester Simple and Nice Shopping Cart Script 1.0 (VDB-223397) Critical SQL Injection Vulnerability in Responsive Hotel Site 1.0 Component Newsletter Log Handler Critical SQL Injection Vulnerability in Simple Art Gallery 1.0 (VDB-223399) Cross-Site Scripting (XSS) Vulnerability in Simple Art Gallery 1.0 (adminHome.php) Unrestricted Upload Vulnerability in RockOA 2.3.2 (CVE-2021-223401) SQL Injection Vulnerability in SourceCodester Alphaware Simple E-Commerce System 1.0 (CVE-2021-223406) Critical SQL Injection Vulnerability in SourceCodester Alphaware Simple E-Commerce System 1.0 Critical SQL Injection Vulnerability in SourceCodester Alphaware Simple E-Commerce System 1.0 (VDB-223408) Critical SQL Injection Vulnerability in SourceCodester E-Commerce System 1.0 (CVE-2021-223409) Critical SQL Injection Vulnerability in SourceCodester E-Commerce System 1.0 (CVE-2021-223410) Cross-Site Scripting (XSS) Vulnerability in SourceCodester E-Commerce System 1.0 SQL Injection Vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software GMAce WordPress Plugin Cross-Site Request Forgery Vulnerability Uninitialized Memory Leak in KVM_GET_DEBUGREGS ioctl on 32-bit Systems Certificate Validation Vulnerability in RTU500 Scripting Interface Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 Insecure Permission Assignment Vulnerability in RoboDK Versions 5.5.3 and Prior DOM-based Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 Sensitive Credentials Leakage in CP Plus KVMS Pro Versions 2.01.0.T.190521 and Prior Critical SQL Injection Vulnerability in Security Center 5.11.2 Hardware Inventory Report TIOCLINUX ioctl Vulnerability: Command Injection in Snaps on Virtual Consoles Insecure Password Validation in Download Manager WordPress Plugin Stored Cross-Site Scripting Vulnerability in Site Reviews WordPress Plugin Information Disclosure Vulnerability in DesignJet and PageWide XL TAA Compliant Models Cross-site Scripting (XSS) Vulnerability in tsolucio/corebos GitHub Repository Use After Free Vulnerability in Google Chrome Allows Remote Code Execution Heap Corruption via Malicious HID Device in WebHID in Google Chrome Heap Corruption Vulnerability in Google Chrome PDF Rendering Use After Free Vulnerability in ANGLE in Google Chrome Heap Corruption Vulnerability in GPU Video Processing in Google Chrome Use After Free Vulnerability in WebProtect in Google Chrome Heap Corruption Vulnerability in ANGLE in Google Chrome Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to 1.0.7 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.7 GitHub Repository answerdev/answer Prior to 1.0.6 Authentication Bypass Vulnerability Timing Discrepancy Vulnerability in GitHub repository answerdev/answer prior to 1.0.6 GitHub Repository answerdev/answer Prior to 1.0.6: Excessive Authentication Attempts Vulnerability GitHub Repository AnswerDev/Answer Prior to Version 1.0.6: Observable Response Discrepancy Vulnerability Critical Business Logic Errors in GitHub Repository answerdev/answer (prior to 1.0.6) Critical Business Logic Errors in GitHub Repository answerdev/answer (prior to 1.0.6) GitHub Repository answerdev/answer Prior to 1.0.6: Insufficient Session Expiration Vulnerability QEMU Vulnerability: Out-of-Bounds Read and Crash via Paravirtual RDMA Device SQL Injection Vulnerability in Teampass GitHub Repository (nilsteampassnet/teampass) Prior to Version 3.0.0.23 Reflected Cross-Site Scripting in MyCryptoCheckout WordPress Plugin SQL Injection Vulnerability in Elra Parkmatik Improper Privilege Management Vulnerability in EcoStruxure Control Expert (V15.1 and above) PHP Object Injection Vulnerability in Ad Inserter WordPress Plugin Sensitive Information Exposure in NGINX Agent Log Files Deserialization Vulnerability in ToolboxST Prior to Version 7.10 Stored Cross-Site Scripting Vulnerability in Quick Paypal Payments WordPress Plugin Vulnerability: Unauthorized API Access by Banned User in GitLab Critical SQL Injection Vulnerability in SourceCodester Judging Management System 1.0 (VDB-223549) Improper Access Controls in SourceCodester E-Commerce System 1.0 Critical Unrestricted File Upload Vulnerability in Simple and Beautiful Shopping Cart System 1.0 (VDB-223551) Unrestricted Upload Vulnerability in SourceCodester Storage Unit Rental Management System 1.0 Buffer Overflow Vulnerability in TinyTIFF 3.0.0.0 Unrestricted Upload Vulnerability in Simple Online Hotel Reservation System 1.0 Information Disclosure Vulnerability in Mattermost's /plugins/focalboard/api/v2/users API Call Critical SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (CVE-2021-223555) Critical SQL Injection Vulnerability in SourceCodester Air Cargo Management System 1.0 (VDB-223556) Cross-Site Scripting (XSS) Vulnerability in FeiFeiCMS 2.7.130201 Critical SQL Injection Vulnerability in SourceCodester Medical Certificate Generator App 1.0 (VDB-223558) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester E-Commerce System 1.0 Heap-based Buffer Overflow in syoyo tinydng (VDB-223562) Critical SQL Injection Vulnerability in DataGear up to 4.5.0 (VDB-223563) Cross-Site Scripting (XSS) Vulnerability in DataGear up to 1.11.1 (VDB-223564) Cross-Site Scripting Vulnerability in DataGear up to 1.11.1 (VDB-223565) Sensitive Information Disclosure in User Creation Feature of Devolutions Remote Desktop Manager Stored Cross-Site Scripting Vulnerability in Mega Main Menu Plugin for WordPress Critical SQL Injection Vulnerability in pimcore/pimcore GitHub Repository (prior to 10.5.19) Heap-Based Buffer Overflow in bfd_getl64 Function Denial of Service Vulnerability in Devolutions Gateway 2023.1.1 and Earlier Race Condition Vulnerability in Linux Kernel's Memory Management Sub-component NULL Pointer Dereference Vulnerability in io_file_bitmap_get in Linux Kernel Quarkus OIDC Vulnerability: Leakage of ID and Access Tokens in Authorization Code Flow TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File/Directory Deletion TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File Creation NULL Pointer Dereference Vulnerability in Avast and AVG Antivirus for Windows (Fixed in Version 22.11) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-223654) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-223655) Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Critical SQL Injection Vulnerability in novel-plus 3.6.2 (VDB-223662) Critical SQL Injection Vulnerability in novel-plus 3.6.2 (VDB-223663) Reflected Cross-Site Scripting Vulnerability in tagDiv Composer WordPress Plugin Unauthenticated Privilege Escalation in tagDiv Cloud Library WordPress Plugin Stored Cross-Site Scripting Vulnerability in Short URL Plugin for WordPress Entry Permission Bypass via ID Collision in Devolutions Server 2022.3.13 and Prior Versions Critical Denial of Service Vulnerability in GitHub Repository radareorg/radare2 (prior to 5.8.6) Critical SQL Injection Vulnerability in DictController.java (novel-plus 3.6.2) - VDB-223736 Critical SQL Injection Vulnerability in novel-plus 3.6.2 (VDB-223737) Critical SQL Injection Vulnerability in Zhong Bang CRMEB Java up to 1.3.4 (VDB-223738) Cross-Site Scripting (XSS) Vulnerability in Zhong Bang CRMEB Java up to 1.3.4 Critical SQL Injection Vulnerability in Rebuild up to 3.2.3 (VDB-223742) Use-After-Free Vulnerability in btrfs_search_slot in Linux Kernel Critical SQL Injection Vulnerability in Rebuild up to 3.2.3 (VDB-223743) Cross Site Scripting (XSS) Vulnerability in Rebuild up to 3.2.3 Stored Cross-Site Scripting Vulnerability in WP Custom Author URL WordPress Plugin SQL Injection Vulnerability in Ultimate Addons for Contact Form 7 Plugin for WordPress (Versions up to 3.1.23) Cross-Site Scripting (XSS) Vulnerability in XiaoBingBy TeaCMS up to 2.0.2 Authentication Bypass Vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server Modules) Mitsubishi Electric MELSEC WS Series WS0-GETH00200 Telnet Authentication Bypass Vulnerability WAGO Devices Multiple Versions Remote DoS Vulnerability Denial of Service Vulnerability in WAGO Devices with CODESYS V2 Runtime GitLab EE Vulnerability: Unauthorized Commit Access from Restricted IP Address CSRF Vulnerability in Custom Post Type UI WordPress Plugin Arbitrary Log File Deletion Vulnerability in WPCode WordPress Plugin OpenStack Heat Information Leak Vulnerability Critical Memory Corruption Vulnerability in Jianming Antivirus 16.2.2022.418 (VDB-224008) Denial of Service Vulnerability in Jianming Antivirus 16.2.2022.418 Null Pointer Dereference Vulnerability in Jianming Antivirus 16.2.2022.418 Critical Memory Corruption Vulnerability in JiangMin Antivirus 16.2.2022.418 (VDB-224011) Denial of Service Vulnerability in JiangMin Antivirus 16.2.2022.418 Null Pointer Dereference Vulnerability in JiangMin Antivirus 16.2.2022.418 (VDB-224013) OpenStack Barbican Local Authenticated Credentials Leak Vulnerability Critical Server-Side Request Forgery Vulnerability in OTCMS 6.72 Cross-Site Scripting (XSS) Vulnerability in OTCMS 6.72's AutoRun Function (CVE-2021-224017) Container Namespace Vulnerability in OpenStack Barbican: Data Exposure Risk in All-in-One Deployments Vulnerability in Linux Kernel X86 CPU Power Management Options Allows Unauthorized Memory Access via Speculative Execution Behavior Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224018) Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (CVE-2021-224019) Local Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224020) Local Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224022) Vulnerability in IObit Malware Fighter 9.4.0.776: Local Denial of Service in ImfHpRegFilter.sys Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224024) Local Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224025) Critical Stack-Based Buffer Overflow Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224026) Improper Access Control in calcom/cal.com GitHub Repository (prior to version 2.7) Stored Cross-Site Scripting Vulnerability in AI ChatBot WordPress Plugin Unauthenticated PHP Object Injection in AI ChatBot WordPress Plugin Unauthenticated Access and Cross-Site Scripting (XSS) Vulnerability in AI ChatBot WordPress Plugin Use-after-free vulnerability in nfsd4_ssc_setup_dul in Linux Kernel NFS Filesystem Critical Denial of Service Vulnerability in GitHub Repository gpac/gpac prior to 2.4.0 Heap-based Buffer Overflow in GPAC GitHub Repository Prior to Version 2.4.0 Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector Unauthenticated Stored XSS Vulnerability in AI ChatBot WordPress Plugin Stored Cross-Site Scripting Vulnerability in Display Post Meta, Term Meta, Comment Meta, and User Meta Plugin for WordPress Vulnerability: Forced Browsing Exposes Authenticated Resources in Coverity Versions Prior to 2023.3.2 Vulnerability: Certificate Validation Bypass in Keycloak Excessive Authentication Attempts Vulnerability in GitHub Repository linagora/twake prior to 0.0.0 Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 NULL Pointer Dereference Vulnerability in libssh during Re-keying with Algorithm Guessing Openvswitch IP Protocol 0 Handling Vulnerability SEOPress WordPress Plugin Unauthenticated PHP Object Injection Vulnerability Use After Free Vulnerability in Linux Kernel Xircom 16-bit PCMCIA Ethernet Driver Pre-Auth Command Injection Vulnerability in Sophos Web Appliance (<=4.3.10.4): Arbitrary Code Execution Race Condition Vulnerability in Tang Server Key Generation and Rotation Critical SQL Injection Vulnerability in SourceCodester School Registration and Fee System 1.0 (VDB-224231) Critical SQL Injection Vulnerability in SourceCodester School Registration and Fee System 1.0 Critical Memory Corruption Vulnerability in DriverGenius 9.70.0.346 (VDB-224233) Vulnerability in DriverGenius 9.70.0.346: Local Denial of Service in IOCTL Handler (VDB-224234) Critical Memory Corruption Vulnerability in DriverGenius 9.70.0.346 (VDB-224235) Critical Memory Corruption Vulnerability in DriverGenius 9.70.0.346 (VDB-224236) Xunrui CMS 4.61 Information Disclosure Vulnerability Xunrui CMS 4.61 Information Disclosure Vulnerability (VDB-224238) Remote Code Execution Vulnerability in Xunrui CMS 4.61 Remote Information Disclosure Vulnerability in Xunrui CMS 4.61 Unrestricted File Upload Vulnerability in HadSky 7.7.16 (VDB-224241) Critical Command Injection Vulnerability in HadSky up to 7.11.8 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Task Allocation System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 Exception Handling Vulnerability in Communication Framework: Impact on Feature Performance Unauthenticated Access to Window Management Module Allows for Confidentiality Breach File Privilege Escalation Vulnerability in Settings Module: Confidentiality Impact File Privilege Escalation Vulnerability in Settings Module: Confidentiality Impact Exception Handling Vulnerability in Communication Framework: Impact on Feature Performance Critical Vulnerability in Multimedia Video Module: Threat to Availability Improper Handling of Missing Values in Juniper Networks Junos OS Packet Forwarding Engine (PFE) Leads to Denial of Service (DoS) WAGO Multiple Products: Unauthenticated Remote Attackers Can Compromise Systems and Cause Denial of Service Forced Browsing Vulnerability in Rapid7 Nexpose Versions 6.6.186 and Below Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.20 Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.20 Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.20 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.20 Privilege Escalation and Functionality Bypass in Forcepoint F|One SmartEdge Agent on Windows Information Disclosure Vulnerability in HP Enterprise LaserJet and HP LaserJet Managed Printers with FutureSmart version 5.6 and IPsec Enabled Clipboard Command Execution Vulnerability Stack-based Buffer Overflow in Datalogics Library APDFL v18.0.4PlusP1e and Prior Sensitive Information Disclosure in GitLab: Unauthorized Access to Internal Notes Count Remote Authentication Vulnerability in FOXMAN-UN and UNEM Logging Component Hard-coded Security-relevant Constants Vulnerability in deepset-ai/haystack prior to 0.1.30 Arbitrary Code Execution via Insecure Temporary File Creation in Bitrix24 22.0.300 Arbitrary Code Execution via Unsafe Variable Extraction in Bitrix24 22.0.300 Bypassing XSS Sanitization in Bitrix24 22.0.300 via Logic Error in mb_strpos() Bitrix24 22.0.300 Invoice Edit Page Cross-Site Scripting (XSS) Vulnerability Prototype Pollution in Bitrix24 22.0.300: Remote Code Execution via Left Vertical Menu Script Denial-of-Service Vulnerability in Bitrix24 22.0.300 via Improper File Stream Access Unauthenticated Remote Code Execution and File Enumeration in Bitrix24 22.0.300 Arbitrary Code Execution via Lack of Mime Type Response Header in Bitrix24 22.0.300 Arbitrary Command Execution in Yoga Class Registration System v1.0 Arbitrary Command Execution in Yoga Class Registration System v1.0 SQL Injection Vulnerability in Veragroup Mobile Assistant Stored XSS Vulnerability in Faveo Helpdesk Enterprise version 6.0.1 Allows Privilege Escalation Infoline Project Management System: SSRF Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in Proliz OBS Allows Authenticated User to Execute Arbitrary Code Unrestricted File Upload Vulnerability in Fernus Informatics LMS Allows OS Command Injection and SSI Injection Heap-buffer-overflow Vulnerability in LibRaw's raw2image_ex() Function SQL Injection Vulnerability in SupportCandy WordPress Plugin Arbitrary Command Execution in Meinbergs LTOS Versions Prior to V7.06.013 Weakness in Randomness Sampling for Shared Secrets in Kyber and FrodoKEM Denial of Service Vulnerability in Prometheus Server bundled with GitLab Unrestricted Upload Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 (VDB-224622) Critical SQL Injection Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 Critical SQL Injection Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 (VDB-224624) Critical SQL Injection Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 (VDB-224625) Critical SQL Injection Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 (VDB-224626) Unrestricted File Upload Vulnerability in SourceCodester Simple and Beautiful Shopping Cart System 1.0 (VDB-224627) Critical SQL Injection Vulnerability in SourceCodester Air Cargo Management System 1.0 (VDB-224628) Remote SQL Injection Vulnerability in jeecg-boot 3.5.0 Critical SQL Injection Vulnerability in IBOS 4.5.5 Component: Report Search Cross-Site Scripting (XSS) Vulnerability in SourceCodester Grade Point Average GPA Calculator 1.0 Critical Unrestricted Upload Vulnerability in IBOS 4.5.5 Uncontrolled Search Path Vulnerability in KMPlayer 4.2.2.73 Cross-Site Scripting Vulnerability in Dreamer CMS up to 3.5.0 Critical SQL Injection Vulnerability in IBOS up to 4.5.4 (VDB-224635) Hard-coded Credentials in Nexx Smart Home Devices: Remote Access and Control Vulnerability Nexx Smart Home Devices: Lack of Access Control in API Execution Nexx Smart Home Devices: Lack of Access Control Allows Unauthorized Actions Insecure WebSocket Server Allows Unauthorized Access to Nexx Smart Home Devices Nexx Smart Home Devices Vulnerability: Unauthorized Registration via MAC Address Insecure Password Requirements in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Cross-Site Scripting (XSS) Vulnerability in GitHub repository thorsten/phpmyfaq prior to 3.1.12 Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Special Element Injection Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Cross-site Scripting Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Privilege Escalation in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13), IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) Wi-Fi Connection Setup Information Disclosure Vulnerability Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13), IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) Wi-Fi Connection Setup Information Disclosure Vulnerability SQL Injection Vulnerability in Akbim Computer Panon Reflected XSS Vulnerability in Akbim Computer Panon Version 1.0.2 and Earlier Stored XSS Vulnerability in Snyk Advisor's Package Health Page Insecure Symmetric Encryption in Tribe29 Checkmk Versions Information Disclosure Vulnerability in SourceCodester Grade Point Average GPA Calculator 1.0 Critical SQL Injection Vulnerability in SourceCodester Grade Point Average GPA Calculator 1.0 (CVE-2021-224671) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Grade Point Average GPA Calculator 1.0 Cross-Site Scripting (XSS) Vulnerability in DataGear up to 4.5.1 Critical Code Injection Vulnerability in Rockoa 2.3.2 Unvalidated Inviter Permission Vulnerability in Mattermost High Availability Configuration Vulnerability: Information Disclosure via User_Updated and Post_Deleted Events SVG Image File Upload Vulnerability in Mattermost Boards Mattermost API Vulnerability: Information Disclosure via createPost API Call Insecure Default Credentials in GajShield Data Security Firewall Firmware Sensitive Information Exposure Vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24, and Helmholz' myREX24 and myREX24.virtual (<=2.13.3) Reflected Cross-Site Scripting Vulnerability in Companion Sitemap Generator WordPress Plugin Unauthenticated Bypass of ACL Authorizations in HashiCorp Nomad and Nomad Enterprise Versions 1.5.0 - 1.5.2 Remote Code Execution in OrangeScrum version 2.0.11 via Unvalidated HTML Content Conversion Critical Remote Authentication Bypass Vulnerability in jeecg-boot 3.5.0 (VDB-224699) Critical SQL Injection Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 (VDB-224700) Cloud-init Log Exposure Vulnerability HTML Payload Triggering Search Timeout in GitLab Insufficient Session Expiration in GitHub Repository Firefly-III/Firefly-III Prior to 6 Improper Input Validation in Firefly III GitHub Repository Information Disclosure Vulnerability in SourceCodester Simple Task Allocation System 1.0 (VDB-224724) SQL Injection Vulnerability in SourceCodester Simple Task Allocation System 1.0 (CVE-2021-224743) Critical SQL Injection Vulnerability in SourceCodester Simple Mobile Comparison Website 1.0 Critical SQL Injection Vulnerability in SourceCodester Police Crime Record Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Police Crime Record Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Gadget Works Online Ordering System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Employee Payslip Generator 1.0 Unrestricted Upload Vulnerability in OTCMS 6.0.1 (VDB-224749) Cross-Site Scripting (XSS) Vulnerability in EyouCMS up to 1.5.4 (CVE-2021-224750) Cross-Site Scripting (XSS) Vulnerability in EyouCMS up to 1.5.4 (CVE-2021-224751) Critical Path Traversal Vulnerability in sjqzhang go-fastdfs up to 1.4.3 Out-of-Bounds Write Vulnerability in tcpdump 4.99.3 SMB Protocol Decoder Vulnerability: Insecure Fallback to HTTP in Docker Desktop Artifactory Integration Redline Router Firmware Authentication Bypass Vulnerability Reflected Cross-Site Scripting in Product Catalog Feed by PixelYourSite WordPress Plugin Reflected Cross-Site Scripting in Product Catalog Feed by PixelYourSite WordPress Plugin Reflected Cross-Site Scripting in WP Inventory Manager WordPress Plugin Cross-Site Request Forgery Vulnerability in Elementor Addons, Widgets and Enhancements – Stax Plugin for WordPress (up to version 1.4.3) Download Manager WordPress Plugin Information Leakage Vulnerability Heap Buffer Overflow in Visuals in Google Chrome Use After Free Vulnerability in Google Chrome Frames Out of Bounds Memory Access in DOM Bindings in Google Chrome File Access Bypass Vulnerability in Google Chrome Extensions Bypassing Download Checking in Safe Browsing in Google Chrome Use After Free Vulnerability in Google Chrome Networking APIs Navigation Spoofing Vulnerability in Google Chrome's Picture In Picture Feature Bypassing Navigation Restrictions in Google Chrome on Android Vulnerability: Use After Free in Vulkan in Google Chrome Out of Bounds Read Vulnerability in Google Chrome Accessibility Heap Buffer Overflow in Google Chrome Browser History Omnibox Content Hiding Vulnerability in Google Chrome Domain Spoofing Vulnerability in Google Chrome Bypassing Navigation Restrictions in FedCM in Google Chrome Unauthorized Disclosure of Issue Notes in GitLab EE Unrestricted Upload Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Centralized Covid Vaccination Records System 1.0 Use-After-Free Vulnerability in Linux Kernel Traffic Control Index Filter (tcindex) Allows Local Privilege Escalation Audit Logging in Mattermost Exposes User Passwords and Hashes Improper Access Control Flaw in Candlepin: Confidentiality and Availability Loss Authentication Bypass Vulnerability in DTS Electronics Redline Router Firmware (Version < 7.17) Vulnerability in Kinetix 5500 Drives: Unauthorized Access via Open Telnet and FTP Ports Reflected Cross-Site Scripting Vulnerability in Ninja Forms Contact Form WordPress Plugin Cross-Site Scripting Vulnerability in GitLab Allows HTML Rendering of XML Files in 'Raw' Mode Authentication Bypass Vulnerability in HYPR Server Legacy APIs Double fget vulnerability in vhost_net_set_backend in Linux kernel Stored Cross-Site Scripting Vulnerability in Product Addons & Fields for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in Sp*tify Play Button for WordPress Plugin CVE-2023-1841 Unauthenticated Permalink Structure Update Vulnerability in Metform Elementor Contact Form Builder Plugin Unauthenticated Email Functionality Access in Subscribe2 WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (CVE-2021-224985) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224986) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224987) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224988) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224989) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224990) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Payroll System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Payroll System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Payroll System 1.0 Remote Session Expiration Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (VDB-224994) Use-After-Free Vulnerability in xgene-hwmon Driver Allows for System Crash and Kernel Information Leak Critical SQL Injection Vulnerability in SourceCodester Air Cargo Management System 1.0 (VDB-224995) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Remote Information Disclosure Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 (VDB-224997) Use-After-Free Vulnerability in Xen Transport for 9pfs in Linux Kernel Cross-Site Scripting (XSS) Vulnerability in Keysight IXIA Hawkeye 3.3.16.28 Stored Cross-Site Scripting Vulnerability in Limit Login Attempts WordPress Plugin Remote Access Vulnerability in Cloudflare WARP Client for Windows (up to v2023.3.381.0) SQL Injection Vulnerability in Eskom Water Metering Software Path Traversal Vulnerability in FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and Prior Unauthenticated Deletion of YouTube Channels in YourChannel WordPress Plugin Cross-Site Request Forgery Vulnerability in YourChannel WordPress Plugin (up to 1.2.3) Cross-Site Request Forgery Vulnerability in YourChannel WordPress Plugin (up to 1.2.3) Unauthenticated Attackers Can Clear YourChannel Plugin Cache in WordPress Stored Cross-Site Scripting Vulnerability in YourChannel WordPress Plugin Cross-Site Request Forgery Vulnerability in YourChannel WordPress Plugin (up to version 1.2.3) Cross-Site Request Forgery Vulnerability in YourChannel WordPress Plugin (up to 1.2.3) Use-After-Free Vulnerability in Linux Kernel io_uring System SQL Injection Vulnerability in Faturamatik Bircard (before 23.04.05) Privilege Escalation Vulnerability in WP Data Access Plugin for WordPress Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Command Injection Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.3.3 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3.3 Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Improper Access Control in GitHub Repository: thorsten/phpmyfaq (prior to 3.1.12) Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 GitHub Repository Authentication Bypass Vulnerability in thorsten/phpmyfaq prior to 3.1.12 Critical Business Logic Errors in phpMyFAQ GitHub Repository (prior to 3.1.12) Arbitrary User Password Reset Vulnerability in Directorist Plugin for WordPress Insecure Direct Object Reference vulnerability in Directorist WordPress Plugin (up to version 7.5.4) allows arbitrary post deletion Reflected Cross-Site Scripting in Tablesome WordPress Plugin Reflected Cross-Site Scripting in Accordion & FAQ WordPress Plugin before 1.9.9 Reflected Cross-site Scripting (XSS) Vulnerability in Sidekiq GitHub Repository Reflected Cross-Site Scripting Vulnerability in Login Configurator WordPress Plugin Puppet Server 7.9.2 Certificate Validation ReDoS Vulnerability Server Side Request Forgery (SSRF) Vulnerability in Getwid – Gutenberg Blocks Plugin for WordPress Insecure Storage of Login Credentials in Atlas Copco Power Focus 6000 Web Server Session ID Number Exposure in Atlas Copco Power Focus 6000 Web Server Insecure Default Connection in Atlas Copco Power Focus 6000 Web Server Avira Network Protection Overflow Vulnerability Bluetooth HCI Host Layer Logic Vulnerability Bluetooth HCI Host Layer Logic Vulnerability: Dangling Reference and Potential RCE Unauthorized Access to Restricted Header Data in SAP HCM Fiori App My Forms (Fiori 2.0) - version 605 Clear Text Logging of OpenID Client Secret in Octopus Server Configuration Stored Cross-Site Scripting Vulnerability in WP Popups WordPress Plugin Heap-based Buffer Overflow in ImageMagick's ImportMultiSpectralQuantum() Function Critical SQL Injection Vulnerability in SourceCodester Simple Mobile Comparison Website 1.0 (VDB-225150) Critical SQL Injection Vulnerability in PHPGurukul BP Monitoring Management System 1.0 Insufficient Capability Check in Getwid – Gutenberg Blocks Plugin for WordPress Allows Unauthorized Data Modification Unrestricted Access to Draft Posts via Blocksy Companion WordPress Plugin Stored Cross-Site Scripting Vulnerability in Limit Login Attempts WordPress Plugin (Versions up to 1.7.1) Stored Cross-Site Scripting Vulnerability in Maps Widget for Google Maps for WordPress Reflected Cross-Site Scripting Vulnerability in Thumbnail Carousel Slider WordPress Plugin Out-of-Bounds Read Vulnerability in tiffcrop Stored Cross-Site Scripting Vulnerability in PowerPress WordPress Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Unauthorized Data Modification in WP Fastest Cache Plugin Vulnerability: Unauthorized Data Modification in WP Fastest Cache Plugin Vulnerability: Unauthorized Data Deletion in WP Fastest Cache Plugin Vulnerability: Unauthorized Data Loss in WP Fastest Cache Plugin Critical Unauthenticated PostgreSQL Injection Vulnerability in PnPSCADA System Authentication Bypass Vulnerability in ROC800-Series RTU Devices: Unauthorized Access and Denial-of-Service Risk Email Address Leakage in GitLab Service Desk Issue Creation Cross-Site Request Forgery (CSRF) Vulnerability in zhenfeng13 My-Blog Blind SSRF Vulnerability in WP Fastest Cache WordPress Plugin Insecure Access Control for OTP Keys in Devolutions Remote Desktop Manager Critical SQL Injection Vulnerability in SourceCodester Simple and Beautiful Shopping Cart System 1.0 Critical SQL Injection Vulnerability in SourceCodester Simple and Beautiful Shopping Cart System 1.0 (VDB-225317) Unrestricted Upload Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical Privilege Escalation Vulnerability in kOps GCE/GCP Provider in Gossip Mode Default Password Vulnerability in Minikube Container Allows Unauthorized SSH Access Memory Corruption and Exploitable Crash Vulnerability in Thunderbird and Firefox ESR Cross-Site Scripting (XSS) Vulnerability in SourceCodester Survey Application System 1.0 Critical Code Injection Vulnerability in taoCMS 3.0.2 (VDB-225330) Cross-Site Scripting (XSS) Vulnerability in PHPGurukul BP Monitoring Management System 1.0 Critical SQL Injection Vulnerability in PHPGurukul BP Monitoring Management System 1.0 Critical SQL Injection Vulnerability in PHPGurukul BP Monitoring Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (CVE-2021-225338) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225341) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225342) Critical Path Traversal Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225345) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225346) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Best Online News Portal 1.0 Critical SQL Injection Vulnerability in PHPGurukul Bank Locker Management System 1.0 (VDB-225359) Critical SQL Injection Vulnerability in PHPGurukul Bank Locker Management System 1.0 Vulnerability: Unauthorized Access Tokens in GitLab EE Group SAML SSO Remote Code Execution Vulnerability in Illumina Universal Copy Service Deserialization Vulnerability in Keysight N8844A Data Analytics Web Service Vulnerability: Unrestricted IP Address Binding in Illumina Universal Copy Service v2.x Critical SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0 Unrestricted Upload Vulnerability in yuan1994 tpAdmin 1.3.12 (Unsupported) Server-side Request Forgery (SSRF) Vulnerability in yuan1994 tpAdmin 1.3.12 (Unsupported) Heap-based Buffer Overflow in _bfd_elf_slurp_version_tables() in bfd/elf.c Metadata Exposure in GitHub Repository answerdev/answer prior to 1.0.8 GitHub Repository answerdev/answer Prior to 1.0.8 Allows Insertion of Sensitive Information into Sent Data GitHub Repository Vulnerability: Password Aging with Long Expiration in answerdev/answer (prior to 1.0.6) Unvalidated URL Input in Booking Manager WordPress Plugin Allows SSRF Attacks Reflected Cross-Site Scripting Vulnerability in ShiftController Employee Shift Scheduling Plugin for WordPress Vulnerability: Bypassing Password Protection in Web Stories for WordPress Plugin Two-Factor Authentication Bypass in Devolutions Remote Desktop Manager 2022.3.35 and Earlier Avahi Library Vulnerability: Unprivileged User Can Crash Daemon via DBus Call Stored Cross-Site Scripting Vulnerability in Front Editor WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 (VDB-225530) Critical SQL Injection Vulnerability in SourceCodester Complaint Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (CVE-2021-225533) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225534) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Use-after-free vulnerability in btsdio_remove function in Linux Kernel Use-After-Free Vulnerability in ndlc_remove Function of Linux Kernel Denial of Service Vulnerability in Wireshark RPCoRDMA Dissector (Versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12) LISP Dissector Denial of Service Vulnerability GQUIC Dissector Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Additional Function, and HiRDB Structured Data Access Facility Reflected Cross-site Scripting (XSS) Vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x OS Command Injection Vulnerability in SIMULIA 3DOrchestrate Vulnerability: Incomplete Spectre-BTI Mitigation in Linux Kernel Use After Free/Double Free Vulnerability in libwebp Mattermost Desktop App Server Redirection Vulnerability SSRF Vulnerability in Cisco TelePresence CE and RoomOS Software Allows Bypass of Access Controls Social Login Bypass Vulnerability in Cisco Business Wireless Access Points Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Hardware-based SSL/TLS Cryptography Vulnerability in Cisco ASA and FTD Software Title: Arbitrary Code Execution and DoS Vulnerability in Cisco Small Business RV340, RV340W, RV345, and RV345P Routers Local File Overwrite Vulnerability in Cisco TelePresence CE and RoomOS Software Privilege Escalation Vulnerability in Cisco Secure Email Gateway and Secure Email and Web Manager Vulnerability: Spoofing of Protected Tags in GitLab CE/EE SQL Injection Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cross-Site Request Forgery Vulnerability in Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller Cisco Nexus 9300-FX3 Series Fabric Extender CLI Console Login Bypass Vulnerability Arbitrary Command Execution Vulnerabilities in Cisco Intersight Private Virtual Appliance Cisco Nexus Dashboard Software DNS Denial of Service Vulnerability Command Injection Vulnerability in Cisco Firepower and UCS Series Decryption Vulnerability in Cisco UCS Manager and FXOS Software Backup Configuration Arbitrary Command Execution Vulnerabilities in Cisco Intersight Private Virtual Appliance Authentication Bypass Vulnerability in Cisco IP Phone 7800 and 8800 Series Phones Cross-Site Scripting (XSS) Vulnerability in Cisco BroadWorks Web Management Interface Unauthenticated Execution of Management Commands in Linux Kernel Bluetooth HCI Sockets Implementation Improper Input Validation in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform: Denial of Service Vulnerability Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Authentication Bypass Vulnerability in Cisco Small Business RV042 Series Routers Arbitrary Command Injection Vulnerability in Cisco Small Business Routers RV042 Series Cisco IOS XE Software IPv4 Virtual Fragmentation Reassembly Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco AsyncOS Software for Secure Email and Web Manager Root Privilege Escalation Vulnerability in Cisco IOS XE Software's Meraki Onboarding Feature Base64-encoded malicious code vulnerability in Vision1210 OS v4.3 Build 5, allowing remote code execution via PCOM protocol. Cisco Identity Services Engine (ISE) Web Management Interface XXE Vulnerability SSL/TLS Certificate Handling Vulnerability in Snort 3 Integration with Cisco Firepower Threat Defense Software Heap Buffer Overflow Vulnerability in ClamAV's HFS+ Partition File Parser Cisco Catalyst Switches Denial of Service Vulnerability Elasticsearch Database Access Vulnerability in Cisco SD-WAN vManage Software Arbitrary Command Execution Vulnerability in Cisco IOS XE SD-WAN Software Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Industrial Network Director Static Secret Key Vulnerability in Cisco Industrial Network Director Vulnerability in NETCONF Service of Cisco Network Services Orchestrator (NSO) Allows Remote DoS Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco AnyConnect SSL VPN Feature Privilege Escalation Vulnerability in Cisco CX Cloud Agent Privilege Escalation Vulnerability in Cisco CX Cloud Agent Arbitrary Command Execution Vulnerability in Cisco Small Business RV160 and RV260 Series VPN Routers Privilege Escalation via Key-based SSH Authentication in Cisco StarOS Software Denial of Service Vulnerability in Cisco Webex Room Phone and Cisco Webex Share Devices Unauthorized Configuration Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Software Cisco IOS XR Software BFD Hardware Offload DoS Vulnerability Privilege Escalation Vulnerability in Tenable Tenable.Io, Nessus, and Security Center Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Denial of Service (DoS) Vulnerability in Cisco Packet Data Network Gateway (PGW) ClamAV DMG File Parser XML External Entity Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Nexus Dashboard Web Interface Privilege Escalation Vulnerability in Cisco DNA Center Management API Cisco Access Point Management CLI Denial of Service Vulnerability Bypassing URL Reputation Filters in Cisco Email Security Appliance Cisco Unified Intelligence Center Web-Based Management Interface Reflected XSS Vulnerability Cisco DNA Center PnP Agent Vulnerability: Unauthorized Access to Sensitive Information Race Condition Vulnerability in Linux Kernel's RxRPC Network Protocol Cisco Unified Intelligence Center: Multiple Vulnerabilities Allowing Information Disclosure and SSRF Attacks Cisco Unified Intelligence Center: Multiple Vulnerabilities Allow Information Disclosure and SSRF Attack Vulnerability: Command Execution with Root Privileges in Cisco Firepower Inter-Device Communication Unauthenticated Access to Sensitive Files via GRUB Bootloader in Cisco IOS XR Software Privilege Escalation Vulnerability in Cisco IOx Application Hosting Subsystem Directory Traversal Vulnerability in Cisco IOS XE Software Web UI Denial of Service Vulnerability in Cisco IOS XE Software for Wireless LAN Controllers Cisco Prime Infrastructure Software Reflected XSS Vulnerability Stored XSS Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Web Interface Privilege Escalation and Arbitrary Code Execution in DPT I2O Controller Driver Cisco Firepower Threat Defense (FTD) Software TLS 1.3 Logic Error Denial of Service Vulnerability Vulnerability: Bypassing FTP Inspection in Cisco Products Fragmentation Handling Code Vulnerability in Cisco IOS XE Software Arbitrary File Upload Vulnerability in Cisco RV340, RV340W, RV345, and RV345P Routers Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary Command Execution Vulnerability in Cisco Secure Email Gateway CLI Arbitrary Command Execution Vulnerability in Cisco IOx Application Hosting Environment Arbitrary File Download Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Arbitrary Code Execution and DoS Vulnerabilities in Cisco IP Phone Web Interface Arbitrary Code Execution and DoS Vulnerabilities in Cisco IP Phone Web Interface Linux Kernel udmabuf Device Driver Memory Access Vulnerability Cisco IOS and IOS XE Software: Denial of Service Vulnerability in IPv6 DHCPv6 Relay and Server Features IPv6 DHCPv6 Client Module Denial of Service Vulnerability Vulnerability in Cisco Catalyst 9300 Series Switches: Persistent Code Execution at Boot Time ICMPv6 Inspection Denial of Service Vulnerability Timing Issue Exploit in Cisco Secure Endpoint for Windows with Windows Folder Redirection Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Cisco ASA and FTD Software Denial of Service Vulnerability in ICMPv6 Processing Arbitrary File Download Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Denial of Service Vulnerability in Cisco Finesse VPN-less Reverse Proxy Cisco Nexus 9000 Series Fabric Switches LLDP Memory Leak Vulnerability Stored Cross-Site Scripting Vulnerability in Pretty Url WordPress Plugin Denial of Service Vulnerability in Cisco ASA and FTD Software Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Contact Center Express (Unified CCX) Web Interface Arbitrary Command Injection Vulnerability in Cisco Access Points Software Arbitrary File Deletion Vulnerability in Cisco SDWAN vManage Software Race Condition Vulnerability in Forminator WordPress Plugin Allows Multiple Votes on Polls CAPWAP AP Joining Process Denial of Service Vulnerability Root Account Default Credentials Vulnerability in Cisco Emergency Responder Arbitrary Code Execution Vulnerability in Cisco Secure Network Analytics Arbitrary Code Execution Vulnerability in Cisco Secure Network Analytics Cross-Site Scripting (XSS) Vulnerability in Cisco Webex App for Web File Upload Functionality Privilege Escalation Vulnerability in Cisco Expressway Series and Cisco TelePresence VCS Arbitrary File Deletion and Reading Vulnerabilities in Cisco Identity Services Engine (ISE) Vulnerability: Insufficient Entropy in DRBG for Cisco ASA and FTD Firewalls Denial of Service Vulnerability in Cisco Unified Communications Manager IM & Presence Service GET VPN Vulnerability: Remote Code Execution and Denial of Service SQL Injection Vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) Web Interface Cisco Identity Services Engine (ISE) Web Management Interface Information Disclosure Vulnerability Title: Cisco Access Point Software Vulnerability Allows for Denial of Service Attack Title: Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability Arbitrary File Download Vulnerability in Cisco Firepower Management Center (FMC) Software Vulnerability in Cisco Nexus 3000 and 9000 Series Switches: Unauthorized File Access Insufficient Validation of User-Supplied Input in Cisco Unified Communications Manager: Denial of Service Vulnerability Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Arbitrary Command Execution Vulnerability in Cisco Small Business Routers Cross-Site Scripting (XSS) Vulnerability in Cisco Secure Email and Web Manager Cross-Site Scripting (XSS) Vulnerabilities in Cisco AsyncOS Software for Secure Email and Web Manager Privilege Escalation Vulnerabilities in Cisco EPNM, ISE, and Prime Infrastructure Restricted Shell Privilege Escalation Vulnerabilities in Cisco EPNM, ISE, and Prime Infrastructure Restricted Shell Replay Attack Vulnerability in Cisco Duo Two-Factor Authentication for macOS and Windows Arbitrary Command Execution Vulnerability in Cisco Small Business Routers Unauthenticated Remote Code Execution Vulnerability in Cisco SPA112 2-Port Phone Adapters Multiple Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Web-Based Management Interface Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV320 and RV325 Routers Multiple Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Web-Based Management Interface GitLab CE/EE Vulnerability: Social Engineering Exploit for Cloning Non-Trusted Code Multiple Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Web-Based Management Interface Multiple Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Web-Based Management Interface Stored Cross-Site Scripting (XSS) and Arbitrary File Upload Vulnerabilities in Cisco Webex Meetings Stored XSS Vulnerability in Cisco Webex Meetings Web Interface Stored Cross-Site Scripting (XSS) and Arbitrary File Upload Vulnerabilities in Cisco Webex Meetings Cisco IOS XR Software Image Verification TOCTOU Race Condition Vulnerability Improper Role-Based Access Control in Cisco Secure Workload OpenAPI Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-site Scripting (XSS) Vulnerability in Microweber GitHub Repository Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Reflected XSS Vulnerability in GitLab CE/EE Versions 15.8 - 16.0.2 Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Firepower Management Center (FMC) Software API Rate-Limiting Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Command Injection and Privilege Escalation Vulnerabilities in Cisco Identity Services Engine (ISE) Command Injection and Privilege Escalation Vulnerabilities in Cisco Identity Services Engine (ISE) Path Traversal Vulnerabilities in Cisco Identity Services Engine (ISE) Path Traversal Vulnerabilities in Cisco Identity Services Engine (ISE) Denial of Service Vulnerability in TACACS+ and RADIUS Remote Authentication for Cisco NX-OS Software IS-IS Protocol Denial of Service Vulnerability Server-side Template Injection (SSTI) in Shopware 6 allows Remote Code Execution Cisco ISE CLI Command Injection Vulnerability Arbitrary File Deletion and Reading Vulnerabilities in Cisco Identity Services Engine (ISE) Arbitrary File Deletion and Reading Vulnerabilities in Cisco Identity Services Engine (ISE) Cisco Identity Services Engine (ISE) Web Management Interface File Read and SSRF Vulnerabilities Cisco Identity Services Engine (ISE) Web Management Interface File Read and SSRF Vulnerabilities Cisco ISE CLI Command Injection Vulnerability Cisco Access Point Software Denial of Service Vulnerability Vulnerability in SSL File Policy Implementation of Cisco Firepower Threat Defense Software Allowing Snort 3 Detection Engine Restart Privilege Escalation Vulnerability in Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows HTML Injection Vulnerability in Cisco Catalyst SD-WAN Manager Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Webex Meetings Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business SPA500 Series IP Phones Vulnerabilities in Cisco DNA Center API: Unauthorized Access and Command Execution Vulnerabilities in Cisco DNA Center API: Unauthorized Access and Command Execution Vulnerabilities in Cisco DNA Center API: Unauthorized Access and Command Execution Unauthenticated Remote Attack on Cisco ACI Multi-Site CloudSec Encryption SCP Command Authorization Bypass Vulnerability Cisco ASR 1000 Series Aggregation Services Routers Multicast Leaf Recycle Elimination (mLRE) Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business Switches Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Improper Reference Count Management in Linux Kernel's netdevsim Device Driver Leads to Denial of Service Vulnerability Vulnerability in Cisco IOS XR Software ACL Compression Feature ACL Bypass Vulnerability in Cisco IOS XR Software on MPLS Interfaces Privilege Escalation Vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) Privilege Escalation Vulnerability in Cisco ISE ESR Console Privilege Escalation Vulnerability in Cisco ISE ERS API Arbitrary File Upload Vulnerabilities in Cisco ISE Arbitrary File Upload Vulnerabilities in Cisco ISE HFS+ Filesystem Image Parser Denial of Service Vulnerability Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Cisco Duo Two-Factor Authentication for macOS Vulnerability: Bypassing Secondary Authentication Unauthorized Users Can Schedule Downtimes for Any Host in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) Cisco SNMP Service Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Cisco IOS XE Software for Wireless LAN Controllers: Denial of Service Vulnerability in wncd Stored Cross-Site Scripting Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Cross-Site Scripting (XSS) Vulnerability in Cisco BroadWorks CommPilot Application Software Stored Cross-Site Scripting Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Clear Text Credential Exposure in Cisco Duo Authentication Proxy Logging Cisco ISE Web Management Interface XSS Vulnerability Command Injection Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.3 Privilege Escalation Vulnerability in Cisco BroadWorks SQL Injection Vulnerability in Cisco Unified Communications Manager and Session Management Edition AutoIt Module Denial of Service Vulnerability in ClamAV Cisco ISE CDP Processing Denial of Service Vulnerability Title: Cisco SD-WAN vManage REST API Authentication Validation Vulnerability Bypassing Rule-Based Traffic Blocking in Cisco Secure Web Appliance Privilege Escalation Vulnerability in Cisco BroadWorks Server Privilege Escalation Vulnerability in Cisco ThousandEyes Enterprise Agent CLI Cisco SPA500 Series ATA Web Management Interface Cross-Site Scripting Vulnerability Arbitrary Command Execution Vulnerabilities in Cisco Firepower Management Center (FMC) Software Vulnerability: Unauthorized Creation of Pipeline Schedules on Protected Branches Arbitrary Command Execution Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Request Forgery Vulnerability in Cisco IP Phone Series with Multiplatform Firmware Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure and Cisco EPNM Web Interface Insufficient Access Control Enforcement in Cisco DNA Center API Requests Privilege Escalation Vulnerability in Cisco ThousandEyes Enterprise Agent Denial of Service (DoS) Vulnerability in Cisco IOS XE Software Denial of Service Vulnerability in Cisco IOS XE Software's L2TP Feature Cisco IMC Web Interface Cross-Site Scripting Vulnerability Directory Traversal Vulnerability in Cisco Duo Device Health Application for Windows Reflected Cross-Site Scripting in Custom 404 Pro WordPress Plugin Vulnerability: Unauthorized Access to Non-Tenant Policies in Cisco APIC Injection Attack Vulnerability in Cisco IOS XE Software Web UI Tomcat Implementation Web Cache Poisoning Vulnerability in Cisco Unified CCX Cisco IOS XR Software Connectivity Fault Management (CFM) Denial of Service Vulnerability Vulnerability: Unvalidated Parameters in Cisco FXOS CLI Allows File Manipulation Privileged Docker Container Access Vulnerability in Cisco IOx Application Hosting Infrastructure Unverified Software Image Installation Vulnerability in Cisco IOS XR Software Unauthenticated Access to Internal HTTP Services in Cisco Intersight Virtual Appliance Forged Credential Vulnerability in Cisco BroadWorks SSO Implementation Unauthenticated Access Vulnerability in OpenBlue Enterprise Manager Data Collector Denial of Service Vulnerabilities in Cisco Secure Client Software Denial of Service Vulnerabilities in Cisco Secure Client Software Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager Vulnerability in RADIUS Message Processing Feature of Cisco Identity Services Engine (ISE) Denial of Service Vulnerability in Cisco Firepower Threat Defense Software for Firepower 2100 Series Firewalls Bypassing Access Control Lists in Cisco ASA and FTD Software Cisco Products Vulnerable to Snort Access Control Bypass Vulnerability Bypassing Multiple Certificate Authentication Policy in Cisco ASA and FTD Software CVE-2023-20248 CVE-2023-20249 Sensitive Information Exposure in OpenBlue Enterprise Manager Data Collector Arbitrary Code Execution Vulnerability in Cisco Small Business RV Routers Memory Leak Vulnerability in Cisco Wireless LAN Controller (WLC) AireOS Software Leading to Device Reboot Cisco Catalyst SD-WAN Manager Software SAML API Authentication Bypass Vulnerability Authorization Bypass Vulnerability in Cisco SD-WAN vManage CLI Management Interface Session Management Vulnerability in Cisco Catalyst SD-WAN Manager Multi-Tenant Feature Insufficient Validation of HTTP Requests in Cisco Meeting Server Web Bridge API: Denial of Service Vulnerability Bypassing Access Control Lists in Cisco ASA and FTD Software Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure Web Interface Arbitrary Command Execution Vulnerability in Cisco Prime Infrastructure High CPU Utilization Vulnerability in Cisco Unified Communications Products Stored Cross-Site Scripting (XSS) Vulnerability in Image Protector WordPress Plugin Privilege Escalation Vulnerability in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager CLI Arbitrary File Retrieval Vulnerability in Cisco Catalyst SD-WAN Manager Title: Cisco Catalyst SD-WAN Manager SSH Service DoS Vulnerability Cisco HyperFlex HX Data Platform Web Interface Open Redirect Vulnerability SAML 2.0 Single Sign-On Vulnerability in Cisco ASA and FTD Software Cisco IP Phones Web Management Interface XSS Vulnerability Privilege Escalation Vulnerability in Cisco Unified Communications Software IP Geolocation Rules Bypass Vulnerability in Snort 3 Resource Exhaustion Vulnerability in Cisco Access Point Software Vulnerability in Cisco ASA and FTD Software Allows Brute Force Attacks and Unauthorized SSL VPN Sessions Authentication Bypass Vulnerability in ZM Ajax Login & Register WordPress Plugin (Versions up to 2.0.2) SMB Protocol Preprocessor Bypass and DoS Vulnerability in Cisco Firepower Threat Defense Software SQL Injection Vulnerability in Cisco Prime Infrastructure and Cisco EPNM Web Management Interface Cisco Identity Services Engine Web Interface File Upload Vulnerability Command Injection Vulnerability in Cisco IOS XE Software Privilege Escalation Vulnerability in Cisco AppDynamics PHP Agent Installer Impersonation Vulnerability in Cisco AnyConnect SSL VPN Feature Stored Cross-Site Scripting (XSS) Vulnerability in Call Now Accessibility Button WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in PrePost SEO WordPress Plugin Vulnerability: Metadata Modification in Signed Commits in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in Locatoraid Store Locator Plugin for WordPress Multiple SQL Injection Vulnerabilities in Custom 404 Pro WordPress Plugin Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit Unrestricted File Upload Vulnerability in froxlor/froxlor prior to 2.0.14 Critical SQL Injection Vulnerability in Campcodes Video Sharing Website 1.0 (VDB-225913) Critical SQL Injection Vulnerability in Campcodes Video Sharing Website 1.0 (VDB-225914) Critical SQL Injection Vulnerability in Campcodes Video Sharing Website 1.0 (VDB-225915) Critical SQL Injection Vulnerability in Campcodes Video Sharing Website 1.0 (VDB-225916) Critical SQL Injection Vulnerability in novel-plus 3.6.2 (VDB-225917) Critical SQL Injection Vulnerability in novel-plus 3.6.2 Critical SQL Injection Vulnerability in novel-plus 3.6.2 Remote Code Execution Vulnerability in DataGear up to 4.5.1 SQL Injection Vulnerability in Control iD RHiD 23.3.19.0 Edit Handler Cross-Site Scripting (XSS) Vulnerability in Control iD iDSecure 4.7.29.1 SQL Injection Vulnerability in Ipekyolu Software Auto Damage Tracking Software SQL Injection Vulnerability in Yontem Informatics Vehicle Tracking System (Version < 8) Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (VDB-225932) Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (VDB-225933) Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (VDB-225934) Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 Use-After-Free Vulnerability in SNP Guest Context Page Management Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 Improper Access Control in ASP Bootloader: Stack-Based Buffer Overrun Vulnerability TOCTOU Vulnerability in ASP Bootloader: Tampering with SPI ROM Records Insufficient Input Validation in ASP Allows for Denial of Service via Malicious BIOS ASP TOCTOU Vulnerability: Buffer Bounds Write and Integrity Loss ASP Out of Bounds Write Vulnerability ASP Bootloader: Insufficient Syscall Input Validation Vulnerability ASP Bootloader Vulnerability: Insufficient Input Validation Exposes Memory Contents Out-of-Bounds Memory Read Vulnerability in ASP Bootloader SMU Memory Exfiltration Vulnerability SMU Vulnerability: Insufficient Bound Checks Leading to Denial of Service Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (CVE-2021-225938) BIOS Mailbox Message Input Validation Vulnerability SMU Vulnerability: Insufficient Bound Checks Leading to Denial of Service SMU Input Validation Vulnerability: Resource Locking Denial of Service DRAM Address Validation Vulnerability in SMU Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (VDB-225939) Cross-Site Scripting (XSS) Vulnerability in Campcodes Advanced Online Voting System 1.0 Arbitrary Code Execution Vulnerability in CpmDisplayFeatureSmm Insufficient Validation of IOCTL Input Buffer in AMD μProf: Windows Denial of Service Vulnerability Privilege Escalation Vulnerability in AmdCpmOemSmm Privilege Escalation through Insufficient Control Flow Management in AmdCpmGpioInitSmm Critical Code Injection Vulnerability in DedeCMS up to 5.7.87 (CVE-2021-225941) Insufficient Validation of IOCTL Input Buffer in AMD Ryzen™ Master: Windows Crash and Denial of Service Vulnerability Insufficient Validation of IOCTL Input Buffer in AMD μProf: Windows Denial of Service Vulnerability Insufficient Validation in AMD uProf IOCTL Input Buffer Allows Arbitrary Kernel Execution SMM Code Vulnerability: Local Privilege Escalation Insufficient Validation in AMD Ryzen™ Master IOCTL Input Buffer: Confidentiality Loss and Arbitrary Kernel Execution Vulnerability SMM Code Vulnerability: Local Privilege Escalation Address Validation Vulnerability in ASP with SNP Enabled Improper Signature Verification in RadeonTM RX Vega M Graphics Driver for Windows Improper Signature Verification in RadeonTM RX Vega M Graphics Driver for Windows AMD CPU Side Channel Vulnerability: Exploiting Return Address Prediction for Information Disclosure Cross-Site Scripting (XSS) Vulnerability in EyouCms 1.5.4 Configuration State Machine Vulnerability Race Condition Vulnerability in SMM Code: CVE-2018-8897 Debug Exception Delivery Vulnerability in SEV-SNP Guests Power Side-Channel Vulnerability in AMD Processors: Potential Leak of Sensitive Information AMD SPI Protection Feature Vulnerability Cross-Site Scripting (XSS) Vulnerability in EyouCms up to 1.6.2 Power Side-Channel Vulnerability in AMD Processors: Potential Leak of Sensitive Information Escalation of Privilege Vulnerability in Radeon™ Software Crimson ReLive Edition SMM Access Control Vulnerability: Potential Arbitrary Code Execution via SPI Flash Access Speculative Data Leakage Vulnerability on AMD Processors Voltage Fault Injection Attack on ASP Secure Boot: Exploiting Device Vulnerability for Arbitrary Code Execution Path Traversal Vulnerability in DedeCMS 5.7.87 (VDB-225944) INVD Instruction Vulnerability in AMD CPUs: Potential Memory Integrity Loss in Guest Virtual Machines Zen 2 CPU Vulnerability: Potential Information Disclosure under Microarchitectural Circumstances DXE Driver Variable Initialization Vulnerability SMM Supervisor Vulnerability: Exploitable Input Validation Issue DXE Driver Vulnerability: Improper Variable Initialization Allows Local Information Leakage Improper Privilege Management in AMD Radeon™ Graphics Driver Allows for Arbitrary Code Execution FTP Weak Password Requirements Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R and iQ-F EtherNet/IP Modules Integer Overflow Vulnerability in ged: Local Privilege Escalation without User Interaction (Patch ID: ALPS07494107; Issue ID: ALPS07494107) Potential Out of Bounds Write Vulnerability in ged (Patch ID: ALPS07494067; Issue ID: ALPS07494067) Out of Bounds Read Vulnerability in keyinstall Possible Out of Bounds Read Vulnerability in apusys Race condition vulnerability in ccu allows for local privilege escalation Race condition vulnerability in display drm allows for local privilege escalation Possible Out of Bounds Read Vulnerability in CCU Hard-coded Password Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R and iQ-F EtherNet/IP Modules Race condition vulnerability in display drm allows for local privilege escalation Race Condition Vulnerability in GPU: Local Privilege Escalation without User Interaction Out of Bounds Write Vulnerability in RIL Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Type Confusion Vulnerability in ion: Local Privilege Escalation without User Interaction (Patch ID: ALPS07560720; Issue ID: ALPS07560720) Possible Memory Corruption Vulnerability in VCU with Local Privilege Escalation Possible Memory Corruption Vulnerability in VCU with Local Privilege Escalation Password Exposure Vulnerability in Mitsubishi Electric EtherNet/IP Configuration Tools Possible Escalation of Privilege Vulnerability in adsp Out of Bounds Write Vulnerability in tinysys Improper Locking Vulnerability in ion: Local Escalation of Privilege without User Interaction Out of Bounds Write Vulnerability in Vow (Patch ID: ALPS07628530; Issue ID: ALPS07628530) Race condition vulnerability in adsp allows for local privilege escalation Possible Out of Bounds Write Vulnerability in msdc Out of Bounds Write Vulnerability in pqframework Uncaught Exception in Thermal Leads to Local Privilege Escalation Unrestricted File Upload Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R and iQ-F EtherNet/IP Modules USB Out of Bounds Write Vulnerability USB Out of Bounds Write Vulnerability USB Out of Bounds Write Vulnerability Widevine Vulnerability: Out of Bounds Write Exploit for Local Privilege Escalation Integer Overflow Vulnerability in keyinstall Out of Bounds Write Vulnerability in Display DRM Out of Bounds Write Vulnerability in RIL Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Out of Bounds Write Vulnerability in RIL SQL Injection Vulnerability in Minova Technology eTrace (before 23.05.20) Out of Bounds Write Vulnerability in RIL Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Out of Bounds Write Vulnerability in RIL Out of Bounds Write Vulnerability in RIL Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Possible Out of Bounds Read Vulnerability in RIL Out of Bounds Read Vulnerability in RIL with Local Information Disclosure User-Controlled Key Authorization Bypass Vulnerability in Armoli Technology Cargo Tracking System Possible Out of Bounds Write Vulnerability in apu Possible Out of Bounds Read Vulnerability in apu Out of Bounds Write Vulnerability in keyinstall Out of Bounds Write Vulnerability in keyinstall Out of Bounds Write Vulnerability in keyinstall Parcel Format Mismatch Vulnerability in mmsdk Allows for Local Code Execution Possible Out of Bounds Write Vulnerability in GenieZone Out of Bounds Write Vulnerability in mtee ISP Out of Bounds Write Vulnerability Allows Local Privilege Escalation Critical Out of Bounds Write Vulnerability in WLAN Vulnerability: Unauthorized Access and Data Modification in Announcement & Notification Banner – Bulletin Plugin for WordPress Integer Overflow Vulnerability in WLAN Allows for Local Information Disclosure Integer Overflow Vulnerability in WLAN Allows for Local Privilege Escalation Integer Overflow Vulnerability in WLAN Allows for Local Privilege Escalation Integer Overflow Vulnerability in WLAN Allows for Local Privilege Escalation Double Free Vulnerability in gz Library Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Out of Bounds Write Vulnerability in Display DRM Vulnerability: Cross-Site Request Forgery in Announcement & Notification Banner – Bulletin Plugin for WordPress Audio Out of Bounds Write Vulnerability Allows Local Privilege Escalation Possible Memory Corruption Vulnerability in VCU: Local Privilege Escalation without User Interaction WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure Potential Out of Bounds Read Vulnerability in WLAN Unauthenticated Remote Code Execution (RCE) via File Upload in File Manager Advanced Shortcode WordPress Plugin Possible Out of Bounds Write Vulnerability in adsp Possible Out of Bounds Write Vulnerability in adsp Integer Overflow Vulnerability in WLAN Allows for Local Privilege Escalation Race condition vulnerability in vdec leads to local privilege escalation Race condition vulnerability in vdec leads to local privilege escalation Race condition vulnerability in display drm allows for local privilege escalation Race condition vulnerability in display drm allows for local privilege escalation Critical Vulnerability: Out of Bounds Read Allows Local Information Disclosure Integer Overflow Vulnerability in WLAN Firmware: Remote Denial of Service Exploit GitLab Vulnerability: Unauthorized Access to CI/CD Variables via Import Project Feature Integer Overflow Vulnerability in WLAN Firmware: Remote Denial of Service Exploit Integer Overflow Vulnerability in WLAN Firmware: Remote Denial of Service Exploit Uncaught Exception in WLAN Firmware: Remote Denial of Service Vulnerability Uncaught Exception in WLAN Firmware: Remote Denial of Service Vulnerability Out of Bounds Write Vulnerability in Preloader Out of Bounds Write Vulnerability in Preloader Out of Bounds Write Vulnerability in Preloader Out of Bounds Read Vulnerability in keyinstall Out of Bounds Read Vulnerability in keyinstall Out of Bounds Write Vulnerability in adsp Widevine Vulnerability: Logic Error Leading to Out of Bounds Write and Local Privilege Escalation Widevine Vulnerability: Logic Error Leading to Out of Bounds Write and Local Privilege Escalation Remote Denial of Service Vulnerability in 5G NRLC due to Invalid Memory Access Possible Out of Bounds Read Vulnerability in apu Possible Out of Bounds Read Vulnerability in apu Possible Out of Bounds Read Vulnerability in apu Possible Out of Bounds Read Vulnerability in apu Out of Bounds Write Vulnerability in RIL Out of Bounds Read Vulnerability in keyinstall Out of Bounds Read Vulnerability in keyinstall Remote Code Execution Vulnerability in Rockwell Automation FactoryTalk View Machine Edition on PanelView Plus Out of Bounds Read Vulnerability in keyinstall Out of Bounds Read Vulnerability in keyinstall Critical Out of Bounds Write Vulnerability in WLAN Critical Out of Bounds Write Vulnerability in WLAN Critical Out of Bounds Write Vulnerability in WLAN Possible DMA Buffer Leak Vulnerability in VCU: Local Information Disclosure without User Interaction Possible Out of Bounds Write Vulnerability in VCU Out of Bounds Read Vulnerability in pqframework Stored Cross-Site Scripting Vulnerabilities in Rockwell Automation PowerMonitor 1000 Out of Bounds Read Vulnerability in pqframework Critical Vulnerability in ISP Allows Local Privilege Escalation without User Interaction Possible Out of Bounds Write Vulnerability in m4u with Local Privilege Escalation Bluetooth Out of Bounds Read Vulnerability Bluetooth Out of Bounds Read Vulnerability Out of Bounds Write Vulnerability in Preloader GPS Location Leak Vulnerability in mnld WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure Critical SQL Injection Vulnerability in Campcodes Online Traffic Offense Management System 1.0 WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure Possible Use After Free Vulnerability in VCU with Improper Locking Possible Out of Bounds Write Vulnerability in VCU Possible Out of Bounds Write Vulnerability in VCU Race Condition Vulnerability in VCU Allows Local Privilege Escalation Possible Use After Free Vulnerability in VCU with Improper Locking Possible Out of Bounds Write Vulnerability in VCU Possible Memory Corruption Vulnerability in VCU with Local Privilege Escalation SQL Injection Vulnerability in Campcodes Online Traffic Offense Management System 1.0 Possible Memory Corruption Vulnerability in VCU with Local Privilege Escalation Possible Out of Bounds Read Vulnerability in RIL Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Possible Out of Bounds Write Vulnerability in VCU Possible Use After Free Vulnerability in VCU with Local Privilege Escalation Possible Out of Bounds Write Vulnerability in VCU Possible Out of Bounds Write Vulnerability in VCU Possible Memory Corruption Vulnerability in VCU: Local Denial of Service with System Execution Privileges Out of Bounds Read Vulnerability in Display Module Potential Out of Bounds Write Vulnerability in swpm Critical SQL Injection Vulnerability in Campcodes Online Traffic Offense Management System 1.0 Race condition vulnerability in swpm allows for out-of-bounds write and local information disclosure Out of Bounds Write Vulnerability in Keymange Out of Bounds Write Vulnerability in Keymange Out of Bounds Write Vulnerability in rpmb (Patch ID: ALPS07460390; Issue ID: ALPS07588667) Integer Overflow Vulnerability in keyinstall Allows for Local Privilege Escalation Integer Overflow Vulnerability in keyinstall Allows for Local Privilege Escalation Integer Overflow Vulnerability in keyinstall Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in cmdq Memory Corruption Vulnerability in cmdq Memory Corruption Vulnerability in cmdq Cross-Site Scripting (XSS) Vulnerability in Campcodes Online Traffic Offense Management System 1.0 Possible Out of Bounds Write Vulnerability in apu Out of Bounds Write Vulnerability in RIL GPS Out of Bounds Write Vulnerability Out of Bounds Write Vulnerability in pqframework Type Confusion Vulnerability in ion: Local Privilege Escalation without User Interaction Cross-Site Scripting (XSS) Vulnerability in Campcodes Online Traffic Offense Management System 1.0 Race condition vulnerability in display leading to local privilege escalation Missing Permission Check Vulnerability in Vow: Local Privilege Escalation without User Interaction Missing Permission Check Vulnerability in Vow: Local Privilege Escalation without User Interaction Out of Bounds Read Vulnerability in Display Module Out of Bounds Write Vulnerability in Display Vulnerability: Unauthorized Modification of Data in Buy Me a Coffee – Button and Widget Plugin for WordPress Potential Information Disclosure in keyinstall Memory Corruption Vulnerability in keyinstall Potential Local Information Disclosure Vulnerability in keyinstall Out of Bounds Write Vulnerability in keyinstall Out of Bounds Write Vulnerability in keyinstall Audio Out of Bounds Write Vulnerability Allows Local Privilege Escalation GPS Out of Bounds Write Vulnerability Race Condition Vulnerability in Thermal Module Allows for Local Privilege Escalation Race Condition Vulnerability in Thermal Module Allows for Local Privilege Escalation JPEG Information Disclosure Vulnerability Vulnerability: Cross-Site Request Forgery in Buy Me a Coffee – Button and Widget Plugin for WordPress Out of Bounds Write Vulnerability in NVRAM Possible Memory Corruption Vulnerability in apu with Missing Bounds Check Out of Bounds Write Vulnerability in RIL Memory Corruption Vulnerability with Incorrect Bounds Check in Power Out of Bounds Write Vulnerability in Camera Middleware Possible Out of Bounds Read Vulnerability in PDA Blind SQL Injection Vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal Local Privilege Escalation Vulnerability in imgsys Race Condition Vulnerability in imgsys: Local Privilege Escalation without User Interaction Possible Memory Corruption Vulnerability in imgsys with Local Privilege Escalation Possible Memory Corruption Vulnerability in imgsys with Local Privilege Escalation Out of Bounds Write Vulnerability in imgsys Out of Bounds Write Vulnerability in imgsys Possible Out of Bounds Write Vulnerability in hcp Possible Out of Bounds Write Vulnerability in dpe Out of Bounds Write Vulnerability in OPTEE with Local Privilege Escalation Out of Bounds Write Vulnerability in vdec IOMMU Information Disclosure Vulnerability IOMMU Out of Bounds Write Vulnerability Possible Out of Bounds Write Vulnerability in WLAN Driver Possible Out of Bounds Read Vulnerability in WLAN Service Possible Out of Bounds Write Vulnerability in WLAN Service Possible Out of Bounds Write Vulnerability in WLAN Service Possible Out of Bounds Write Vulnerability in WLAN Service Possible Out of Bounds Write Vulnerability in WLAN Service Possible Out of Bounds Read Vulnerability in WLAN Service CDMA PPP Protocol Out of Bounds Write Vulnerability Cross-Site Scripting Vulnerability in Buy Me a Coffee – Button and Widget Plugin for WordPress Command Injection Vulnerability in WLAN Service Out of Bounds Write Vulnerability in NVRAM Out of Bounds Write Vulnerability in netdagent Out of Bounds Read Vulnerability in cmdq Possible Information Disclosure Vulnerability in Duraspeed Possible Information Disclosure Vulnerability in Duraspeed Possible Local Information Disclosure Vulnerability in CTA Race Condition Vulnerability in IMS Service Allows for Local Privilege Escalation GPS Out of Bounds Write Vulnerability GPS Out of Bounds Write Vulnerability Unauthenticated Users Can Exploit Missing Capability Check in Essential Blocks WordPress Plugin GPS Out of Bounds Write Vulnerability GPS Out of Bounds Write Vulnerability GPS Out of Bounds Write Vulnerability Potential Local Information Disclosure Vulnerability in keyinstall Race Condition Vulnerability in PDA Allows for Local Privilege Escalation Race Condition Vulnerability in Camsys Allows for Local Privilege Escalation Possible Out of Bounds Read Vulnerability in Camsys Out of Bounds Write Vulnerability in Seninf Race condition vulnerability in imgsys leads to local information disclosure with system execution privileges (Patch ID: ALPS07326455; Issue ID: ALPS07326418) Possible Out of Bounds Read Vulnerability in imgsys Unauthenticated Access to Essential Blocks Plugin Settings in WordPress Missing Valid Range Checking Vulnerability in imgsys Out of Bounds Write Vulnerability in imgsys Out of Bounds Write Vulnerability in imgsys_cmdq Out of Bounds Read Vulnerability in imgsys_cmdq Out of Bounds Read Vulnerability in imgsys_cmdq Possible Out of Bounds Read Vulnerability in imgsys Out of Bounds Read Vulnerability in imgsys_cmdq Out of Bounds Read Vulnerability in imgsys_cmdq Out of Bounds Read Vulnerability in imgsys_cmdq Use-after-free vulnerability in imgsys_cmdq allows for local privilege escalation Unauthenticated Access to Essential Blocks Plugin Templates in WordPress Out of Bounds Write Vulnerability in imgsys_cmdq Race condition vulnerability in stc allows for local privilege escalation Vulnerability: Deserialization of Untrusted Data in aEnrich Technology a+HRD MSMQ Interpreter Deserialization of Untrusted Data Vulnerability in aEnrich Technology a+HRD MSMQ Arbitrary File Deletion Vulnerability in VMware Workstation XML External Entity (XXE) Vulnerability in VMware vRealize Orchestrator: Bypassing XML Parsing Restrictions for Information Disclosure and Privilege Escalation CSRF Bypass Vulnerability in VMware vRealize Operations (vROps) Allows Unauthorized Actions Passcode Bypass Vulnerability in VMware Workspace ONE Content Injection Vulnerability in VMware Carbon Black App Control Sensitive Information Leakage via Log File in Spring Vault Unauthenticated Access to Essential Blocks Plugin Template Information Pattern Mismatch Vulnerability in Spring Security with mvcRequestMatcher SpEL Expression DoS Vulnerability in Spring Framework Improper Logout Handling in Spring Security Denial-of-Service (DoS) Vulnerability in Spring Framework Deserialization Vulnerability in VMware Aria Operations for Logs Allows Remote Code Execution as Root Command Injection Vulnerability in VMware Aria Operations for Logs Session ID Logging Vulnerability in Spring Session 3.0.0 ESXi Host Vulnerability: Compromised Host-to-Guest Authentication with VMware Tools Reflected Cross-Site Scripting Vulnerability in NSX-T Stack-based Buffer-Overflow Vulnerability in VMware Workstation and Fusion Bluetooth Device Sharing Cross-Site Request Forgery Vulnerability in Essential Blocks Plugin for WordPress Out-of-Bounds Read Vulnerability in VMware Workstation and Fusion's Bluetooth Device Sharing Functionality Local Privilege Escalation Vulnerability in VMware Fusion Critical Out-of-Bounds Read/Write Vulnerability in VMware Workstation and Fusion SCSI CD/DVD Device Emulation Cloud Foundry Security Bypass Vulnerability in Spring Boot Privilege Escalation Vulnerability in VMware Aria Operations Deserialization Vulnerability in VMware Aria Operations Allows Arbitrary Command Execution Local Privilege Escalation Vulnerability in VMware Aria Operations: Root Access Exploit Inconsistent Volume Detachment Vulnerability in OpenStack Privilege Escalation Vulnerability in VMware Aria Operations Vulnerability: Privilege Escalation in Cloud Foundry Instances with CAPI and Loggregator-Agent Denial of Service Vulnerability in Cloud Foundry Routing Release Versions 0.262.0 and Prior to 0.266.0 Denial-of-Service (DoS) Vulnerability in Spring Boot with Reverse Proxy Cache Insecure Redirect Vulnerability in VMware Workspace ONE Access and VMware Identity Manager Multiple Vulnerabilities in Cloud Foundry Releases Open Redirect Vulnerability in VMware Workspace ONE UEM Console Allows for SAML Response Retrieval and User Impersonation Command Injection Vulnerability in VMware Aria Operations for Networks: Remote Code Execution Risk Authenticated Deserialization Vulnerability in VMware Aria Operations for Networks Information Disclosure Vulnerability in VMware Aria Operations for Networks Critical SQL Injection Vulnerability in SourceCodester Complaint Management System 1.0 Arbitrary File Write Vulnerability in VMware Aria Operations for Networks Information Disclosure Vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment Heap Overflow Vulnerability in vCenter Server's DCERPC Protocol Implementation VMware vCenter Server Use-After-Free Vulnerability Allows Arbitrary Code Execution VMware vCenter Server DCERPC Protocol Out-of-Bounds Write Vulnerability Memory Corruption Vulnerability in VMware vCenter Server Allows Authentication Bypass VMware vCenter Server Out-of-Bounds Read Vulnerability Denial of Service (DOS) Vulnerability in Salt Masters Vulnerability: Git Providers in Salt Masters Prior to 3005.2 or 3006.2 Allow for Wrong Environment Data Access VMware SD-WAN (Edge) Bypass Authentication Vulnerability Critical SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 (VDB-226098) Privilege Escalation through Guest Alias Vulnerability Timing Condition Vulnerability in Harbor Vulnerability: Unauthorized Access to Cloud Foundry Resources via Deactivated Identity Provider Refresh Tokens Potential Arbitrary Activity Launch in getTrampolineIntent of SettingsActivity.java Out of Bounds Write Vulnerability in Mfc_Transceive of phNxpExtns_MifareStd.cpp Silent Permission Bypass Vulnerability in onPackageAddedInternal of PermissionManagerService.java Resource Exhaustion Vulnerability in SettingsState.java Privilege Escalation Vulnerability in RunningTasks.java Critical OS Command Injection Vulnerability in KylinSoft Youker-Assistant on KylinOS (VDB-226099) Permanent Denial of Service Vulnerability in WifiNetworkSuggestionsManager Resource Exhaustion Vulnerability in addPermission of PermissionManagerServiceImpl.java Unauthenticated Access to User Images in AvatarPickerActivity.java Tapjacking/Overlay Attack Vulnerability in Phone Account Settings Activity Permissions Bypass in onSetRuntimePermissionGrantStateByDeviceAdmin Allows Work Profile to Read SMS Messages Possible Local Escalation of Privilege in addOrReplacePhoneAccount of PhoneAccountRegistrar.java Missing Permission Check in getMainActivityLaunchIntent Allows Local Privilege Escalation in Android Potential Local Escalation of Privilege Vulnerability in ResolverActivity.java Possible Elevation of Privilege in getPendingIntentLaunchFlags of ActivityOptions.java Possible Privilege Escalation Vulnerability in getStringsForPrefix Method of Settings.java Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226100) Use-after-free vulnerability in UsbRequest.java allows for local privilege escalation Automatic Granting of Accessibility Services Vulnerability Resource Exhaustion Crash Loop in setMimeGroup of PackageManagerService.java Permissions Bypass in Exported Content Providers of ShannonRcs Biometric Auth Failure Allows Lockscreen Bypass on Android Devices Use After Free Vulnerability in setUclampMinLocked of PowerSessionManager.cpp Missing Permission Check in onParentVisible of HeaderPrivacyIconsController.kt Allows Local Privilege Escalation on Factory Reset Devices Android Manifest Permissions Bypass Vulnerability Use-after-free vulnerability in binder_vma_close in binder.c allows local attackers to escalate privileges on Android via a crafted application that leverages improper locking. Unrestricted Broadcast Intent in sendHalfSheetCancelBroadcast of HalfSheetActivity.java Allows for Nearby BT MAC Address Disclosure Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226101) Resource Exhaustion Vulnerability in pushDynamicShortcut of ShortcutPackage.java Heap Buffer Overflow in avdt_scb_hdl_write_req of avdt_scb_act.cc Improper Input Validation in EditInfoFragment Allows Unauthorized Access to Contacts Use-after-free vulnerability in MediaCodec.cpp allows for local privilege escalation Microphone Privacy Indicator Bypass Vulnerability in ServiceUtilities.cpp Out-of-Bounds Read Vulnerability in Android Deserialization Out-of-Bounds Write Vulnerability in bta_av_rc_disc_done of bta_av_act.cc Use After Free Vulnerability in Android Linux Kernel Use-after-free vulnerability in binder_transaction_buffer_release in binder.c allows local attackers to escalate privileges via crafted input. Improper Locking in looper_backed_event_loop.cpp Allows for Memory Corruption and Local Privilege Escalation Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226102) Improper Crypto Usage in Android Boot Partition Replacement Vulnerability Out of Bounds Write Vulnerability in acc_ctrlrequest_composite of f_accessory.c Unprivileged Audio Recording Vulnerability in openMmapStream of AudioFlinger.cpp Path Traversal Vulnerability in clearApplicationUserData of ActivityManagerService.java Unsafe Deserialization Vulnerability in ChooseTypeAndAccountActivity.java Out-of-bounds Write Vulnerability in phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp Possible Permission Bypass Vulnerability in BluetoothSwitchPreferenceController.java Possible One-Time Permission Bypass in GrantPermissionsViewModel.kt Heap Buffer Overflow in dropFramesUntilIframe of AAVCAssembler.cpp Allows Remote Information Disclosure Possible out of bounds read vulnerability in s2mpg11_pmic_probe of s2mpg11-regulator.c Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226103) Bypassing Background Activity Launch Restrictions via PendingIntent in AlarmManagerActivity Out-of-bounds Write Vulnerability in gatt_process_prep_write_rsp of gatt_cl.cc Out-of-Bounds Write Vulnerability in A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc Bypassing Factory Reset Protection through Incorrect UI Display in onPrimaryClipChanged Out-of-Bounds Write Vulnerability in SDP_AddAttribute of sdp_db.cc Unrestricted Uninstallation of Applications in AppInfoDashboardFragment.java Out of Bounds Write Vulnerability in C2SurfaceSyncObj.cpp Bypass of Factory Reset Protections in onAttach of SettingsPreferenceFragment.java Heap Buffer Overflow in read_paint of ttcolr.c in Android-13 (A-254803162) Guest Users Can Escalate Privileges in AddSupervisedUserActivity Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226104) Improper Input Validation in launchDeepLinkIntentToRight of SettingsHomepageActivity.java Allows for Arbitrary Activity Launch Unsafe PendingIntent in getSliceEndItem of MediaVolumePreferenceController.java allows for foreground activity start from the background, leading to local information disclosure without additional execution privileges needed Parcel Mismatch Vulnerability in WorkSource Allows Local Privilege Escalation Intent Rebroadcast Vulnerability in MediaSessionRecord.java Possible Credential Disclosure in TOFU Flow in ClientModeImpl.java Heap Buffer Overflow in inflate.c: Local Privilege Escalation Vulnerability Out-of-bounds Write Vulnerability in avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226105) Out of Bounds Read Vulnerability in p2p_iface.cpp Possible Local Escalation of Privilege in Android's PermissionManagerServiceImpl.java Out-of-Bounds Read Vulnerability in btm_vendor_specific_evt of btm_devctl.cc Out-of-bounds Read Vulnerability in btm_create_conn_cancel_complete of btm_sec.cc Out-of-bounds Read Vulnerability in btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc Bypassing DISALLOW_CONTENT_CAPTURE Permission in EnableContentCapturePreferenceController.java Improper Input Validation in DefaultAutofillPicker.java Allows for Misleading Default Autofill Application Selection Out-of-bounds Read Vulnerability in btm_ble_read_remote_features_complete of Android Out of Bounds Read Vulnerability in GetNextSourceDataPacket of bta_av_co.cc Cross-Site Scripting (XSS) Vulnerability in SourceCodester Vehicle Service Management System 1.0 Out of Bounds Read Vulnerability in btu_ble_ll_conn_param_upd_evt of btu_hcif.cc Out-of-bounds Read Vulnerability in btu_ble_rc_param_req_evt of btu_hcif.cc Out-of-bounds Read Vulnerability in btm_read_tx_power_complete of btm_acl.cc Out of Bounds Read Vulnerability in btm_ble_rand_enc_complete of btm_ble.cc Out-of-Bounds Read Vulnerability in ParseBqrLinkQualityEvt of btif_bqr.cc Out-of-Bounds Write Vulnerability in BTA_GATTS_HandleValueIndication of bta_gatts_api.cc Out-of-bounds Read Vulnerability in btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc Out of Bounds Read Vulnerability in btm_read_link_quality_complete of btm_acl.cc Out-of-bounds Read Vulnerability in btm_read_rssi_complete of btm_acl.cc Out-of-bounds Read Vulnerability in btm_ble_write_adv_enable_complete of btm_ble_gap.cc Cross-Site Scripting (XSS) Vulnerability in SourceCodester Vehicle Service Management System 1.0 Out of Bounds Read Vulnerability in btm_ble_rand_enc_complete of btm_ble.cc Out-of-bounds Read Vulnerability in btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc Out of Bounds Read Vulnerability in btm_iso_impl.h Uncaught Exception in SnoozeHelper.java Allows Local Privilege Escalation Out of Bounds Write Vulnerability in ufdt_convert.c Bypassing Fingerprint Unlock Logic Error in CustomizedSensor.cpp Persistent Reboot Loop Vulnerability in Android-13 (A-246749764) Persistent Reboot Loop Vulnerability in Android-13 (A-246749702) Persistent Reboot Loop Vulnerability in Android-13 (A-246749936) Persistent Reboot Loop Vulnerability in Android-13 (A-246750467) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Vehicle Service Management System 1.0 Use-after-free vulnerability in MediaCodec.cpp allows for local privilege escalation Potential Local Privilege Escalation in NetworkProviderSettings.java Possible Permission Bypass in getAvailabilityStatus of Transcode Permission Controllers in Android Permission Bypass in Transcode Permission Controllers Allows Local Privilege Escalation Possible Permission Bypass in getAvailabilityStatus of Transcode Permission Controllers in Android Possible Permission Bypass in getAvailabilityStatus of Transcode Permission Controllers in Android Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Absolute Path Traversal Vulnerability in moxi624 Mogu Blog v2 up to 5.2 Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in forceStaDisconnection of hostapd.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Permission Bypass in Transcode Permission Controllers: Local Privilege Escalation Vulnerability Improper Input Validation in AccountTypePreference.java Allows Misleading User about Installed Accounts Improper Input Validation in InstallStart.java Allows for Installer Package Name Manipulation Use-after-free vulnerability in UnwindingWorker of unwinding.cc allows for local escalation of privilege with System execution privileges needed Heap Buffer Overflow in ih264e_init_proc_ctxt of ih264e_process.c Stored Cross-site Scripting (XSS) Vulnerability in easyappointments prior to 1.5.0 Local Arbitrary Code Execution via Use After Free in registerSignalHandlers Potential Local Privilege Escalation in WifiServiceImpl.java Out of Bounds Write Vulnerability in BufferBlock of Suballocation.cpp Possible Delay of Lockdown Screen in FallbackHome.java Could Lead to Local Escalation of Privilege Out of Bounds Read Vulnerability in ufdt_local_fixup_prop of ufdt_overlay.c Potential Denial of Service Vulnerability in WindowManagerService's updateInputChannel Method Authentication Misconfiguration in PasspointXmlUtils.java Allows Remote Information Disclosure Out-of-Bounds Read Vulnerability in parse_printerAttributes of ipphelper.c Missing Permission Check in UidObserverController.java Allows Local Information Disclosure Stored Cross-site Scripting (XSS) Vulnerability in easyappointments prior to 1.5.0 Double Free Vulnerability in keystore_cli_v2.cpp Allows Local Privilege Escalation Race condition in setPowerMode of HWC2.cpp allows for out-of-bounds read, leading to local information disclosure Heap Buffer Overflow in _ufdt_output_node_to_fdt of ufdt_convert.c Persistent Denial of Service Vulnerability in addNetwork of WifiManager.java Possible Privilege Escalation through SensorService Permissions Bypass in Android Permissions Bypass Vulnerability in BackupHelper.java Allows Privilege Escalation Possible Image Truncation Vulnerability in BitmapExport.java Use after free vulnerability in cs40l2x_cp_trigger_queue_show in cs40l2x.c allows local attackers to escalate privileges via a crafted application. Out of Bounds Read Vulnerability in dumpstateBoard of Dumpstate.cpp Improper Access Control in GitHub Repository alextselegidis/easyappointments Prior to 1.5.0 Out-of-bounds Write Vulnerability in buildCommand of bluetooth_ccc.cc Out of Bounds Write Vulnerability in append_to_params of param_util.c Use After Free Vulnerability in Android Kernel Allows for Local Privilege Escalation Use After Free Vulnerability in Android Kernel Allows for Local Privilege Escalation Out-of-bounds Read Vulnerability in VendorGraphicBufferMeta Initialization Out-of-Bounds Read Vulnerability in cpif Handling of Probe Failures Out-of-Bounds Read Vulnerability in ConvertToHalMetadata of aidl_utils.cc Out of Bounds Read Vulnerability in ConvertToHalMetadata of aidl_utils.cc Out of Bounds Read Vulnerability in handleEvent of nan.cpp Out-of-bounds Read Vulnerability in append_camera_metadata of camera_metadata.c Session Fixation Vulnerability in easyappointments prior to 1.5.0 Out of Bounds Write Vulnerability in load_png_image of ExynosHWCHelper.cpp Out-of-bounds Write Vulnerability in dwc3-exynos.c Out of Bounds Write Vulnerability in setToExternal of ril_external_client.cpp Out of Bounds Read Vulnerability in sms_ExtractCbLanguage of sms_CellBroadcast.c Out-of-Bounds Write Vulnerability in EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c Race condition vulnerability in dit_hal_ioctl of dit.c allows for local privilege escalation in Android kernel, potentially leading to system execution privileges. Possible Memory Corruption Vulnerability in lwis_slc_buffer_free of lwis_device_slc.c Out-of-bounds Write Vulnerability in ProfSixDecomTcpSACKoption of RohcPacketCommon Out-of-bounds Write Vulnerability in lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c Out-of-Bounds Read Vulnerability in EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c Insecure Password Requirements in GitHub Repository janeczku/calibre-web prior to 0.6.20 Out of Bounds Read Vulnerability in sms_GetTpPiIe of sms_PduCodec.c Android Kernel Vulnerability: A-229255400 Out of Bounds Read Vulnerability in DoSetTempEcc of imsservice.cpp Out-of-Bounds Read Vulnerability in ParseWithAuthType of simdata.cpp Out of Bounds Read Vulnerability in DoSetPinControl of miscservice.cpp Integer Overflow in fdt_next_tag of fdt.c Allows for Local Privilege Escalation Heap Buffer Overflow in cd_CodeMsg of cd_codec.c in Android Kernel Android Kernel Vulnerability: A-254114726 Hidden Debug Policy Vulnerability in Android Kernel Out of Bounds Write Vulnerability in wl_update_hidden_ap_ie of wl_cfgscan.c Critical SQL Injection Vulnerability in IBOS 4.5.5 (VDB-226110) Out-of-bounds Write Vulnerability in add_roam_cache_list of wl_roam.c Out-of-bounds Write Vulnerability in dhd_prot_ioctcmplt_process of dhd_msgbuf.c Buffer Overflow Vulnerability in rtt_unpack_xtlv_cbfn of dhd_rtt.c Buffer Overflow Vulnerability in rtt_unpack_xtlv_cbfn of dhd_rtt.c Heap Buffer Overflow in get_svc_hash of nan.cpp in Android Kernel Heap Buffer Overflow in createTransmitFollowupRequest of nan.cpp Buffer Overflow Vulnerability in rtt_unpack_xtlv_cbfn of dhd_rtt.c Buffer Overflow Vulnerability in rtt_unpack_xtlv_cbfn of dhd_rtt.c Heap Buffer Overflow in rtt_unpack_xtlv_cbfn of dhd_rtt.c Critical SQL Injection Vulnerability in SourceCodester Judging Management System 1.0 (VDB-226147) Out-of-Bounds Read Vulnerability in btif_rc.cc's register_notification_rsp Logic Error in PackageInstallerService Allows Bypass of Background Activity Launch Restrictions Contact Phone Number Enumeration Vulnerability in NewOutgoingCallIntentBroadcaster.java Privacy Indicator Bypass in CallScreeningServiceHelper: Potential Audio Recording Vulnerability Insecure Hash Vulnerability in buildPropFile of Android Filesystem Out-of-Bounds Write Vulnerability in nci_snd_set_routing_cmd of nci_hmsgs.cc NFC Permissions Bypass Vulnerability in SecureNfcEnabler and SecureNfcPreferenceController Uncaught Exception in PreferencesHelper.java Leads to Boot Loop Vulnerability Logic Error in deliverOnFlushComplete Allows Bypass of Background Activity Launch Restrictions Foreground Service Persistence Vulnerability in ActivityManagerService DOM-based Cross-site Scripting (XSS) Vulnerability in Chatwoot Prior to 2.14.0 Possible boot loop vulnerability in parseUsesPermission of ParsingPackageUtils.java leading to local denial of service Missing Permission Check in AppLocalePickerActivity.java Allows Unauthorized Change of System App Locales Dynamic BroadcastReceiver Registration Vulnerability in retrieveServiceLocked of ActiveServices.java Path Traversal Vulnerability in extractRelativePath of FileUtils.java Missing Permission Check in LayerState.cpp Allows Screen Display Takeover and Content Swap Partial Lockscreen Bypass Vulnerability in canStartSystemGesture of RecentsAnimationDeviceState.java Use-after-free vulnerability in OnWakelockReleased of attribution_processor.cc allows for remote code execution without additional execution privileges needed Arbitrary Activity Launch Vulnerability in Intent.toUriInner Arbitrary Code Loading Vulnerability in AccountManagerService.java Privilege Escalation via PackageInstallerSession Foreground Service Start Local File Exfiltration via Crafted Webpage in Obsidian Desktop Heap Buffer Overflow in inflate.c: Local Privilege Escalation Vulnerability in Android Race condition vulnerability in WVDrmPlugin.cpp allows for local privilege escalation Bypass of Shadow Stack Protection in efi-rt-wrapper.S Uncaught Exception Vulnerability in registerPhoneAccount of PhoneAccountRegistrar.java Missing Permission Check in applySyncTransaction of WindowOrganizer.java Allows Local Information Disclosure Possible Cross-User Media Read Vulnerability in ChooserActivity.java Double Free Vulnerability in adreno_set_param of adreno_gpu.c Missing Permission Check in retrieveAppEntry of NotificationAccessDetails.java Out-of-Bounds Write Vulnerability in sdpu_build_uuid_seq of sdp_discovery.cc Logic Error in AccessibilityService Allows App Hiding and Privilege Escalation SQL Injection Vulnerability in Fast & Effective Popups & Lead-Generation for WordPress Plugin Resource Exhaustion Vulnerability in SnoozeHelper.java Allows for Unauthorized Notification Access Improper Input Validation in PhoneAccountRegistrar.java Allows Local Denial of Service Out-of-bounds Read Vulnerability in AnalyzeMfcResp of NxpMfcReader.cc Link Key Type Downgrade Vulnerability in btm_sec_encrypt_change of btm_sec.cc Possible Downgrade Vulnerability in InstallPackageHelper.java Permission Bypass Vulnerability in registerReceiverWithFeature of ActivityManagerService.java Heap Buffer Overflow in unflattenString8 of Sensor.cpp Lateral Movement Vulnerability in M-Files Desktop Component Service Use-after-free vulnerability in cdm_engine.cpp allows for local privilege escalation Improper Input Validation in onResume of AppManagementFragment.java Allows Local Privilege Escalation Missing Permission Check Allows Local Privilege Escalation in Android Bypassing DISALLOW_DEBUGGING_FEATURES Restriction for Tracing Vulnerability Unsafe Deserialization Vulnerability in Android Unsafe Intent Vulnerability in bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java Uninitialized Data Out-of-Bounds Write Vulnerability in NuMediaExtractor.cpp Local Privilege Escalation Vulnerability in AppStandbyController.java Possible local escalation of privilege through background activity launch in getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java Arbitrary JavaScript Injection in Autoptimize WordPress Plugin (CVE-2021-XXXXX) Remote Code Execution Vulnerability in btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc Possible Bypass of Parcel Mismatch Mitigations in checkKeyIntentParceledCorrectly() of ActivityManagerService.java Bypassing Factory Reset Protections in ManagePermissionsActivity.java Bypassing Factory Reset Protections in ManagePermissionsActivity.java Bypassing Factory Reset Protections in ManagePermissionsActivity.java Improper Input Validation in NotificationAccessSettings.java Allows for Local Privilege Escalation Improper Input Validation in JobStore.java Allows for Local Denial of Service on Android Uncaught Exception in JobStore.java Allows Local Persistent Denial of Service in Android Improper Input Validation in onNullBinding of CallRedirectionProcessor.java Allows for Long Lived Connection and Local Privilege Escalation Unsafe Intent in bindPlayer of MediaControlPanel.java allows for arbitrary activity launch in SysUI SQL Injection Vulnerability in NEX-Forms WordPress Plugin Bypassing Factory Reset Protections in ManagePermissionsActivity.java Developer Mode Traces Permissions Bypass Vulnerability Dev Mode Permissions Bypass Vulnerability in Android Local Denial of Service Vulnerability in Android Potential Denial of Service Vulnerability in NotificationContentInflater's doInBackground Method Possible bypass of background launch restrictions in updatePictureInPictureMode of ActivityRecord.java Use After Free Vulnerability in Android Kernel Allows for Local Privilege Escalation Possible UAF Vulnerability in lwis_i2c_device_disable of lwis_device_i2c.c Out of Bounds Read Vulnerability in BuildSetConfig of protocolimsbuilder.cpp Potential Local Privilege Escalation in registerGsmaServiceIntentReceiver of ShannonRcsService.java Out of Bounds Read Vulnerability in handle_set_parameters_ctrl of hal_socket.c Heap Buffer Overflow in Google BMS Kernel Module Allows Local Privilege Escalation Out of Bounds Read Vulnerability in FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc Out of Bounds Read Vulnerability in Do_AIMS_SET_CALL_WAITING of imsservice.cpp Out of Bounds Read Vulnerability in StoreAdbSerialNumber of protocolmiscbuilder.cpp Out of Bounds Read Vulnerability in BuildSetRadioNode of protocolmiscbuilder.cpp Out of Bounds Read Vulnerability in BuildGetRadioNode of protocolmiscbulider.cpp Heap Buffer Overflow in encode of wlandata.cpp in Android Kernel (A-263783137) Heap Buffer Overflow in encode of miscdata.cpp in Android Kernel Out of Bounds Write Vulnerability in simdata.cpp Heap Buffer Overflow in BuildSetTcsFci of protocolmiscbuilder.cpp Out of Bounds Write Vulnerability in simdata.cpp Use-after-free vulnerability in RGXUnbackingZSBuffer in rgxta3d.c allows for arbitrary code execution Arbitrary Code Execution via Use After Free in PMR_ReadBytes of pmr.c Arbitrary Code Execution via Use After Free in DevmemIntMapPMR Arbitrary Code Execution via Use After Free in DevmemIntUnmapPMR Use-after-free vulnerability in RGXBackingZSBuffer of rgxta3d.c allows for arbitrary code execution Missing Bounds Check in setProfileName of DevicePolicyManagerService.java Allows for Local Denial of Service in Android Out of Bounds Read Vulnerability in convertCbYCrY of ColorConverter.cpp Out of Bounds Read Vulnerability in inviteInternal of p2p_iface.cpp Directory Traversal Vulnerability in Image Optimizer by 10web WordPress Plugin Out of Bounds Read Vulnerability in ComposerCommandEngine.h Side Channel Information Disclosure in verifyInputEvent of InputDispatcher.cpp Local Privilege Escalation in WifiCallingSettings.java Missing Permission Check in DataUsageList.java Allows Unauthorized Access to Admin User's Network Activities Guest User Permissions Bypass in isPageSearchEnabled of BillingCycleSettings.java Guest User Mobile Data Permissions Bypass Vulnerability Possible Denial of Service Vulnerability in list_key_entries of utils.rs Missing Permission Check in requestAppKeyboardShortcuts of WindowManagerService.java Allows for App Inference and Local Information Disclosure Race condition vulnerability in installKey of KeyUtil.cpp allows for local information disclosure with system execution privileges (Android-13). Possible Bypass of User Specified WiFi Encryption Protocol in parseSecurityParamsFromXml of XmlUtil.java Insufficient Access Control in Support Ticket Feature in Devolutions Server 2023.1.5.0 and Below: Unauthorized Ticket Submission and Diagnostic File Download Heap Buffer Overflow in xmlParseTryOrFinish of parser.c in Android Possible Heap Buffer Overflow in btm_ble_update_inq_result of btm_ble_gap.cc Out-of-Bounds Read Vulnerability in Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp NFC Tag Data Read Vulnerability in ForegroundUtils of ForegroundUtils.java Possible Permission Bypass in getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java Missing Permission Check in WifiNetworkFactory.java Allows Local Privilege Escalation Out of Bounds Read Vulnerability in LogResponse of Dns.cpp Possible Local Escalation of Privilege in UsbAccessoryUriActivity.onCreate Possible Heap Buffer Overflow in btm_ble_update_inq_result of btm_ble_gap.cc Possible Bypass of Lock Task Mode in startLockTaskMode of LockTaskController.java Reflected Cross-Site Scripting Vulnerability in Responsive Filterable Portfolio Plugin for WordPress Possible vulnerability: Unencrypted Connection Termination Bypass in btm_acl_encrypt_change of Android Possible bypass of notification hide preference in fixNotification method of NotificationManagerService.java Improper Input Validation in setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java Allows Local Privilege Escalation Integer Overflow Vulnerability in VideoFrame of VideoFrame.h Out of Bounds Read Vulnerability in gatt_dbg_op_name of gatt_utils.cc Out-of-bounds Read Vulnerability in btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc Out-of-bounds Read Vulnerability in btm_ble_batchscan_filter_track_adv_vse_cback of Android Bluetooth Server Out-of-bounds Read Vulnerability in btm_acl_process_sca_cmpl_pkt of Android Out of Bounds Read Vulnerability in btif_sdp_server.cc Out-of-bounds Read Vulnerability in btu_ble_proc_ltk_req of btu_hcif.cc Reflected Cross-Site Scripting Vulnerability in Thumbnail Carousel Slider Plugin for WordPress Out-of-bounds Read Vulnerability in on_remove_iso_data_path of btm_iso_impl.h Possible Out of Bounds Read in btif_sdp_server.cc Could Lead to Remote Denial of Service Out of Bounds Read Vulnerability in btm_delete_stored_link_key_complete of Android Bluetooth Stack Out of Bounds Read Vulnerability in startWpsPbcInternal of sta_iface.cpp Potential Out of Bounds Read Vulnerability in Android WiFi Server Out of Bounds Read Vulnerability in startWpsPinDisplayInternal of sta_iface.cpp Out-of-Bounds Read Vulnerability in initiateVenueUrlAnqpQueryInternal of sta_iface.cpp Out of Bounds Read Vulnerability in initiateTdlsSetupInternal of sta_iface.cpp Out-of-Bounds Read Vulnerability in setCountryCodeInternal of sta_iface.cpp Out-of-Bounds Read Vulnerability in sta_iface.cpp Allows for Local Privilege Escalation HTML Injection in Vault's Key-Value v2 (kv-v2) Diff Viewer Out of Bounds Read Vulnerability in initiateHs20IconQueryInternal of sta_iface.cpp Heap Buffer Overflow Vulnerability in Android-13 Allows Local Information Disclosure Out of Bounds Read Vulnerability in Android Wifi Server Out of Bounds Read Vulnerability in initiateTdlsTeardownInternal of sta_iface.cpp Out of Bounds Read Vulnerability in addGroupWithConfigInternal of p2p_iface.cpp Race condition in DevmemIntAcquireRemoteCtx of devicemem_server.c allows for arbitrary code execution and local privilege escalation in the kernel Arbitrary Code Execution via Use After Free in PMRChangeSparseMemOSMem Integer Overflow in PMRWritePMPageList: Local Privilege Escalation without User Interaction Out of Bounds Write Vulnerability in PMRChangeSparseMemOSMem of physmem_osmem_linux.c Insecure Default Value in Android Kernel Allows Remote Information Disclosure over Cellular Networks Reflected Cross-Site Scripting Vulnerability in Image Optimizer by 10web WordPress Plugin Insecure Default Value in Android Kernel Allows Remote Information Disclosure over Cellular Networks Out-of-bounds Write Vulnerability in load_dt_data of storage.c Out of Bounds Read Vulnerability in LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c Heap Buffer Overflow in ss_ProcessReturnResultComponent of ss_MmConManagement.c Android Protected Confirmation Screen Bypass Vulnerability Out of Bounds Read Vulnerability in SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c Possible Information Disclosure Vulnerability in HTBLogKM of htbserver.c Out of Bounds Write Vulnerability in PMRChangeSparseMemOSMem of physmem_osmem_linux.c Unsafe PendingIntent in registerServiceLocked allows for local privilege escalation without user interaction Reflected Cross-Site Scripting in WP Inventory Manager WordPress Plugin Unprivileged App Broadcast Vulnerability: Local Information Disclosure in AccessPointPreference.java Unprivileged Application Can Start Non-Exported Activity Vulnerability Unauthenticated Sensor Data Retrieval Vulnerability Uninitialized Data Leak Vulnerability in avrc Potential Local Escalation of Privilege in ChooseLockSettingsHelper.java Lockscreen PIN Bypass Vulnerability in LockSettingsActivity Out-of-bounds Write Vulnerability in aoc_service_set_read_blocked of aoc.c Misleading UI in applyRemoteView of NotificationContentInflater.java allows for foreground service notification hiding and local information disclosure Confused Deputy Vulnerability in visitUris of RemoteViews.java Allows for Image Leakage and Local Information Disclosure Confused Deputy Vulnerability in visitUris of Notification.java Allows Image Data Leakage Across User Boundaries XFS File System Vulnerability: Local Privilege Escalation via Out-of-Bounds Memory Access Resource Exhaustion Vulnerability in Policy.java Integer Overflow in rw_i93_send_to_upper in rw_i93.cc Allows for Local Privilege Escalation Server Impersonation Vulnerability in InsecureEapNetworkHandler Buffer Overflow Vulnerability in validateForCommonR1andR2 of PasspointConfiguration.java Missing Permission Check in visitUris of Notification.java Allows for Local Privilege Escalation Possible Local Escalation of Privilege Vulnerability in KeyguardSecurityContainerController.java Uncaught Exception in ShortcutInfo Allows Unauthorized Retention of Notification Listening Access Bypassing Device Policy Restriction in BluetoothScanningMainSwitchPreferenceController.java Potential Local Privilege Escalation Vulnerability in WifiScanningMainSwitchPreferenceController One-Time Permission Retention Vulnerability in OneTimePermissionUserManager.java Out of Bounds Write Vulnerability in gatt_end_operation of gatt_utils.cc Improper Input Validation in ConfirmDialog.java Allows for VPN Bypass and Local Privilege Escalation Improper Input Validation in validatePassword of WifiConfigurationUtil.java Leads to Local Denial of Service Resource Exhaustion Vulnerability: Local Denial of Service without User Interaction One-Time Permission Persistence Vulnerability in OneTimePermissionUserManager.java Use-after-free vulnerability in binder.c allows for local privilege escalation Arbitrary Activity Launch Vulnerability in SettingsHomepageActivity Unauthenticated Sideload App Vulnerability in InstallPackageHelper.java Overflowing Service Label in Notification Access Permission Dialog Box Race condition vulnerability in startInput of AudioPolicyInterfaceImpl.cpp could lead to false microphone privacy indicator display Possible Out of Bounds Write Vulnerability in OSMMapPMRGeneric of pmr_os.c Improper Memory Access Check in mem_protect.c Allows for Hypervisor Memory Access Root CA Certificates Vulnerability: Remote Information Disclosure without User Interaction Google Play Protection Bypass Vulnerability in killBackgroundProcesses of ActivityManagerService.java Bypassing Lockdown Mode with Screen Pinning Vulnerability Path Traversal Vulnerability in MmsProvider.java Allows for Unauthorized Directory Permission Modification Background Activity Launch Vulnerability with PiP Mode Escalation Out of Bounds Read Vulnerability in parseInputs of ShimPreparedModel.cpp Improper Input Validation in readFrom Method of Uri.java Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in SDP_AddAttribute of sdp_db.cc Out of Bounds Read Vulnerability in convertSubgraphFromHAL of ShimConverter.cpp Bypassing Factory Reset Protections in AdminIntegratedFlowPrepareActivity.java Uninitialized Data Information Disclosure in writeToParcel of CursorWindow.cpp Missing Permission Check in visitUris of RemoteViews.java Allows for Image Disclosure Across Users Microphone Privacy Indicator Logic Error Allows for Local Privilege Escalation Cross-User Media Read Vulnerability in visitUris of RemoteViews.java Possible Permanent DoS Vulnerability in setMediaButtonBroadcastReceiver of MediaSessionRecord.java Failure to Lock Screen After Timeout Vulnerability Out of Bounds Write Vulnerability in TRANSPOSER_SETTINGS of lpp_tran.h Confused Deputy Vulnerability in StatusHints.java Allows for Cross-User Image Disclosure Improper Input Validation in DevicePolicyManager.java Allows Local Denial of Service MediaSessionRecord.java: Local Information Disclosure Vulnerability via Confused Deputy Unauthenticated Image Disclosure Vulnerability in visitUris of RemoteViews.java Type Confusion Vulnerability Allows Remote Code Execution Potential Local Information Disclosure Vulnerability in visitUris of Notification.java Confused Deputy Vulnerability: Local Information Disclosure without User Interaction Race condition vulnerability in MmsProvider.java allows for local denial of service without user interaction Local Information Disclosure Vulnerability in visitUris of Notification.java Local Information Disclosure Vulnerability in openContentUri of ActivityManagerService.java Side Channel Information Disclosure in PackageManagerNative Allows for Local Privilege Escalation without User Interaction Package Disclosure Vulnerability in Slice: Local Information Disclosure without User Interaction Content Provider Installation Check Vulnerability in SliceManagerService App Installation Detection Vulnerability Allows Local Privilege Escalation Factory MAC Address Disclosure Vulnerability in SEPolicy Application Disclosure Vulnerability in Slice: Local Privilege Escalation without User Interaction Package Manager Information Disclosure Vulnerability Critical SQL Injection Vulnerability in SourceCodester Purchase Order Management System 1.0 Side Channel Information Disclosure in PackageManager Allows Unauthorized App Detection App Installation Status Disclosure Vulnerability in ActivityManagerService Package Manager Side Channel Information Disclosure Vulnerability App Installation Detection Vulnerability: Side Channel Information Disclosure App Installation Status Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability Side Channel Information Disclosure in ContentService Allows Reading of Installed Sync Content Providers Bluetooth Permissions Bypass Vulnerability in Android Devices Out of Bounds Read Vulnerability in Composer Allows Local Privilege Escalation Out of Bounds Read Vulnerability in libcore: Local Information Disclosure Vulnerability: OS Command Injection in INEA ME RTU Firmware (Versions < 3.36) Bluetooth Heap Buffer Overflow: Local Privilege Escalation without User Interaction Permissions Bypass Vulnerability in Settings Allows Unauthorized Control of Private DNS Settings Cross-User Media Read Vulnerability in IntentResolver Unauthenticated Call Forwarding Vulnerability in Core Bluetooth Out of Bounds Read Vulnerability: Local Information Disclosure without User Interaction Bluetooth Heap Buffer Overflow: Remote Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability Side Channel Information Disclosure in ContentService Allows App Installation Detection without Query Permissions App Installation Status Information Disclosure Vulnerability Side Channel Information Disclosure in UsageStatsService Allows Reading of Installed 3rd Party Apps DollarMathPostFilter Regular Expression Denial of Service in GitLab CE/EE Side Channel Information Disclosure in Device Policy Allows Unauthorized App Verification Cross-User Settings Disclosure Vulnerability in Package Manager Side Channel Information Disclosure Vulnerability in Activity Manager Package Installer Vulnerability: Unauthorized App Installation Detection and Privilege Escalation App Installation Status Information Disclosure Vulnerability Package Manager Service Information Disclosure Vulnerability Side Channel Information Disclosure in Permission Manager Allows App Installation Detection without Query Permissions Unauthenticated App Detection Vulnerability in Package Installer Unauthenticated Local Information Disclosure in Activity Manager Out of Bounds Memory Access Vulnerability in Google Chrome Service Worker API Overlay Manager Vulnerability: Unauthorized App Installation Detection and Local Information Disclosure InputMethod Vulnerability: App Installation Status Disclosure via Side Channel Information App Installation Status Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability App Ops Service Logic Error: Local Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability Input Method App Detection Vulnerability Unprivileged App Detection Vulnerability in InputMethod Unprivileged App Detection Vulnerability Minikin Vulnerability: Remote Denial of Service via Malicious Message Out of Bounds Memory Access Vulnerability in Google Chrome Service Worker API Telecomm Vulnerability: Unauthorized Call State Disclosure without User Interaction Permission Bypass Vulnerability in Permission Manager Allows Local Privilege Escalation Logic Error in Speech Code Allows Local Privilege Escalation without User Interaction Unsafe PendingIntent in ActivityStarter allows for background activity launch and local privilege escalation without user interaction Job Scheduler Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability Side Channel Information Disclosure in Device Idle Controller Allows App Installation Detection without Query Permissions Bluetooth Out of Bounds Read Vulnerability: Remote Information Disclosure without User Interaction Window Manager App Installation Information Disclosure Vulnerability Package Manager Side Channel Information Disclosure Vulnerability Use After Free Vulnerability in Google Chrome DevTools Media Projection Vulnerability: App Installation Detection and Local Information Disclosure Background Activity Launch Vulnerability in Activity Manager Unbounded Read Vulnerability in NFA Allows Local Information Disclosure Remote Information Disclosure Vulnerability in NFA: Missing Bounds Check Package Manager Service Information Disclosure Vulnerability Use-after-free vulnerability in libaudioclient allows for local privilege escalation Bluetooth Out of Bounds Write Vulnerability Enables Remote Code Execution NFC Out of Bounds Read Vulnerability: Local Information Disclosure UWB Google App Masquerade Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Server Out of Bounds Read Vulnerability: Local Information Disclosure Skia Integer Overflow Vulnerability in Google Chrome Bluetooth Out of Bounds Write Vulnerability Allows Local Privilege Escalation Bluetooth Use After Free Vulnerability Allows Code Execution and Privilege Escalation Permanent DoS Vulnerability: Resource Exhaustion Leading to Local Denial of Service Resource Exhaustion Vulnerability in ContactsProvider Resource Exhaustion Vulnerability in Contacts App Allows Local Denial of Service Heap Allocation Pattern Prediction Vulnerability in Scudo Heap Out-of-Bounds Read/Write Vulnerability in Scudo Audio Vulnerability: Out of Bounds Read Allows Local Information Disclosure Settings Usage Access Restriction Toggle Screen Permissions Bypass Vulnerability Heap Buffer Overflow in SQLite in Google Chrome: Remote Code Execution Vulnerability Integer Overflow Vulnerability in Security Element API Allows for Local Privilege Escalation Integer Overflow Vulnerability in Secure Element Allows for Local Privilege Escalation Out of Bounds Read Vulnerability in libdexfile Allows Local Privilege Escalation Telephony Vulnerability: Unauthorized SIM Preference Change Allows Privilege Escalation Factory Reset Protection Bypass Vulnerability in System UI Integer Underflow Vulnerability in Sysproxy Allows for Local Privilege Escalation Telephony Vulnerability: ICCID Retrieval Logic Error SELinux Policy Restriction Bypass and Local Information Disclosure Vulnerability Silent Ring Vulnerability: Local Privilege Escalation in Telecomm Bluetooth Server Out of Bounds Read Vulnerability: Local Information Disclosure Hard-coded Credentials Vulnerability in GitHub Module Prior to 1.6.2 Bluetooth Heap Buffer Overflow: Local Privilege Escalation without User Interaction Local Arbitrary Code Execution Vulnerability in Media Resource Manager Unauthenticated Local Information Disclosure in Content Resolver Unintentional Data Leakage Vulnerability in Settings Prompts Package Manager Permissions Bypass: Unsafe PendingIntent Vulnerability Whitechapel Memory Corruption Vulnerability: Local Information Disclosure without User Interaction Token Leakage Vulnerability in User Backup Manager Allows Bypass of User Confirmation Critical Vulnerability: Privilege Escalation via Settings Restriction Bypass Profile Owner Bypass Vulnerability: Local Privilege Escalation without User Interaction DELMIA Apriso Release 2017-2022: Reflected Cross-site Scripting (XSS) Vulnerability Mobile Preference Restriction Evasion: Local Privilege Escalation via Permission Bypass Remote Denial of Service Vulnerability in Messaging Application Bluetooth Use After Free Vulnerability Allows Local Privilege Escalation SIM Change Vulnerability: Local Privilege Escalation without User Interaction Local Information Disclosure Vulnerability in registerPhoneAccount of TelecomServiceImpl.java Bluetooth Use After Free Vulnerability Enables Remote Information Disclosure Background Activity Launch Vulnerability in Activity Manager Insecure Default Value in Setup Wizard Allows Local Privilege Escalation SDKSandbox Vulnerability: Logic Error Allows Strandhogg Style Overlay Attack for Local Privilege Escalation Cryptographic Assurance Bypass: Logic Error Enables Local Privilege Escalation without User Interaction Server-Side Request Forgery Vulnerability in DELMIA Apriso: Unauthorized Host Requests Kernel Memory Corruption Vulnerability in io_uring.c Integer Overflow Vulnerability in DevmemIntChangeSparse of devicemem_server.c Out of Bounds Read Vulnerability in MMU_UnmapPages of mmu_common.c Uncaught Exception Arbitrary Code Execution Vulnerability in RGXDestroyZSBufferKM Static RSA Key Vulnerability in AXIS OS 11.0.X - 11.3.x OSDP Message Parser Crash Vulnerability in Axis Network Door Controllers and Intercoms Heap-based Buffer Overflow Vulnerability in AXIS A1001 Privileged Escalation Vulnerability: Broken Access Control Allows Operator Account to Gain Administrator Privileges Insecure File Permissions Expose User Credentials in Integration Interface Insufficient File Permissions Allow Unauthorized Access to Administrator Credentials Unsafe .NET Object Deserialization in DELMIA Apriso: Post-Authentication Remote Code Execution Vulnerability Unsanitized User Input in AXIS License Plate Verifier API Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Settings > Access Control Configuration Interface SQL Injection Vulnerability in AXIS License Plate Verifier's search.cgi Remote Code Execution Vulnerability in AXIS OS during ACAP Application Installation Flaw in Secure Boot Protection Allows Sophisticated Device Tampering Attack Vulnerability: Path Traversal Attack in VAPIX API overlay_del.cgi Vulnerability: Denial-of-Service Attack on AXIS OS Dynamic Overlay Configuration Page Vulnerability: Path Traversal in VAPIX API for File/Folder Deletion Vulnerability: Path Traversal Attack in AXIS OS VAPIX API (irissetup.cgi) Insecure Locking Mechanism in Secure Folder Prior to SMR Jan-2023 Release 1 Externally-Controlled Format String Vulnerability in STST TA Prior to SMR Jan-2023 Release 1: Arbitrary Code Execution KnoxCustomManagerService Vulnerability: Unauthorized Access to Device SIM PIN Improper Authorization Vulnerability in semAddPublicDnsAddr in WifiService Unprotected Action Exploit: Unauthorized Control of BLE Advertising in ChnFileShareKit Insufficient Permissions Vulnerability in SemChameleonHelper Local Privilege Escalation Vulnerability in Telecom Application Prior to SMR JAN-2023 Release 1 Vulnerability: Hardcoded AES Key Exposes Cardemulation PIN in NFC Prior to SMR Jan-2023 Release 1 NfcTile Access Control Vulnerability Improper Input Validation Vulnerability in TelephonyUI Allows Unauthorized Configuration of Preferred Call ePDG Vulnerability: Unauthorized Access to SSID via Implicit Intent Cross-Site Scripting Vulnerability in Enable SVG, WebP & ICO Upload WordPress Plugin Out-of-Bound Read Vulnerability in mapToBuffer Function in libSDKRecognitionText.spensdk.samsung.so Library Bixby Vision Data Access Vulnerability Unauthorized Invitation Vulnerability in Smart Things Prior to 1.7.93 Local Privilege Escalation Vulnerability in Galaxy Store JavaScript Execution Vulnerability in Galaxy Store 4.5.49.8 and earlier Fingerprint TA Memory Address Exposure Vulnerability Account ID Exposure Vulnerability in Contacts App Improper Access Control Vulnerability in Phone Application Prior to SMR Feb-2023 Release 1: Local Unauthorized Access to Sensitive Information via Implicit Broadcast Vulnerability: Unauthorized Access to Secure Folder App Preview via HomeScreen Logic Flaw UwbDataTxStatusEvent Input Validation Vulnerability Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 (VDB-226265) Screen Capture Vulnerability in WindowManagerService Data Authenticity Verification Bypass Vulnerability in Android Q(10), R(11), and S(12) Improper Access Control Vulnerability in Runestone Application Allows Unauthorized Device Location Access Cryptographic Vulnerability in Samsung Flow for Android: Message Decryption and Command Injection Cryptographic Vulnerability in Samsung Flow for PC 4.9.14.0 Allows Message Decryption and Command Injection Improper Access Control Vulnerability in MyFiles Allows Local Attackers to Write Files via Implicit Intent Local File Access Vulnerability in MyFiles App Improper Access Control Vulnerability in Samsung Cloud: Local Privilege Escalation via Implicit Intent Path Traversal Vulnerability in Samsung Cloud Allows Unauthorized Access to PNG File Improper Access Control Vulnerability in Call Application Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 (VDB-226266) Unauthenticated Access to Owner's Widget in One Hand Operation + (prior to version 6.1.21) SECRIL Stack-based Overflow Vulnerability in IpcRxEmbmsSessionList Bluetooth Implicit Intent Vulnerability: Unauthorized Access to Connected Device MAC Address SoftSim TA Vulnerability: Improper Input Validation Allows Local Access to Protected Data Lockscreen Vulnerability in Samsung Keyboard Allows Unauthorized Access to Text History Insecure Authorization Implementation in Exynos Baseband: Exploiting Unencrypted Message Handling Galaxy Themes Service Path Traversal Vulnerability Bluetooth File Transfer Vulnerability: Unauthorized File Sending via Bluetooth Privilege Escalation Vulnerability in PhoneStatusBarPolicy Allows Unauthorized Do Not Disturb Control Critical Use After Free Vulnerability in Decon Driver Prior to SMR Mar-2023 Release 1 Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 (VDB-226267) Authentication Bypass Vulnerability in SecSettings prior to SMR Mar-2023 Release 1 AutoPowerOnOffConfirmDialog in Settings Vulnerability: Unauthorized Device Shutdown Quick Share Agent Vulnerability: Unauthorized Access to MAC Address Improper Access Control Vulnerability in MyFiles App Allows Local Attacker to Access Secret Mode Information in Samsung Internet Improper Access Control in Samsung Calendar Allows Local Attacker to Configure Improper Status Improper Access Control Vulnerability in BixbyTouch: Untrusted Applications Can Access Local Files Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 (VDB-226268) Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 Improper Access Control Vulnerability in AppLock: Unauthorized Privileged Operation Execution Android VideoPreviewActivity Vulnerability Allows Unauthorized Access to Media Data Improper Export of Android Application Components Vulnerability in ImagePreviewActivity Local Privilege Escalation Vulnerability in Telephony Framework Local Privilege Escalation Vulnerability in Tips prior to SMR May-2023 Release 1 Critical Heap Out-of-Bounds Write Vulnerability in Pre-SMR May-2023 Release 1 Bootloader Enables Arbitrary Code Execution Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 Local Privilege Escalation Vulnerability in GearManagerStub Improper Access Control Vulnerability in ThemeManager: Arbitrary File Write Kernel Pointer Leakage Vulnerability SemShareFileProvider Improper Access Control Vulnerability Buffer Overflow Vulnerability in Shannon Baseband's Auth API Improper Access Control Vulnerability in Knox Enrollment Service Allows Unauthorized Installation of KSP App Active Debug Code Vulnerability in ActivityManagerService mPOS TUI Trustlet Externally-Controlled Format String Vulnerability Memory Overwrite Vulnerability in setPartnerTAInfo in mPOS TUI Trustlet Out-of-bounds Write Vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI Trustlet Critical SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 (VDB-226271) Double Free Validation Vulnerability in setPinPadImages in mPOS TUI Trustlet Arbitrary Code Execution Vulnerability in mPOS Fiserve Trustlet Privilege Escalation Vulnerability in FactoryTest Application Prior to SMR May-2023 Release 1 Buffer Overflow Vulnerability in mm_LteInterRatManagement.c in Shannon Baseband Buffer Overflow Vulnerability in mm_Plmncoordination.c in Shannon Baseband Arbitrary File Write Vulnerability in Samsung Core Service Arbitrary Code Execution Vulnerability in Samsung Blockchain Keystore (prior to version 1.3.12.1) Out-of-bounds Read Vulnerability in Samsung Blockchain Keystore's BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY Command Arbitrary Code Execution Vulnerability in Samsung Blockchain Keystore (prior to version 1.3.12.1) Arbitrary Code Execution Vulnerability in Samsung Blockchain Keystore (prior to version 1.3.12.1) Critical SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (VDB-226272) Out-of-bounds Read Vulnerability in Samsung Blockchain Keystore (prior to version 1.3.12.1) Allows Arbitrary Memory Reading Out-of-bounds Read Vulnerability in Samsung Blockchain Keystore Allows Arbitrary Memory Reading Knox ID Validation Logic Vulnerability in Notification Framework Privilege Escalation Vulnerability in CC Mode prior to SMR Jun-2023 Release 1 Vulnerability: Improper Scheme Validation in Galaxy Store Allows APK Installation via InstantPlay Deeplink Vulnerability in InstantPlay Allows Unauthorized APK Installation from Galaxy Store XSS Vulnerability in InstantPlay: Unauthorized APK Installation via Galaxy Store Exynos Baseband Heap Out-of-Bound Write Vulnerability Improper Access Control Vulnerability in SearchWidget Prior to Version 3.3 in China Models Critical Remote File Inclusion Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (VDB-226273) PII Enumeration via Credential Recovery in BlackBerry AtHoc version 7.15 SQL Injection Vulnerability in BlackBerry AtHoc Management Console BlackBerry AtHoc v7.15 Management Console (Reports) Reflected XSS Vulnerability Stored XSS Vulnerability in BlackBerry AtHoc Management Console Windows LSA Elevation of Privilege Vulnerability RPC Runtime DoS Vulnerability Windows Netlogon Information Disclosure Vulnerability Exposes Sensitive Data Windows iSCSI Service Denial of Service Vulnerability: Disrupting Storage Connectivity SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Cross-Site Scripting (XSS) Vulnerability in SourceCodester Complaint Management System 1.0 Container Elevation of Privilege Vulnerability in Azure Service Fabric Windows GDI Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Event Tracing Information Disclosure Vulnerability MSMQ Elevation of Privilege Vulnerability .NET Framework Denial of Service Vulnerability Windows Authentication RCE Vulnerability: A Critical Security Flaw Exploiting Remote Code Execution Critical SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 (VDB-226275) Windows Cryptographic Information Leakage Vulnerability Task Scheduler Privilege Escalation Vulnerability in Windows Windows Installer Privilege Escalation Vulnerability Windows L2TP Remote Code Execution Vulnerability Windows L2TP Remote Code Execution Vulnerability IKE Protocol Denial of Service Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows SMB Witness Service Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Air Cargo Management System 1.0 Windows Cryptographic Information Leakage Vulnerability Secure Your System: Microsoft Cryptographic Services Elevation of Privilege Vulnerability Windows GDI Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Azure DevOps Server Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Windows L2TP Remote Code Execution Vulnerability Windows L2TP Remote Code Execution Vulnerability Windows LDAP Denial of Service Vulnerability Windows Error Reporting Service Privilege Escalation Vulnerability Windows Cryptographic Information Leakage Vulnerability Linux Kernel RPL Protocol Handling Denial of Service Vulnerability Windows Boot Manager Secure Boot Bypass Vulnerability Secure Your System: Microsoft Cryptographic Services Elevation of Privilege Vulnerability BitLocker Security Feature Bypass Vulnerability: A Critical Flaw in Data Encryption Exploiting Cross-Site Scripting Vulnerability in Azure DevOps Server Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Exploiting Visual Studio's Elevation of Privilege Vulnerability Visual Studio Remote Code Execution Vulnerability VS Extension Remote Code Execution Vulnerability in Microsoft SQL Server Integration Service Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Critical Heap-Based Buffer Overflow Vulnerability Discovered in ImageMagick Package Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Arbitrary Code Execution Vulnerability in Adobe Photoshop Versions 23.5.3 and Earlier, 24.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Photoshop: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Photoshop Versions 23.5.3 and Earlier, 24.1 and Earlier Out-of-Bounds Read Vulnerability in Photoshop Versions 23.5.3 and Earlier, 24.1 and Earlier Integer Overflow or Wraparound Vulnerability in Adobe Acrobat Reader User Impersonation Vulnerability in Code Dx Versions Prior to 2023.4.2 Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Adobe Digital Editions Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Use After Free Vulnerability in FrameMaker 2020 and 2022 Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Arbitrary Code Execution via Improper Input Validation in Adobe InDesign Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Maintenance Mode Bypass Vulnerability in CMP – Coming Soon & Maintenance Plugin for WordPress Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Adobe InDesign NULL Pointer Dereference Vulnerability Allows Application Denial-of-Service Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe InCopy Out-of-Bounds Write Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe InCopy Allows Memory Disclosure Adobe InCopy Out-of-Bounds Read Vulnerability Insecure Password Requirements in GitHub Repository Modoboa/Modoboa Prior to 2.1.0 Use After Free Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension 3.4.6 and Earlier Stack-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Heap-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution XML External Entity (XXE) Vulnerability Stack-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Adobe Acrobat Reader Privilege Escalation Vulnerability Adobe Acrobat Reader Privilege Escalation Vulnerability Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Access of Uninitialized Pointer Vulnerability in Adobe Substance 3D Designer 12.4.1 and Earlier Arbitrary Code Execution via Out-of-Bounds Write in FrameMaker 2020 and 2022 Use-After-Free Vulnerability in iscsi_sw_tcp_session_create in Linux Kernel Allows Information Leakage Out-of-Bounds Read Vulnerability in FrameMaker 2020 and 2022 Allows Memory Disclosure Arbitrary Code Execution via Improper Input Validation in FrameMaker 2020 and 2022 Arbitrary Code Execution via Out-of-Bounds Write in FrameMaker 2020 and 2022 Vulnerability: Information Disclosure in DSP Services during Dynamic Module Loading DNS Response Buffer Over-read Vulnerability Improper Authentication in HLOS Key Velocity Checks: A Cryptographic Vulnerability Invalid Address Vulnerability in Trusted Execution Environment Service API WLAN HAL Memory Corruption Vulnerability Double Free Vulnerability in Modem's PKCS15 SIM File Parsing BPF Verifier Pruning Vulnerability in Linux Kernel >=5.4 Integer Overflow Vulnerability in Multimedia Framework's synx bind and synx signal Functions Insecure Configuration Vulnerability in Modem's LTE Security Mode Command Processing GSL Memory Node Query Vulnerability in Automotive GPU Linux Memory Corruption Vulnerability in QcRilRequestImsRegisterMultiIdentityMessage Processing SMS Memory Corruption Vulnerability in Radio Interface Layer Telephony-Triggered Memory Corruption in Data Network Stack & Connectivity Array Index Out of Bounds Vulnerability in Linux Update and Record Process Linux System Configuration API Vulnerability: Memory Corruption Exploit API Instance ID Mismatch Vulnerability in Video Calling Audio Memory Corruption Vulnerability in sva_model_serializer Stored XSS Vulnerability in GitLab WebIDE Beta Buffer Overflow Vulnerability in Linux File Upload API System Vulnerability: Unprivileged App Can Manipulate Global Brightness and Disrupt System Functionality HAB Memory Management Vulnerability: Exploiting Broad System Privileges via Physical Address Automotive System Call Vulnerability: Untrusted Pointer Dereference Leading to Memory Corruption Integer Overflow Vulnerability in RIL Triggering qcril_uim_request_apdu Request Invalid System Information Block 1 causing Transient Denial of Service (DoS) Vulnerability in Modem Bluetooth GATT Packet Information Disclosure Vulnerability RIL Memory Corruption Vulnerability in APDU Packet Sending WLAN Memory Corruption Vulnerability in doDriverCmd GPS HLOS Driver Vulnerability: Memory Corruption in injectFdclData with Invalid Data Length Type Conversion Vulnerability in TEE's secure_io_read/write Function Leads to Memory Corruption in Core Insecure Storage of Derived Keys in HLOS: A Cryptographic Vulnerability Transient Denial of Service Vulnerability in Modem during RRC Reconfiguration Processing Audio Playback Vulnerability: Memory Corruption with Enabled Audio Effects Audio Metadata Memory Corruption Vulnerability WLAN HOST Memory Corruption Vulnerability Audio Corruption Vulnerability in ADSP during Record Use Case Beacon/Probe Response Frame Processing Vulnerability in WLAN Firmware Vulnerability: Transient Denial of Service (DoS) in WLAN Firmware due to Missing Header Fields in Frames Null Pointer Dereference Vulnerability in CAN Protocol in Linux Kernel FT Information Element Parsing Vulnerability in WLAN Firmware: Transient Denial of Service WLAN Beacon/Probe-Response Frame Parsing Vulnerability: Transient DOS Exploit Buffer Overflow Vulnerability in Core Platform Log Printing Display Metadata Memory Corruption Vulnerability Buffer Overflow Vulnerability in Core Platform Log Printing Graphics File Import Vulnerability: Memory Corruption Exploit Graphics Buffer Overflow Vulnerability Transient Denial of Service (DoS) Vulnerability in Bluetooth HOST during Descriptor Validation for Blacklisted BT Keyboard WLAN HOST Information Disclosure Vulnerability via Invalid Source Address in DPP Action Frame GPU Privilege Escalation Vulnerability Memory Corruption Vulnerability in Core Syscall for Sectools Fuse Comparison Feature Concurrent Audio Tunnel Playback/Recording Vulnerability VM Resource Manager Vulnerability: Memory Corruption via Improper Access Windows ALPC Elevation of Privilege Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows LDAP Remote Code Execution Vulnerability IKE Extension Denial of Service Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows L2TP Remote Code Execution Vulnerability Stored Cross-Site Scripting Vulnerability in TaxoPress WordPress Plugin (Versions up to 3.6.4) Windows Win32k Privilege Escalation Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Windows PPP Information Disclosure Vulnerability IKE Extension Denial of Service Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability HTTP.sys Information Leakage Vulnerability Windows NT OS Kernel Elevation of Privilege Vulnerability PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol Stored Cross-Site Scripting Vulnerability in TaxoPress WordPress Plugin PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol Unveiling the Microsoft PEAP Information Disclosure Vulnerability PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol Microsoft Printer Driver Information Disclosure Vulnerability Critical Remote Code Execution Vulnerability in Windows Fax Service PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol Windows iSNS Server Information Disclosure Vulnerability Windows iSNS Server Information Disclosure Vulnerability Stored Cross-Site Scripting Vulnerability in TaxoPress WordPress Plugin Windows iSCSI Discovery Service Denial of Service Vulnerability PEAP Denial of Service Vulnerability in Microsoft's Protected Extensible Authentication Protocol Windows iSCSI Service Denial of Service Vulnerability: Disrupting Storage Connectivity Data Box Gateway Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server RPC Runtime RCE Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Stored Cross-Site Scripting Vulnerability in BadgeOS Plugin for WordPress Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Pervasive Windows PPTP Remote Code Execution Vulnerability SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Exposed Secrets: Microsoft Office Information Disclosure Vulnerability Microsoft Publisher Security Bypass Vulnerability Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Unauthenticated Elevation of Privilege Vulnerability in Microsoft SharePoint Server Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server Edge (Chromium-based) Security Feature Bypass Vulnerability Insecure Direct Object Reference vulnerability in BadgeOS WordPress Plugin (up to version 3.7.1.6) allows unauthorized modification of post titles EdgeTamper: A Critical Vulnerability in Microsoft Edge (Chromium-based) Unauthenticated Elevation of Privilege Vulnerability in Microsoft OneNote .NET Framework Denial of Service Vulnerability: Exploiting System Resource Exhaustion Windows DWM Core Library Privilege Escalation Vulnerability Windows Malicious Software Removal Tool Privilege Escalation Vulnerability Windows Credential Manager User Interface Elevation of Privilege Vulnerability RPC Runtime RCE Vulnerability Windows Netlogon Denial of Service Vulnerability: Disrupting Network Authentication RPC Runtime Information Disclosure Vulnerability Insecure Direct Object Reference vulnerability in BadgeOS WordPress Plugin Secure Your System: Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Windows Bind Filter Driver Privilege Escalation Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Vulnerability: Unauthorized Modification of Data in BadgeOS Plugin for WordPress Windows Media Player Remote Code Execution Vulnerability Visio File Information Disclosure Vulnerability SharePoint Server Remote Code Execution Vulnerability SharePoint Server Security Feature Bypass Vulnerability SharePoint Server Remote Code Execution Vulnerability Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Windows NTLM Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Windows Backup Service Privilege Escalation Vulnerability Windows Event Tracing Information Disclosure Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Win32k Privilege Escalation Vulnerability Windows L2TP DoS Vulnerability IKE Extension Denial of Service Vulnerability Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Out-of-Boundary Read Vulnerability in compare_netdev_and_ip in RDMA in the Linux Kernel Print Spooler Privilege Escalation Vulnerability in Windows Exposed: Microsoft Exchange Server Information Leakage Vulnerability Microsoft Exchange Server Spoofing Vulnerability: A Gateway for Impersonation Attacks Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Print Spooler Privilege Escalation Vulnerability in Windows Windows Overlay Filter Information Leakage Vulnerability Windows Overlay Filter Privilege Escalation Vulnerability WinSock Elevation of Privilege Vulnerability in Windows Ancillary Function Driver Microsoft Message Queuing DoS Vulnerability Null Pointer Dereference Vulnerability in Linux Kernel's SCTP Network Protocol Windows Local Session Manager (LSM) Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Windows Kernel Information Leakage Vulnerability Critical Elevation of Privilege Vulnerability in Azure App Service on Azure Stack Hub Exploiting the Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Stored Cross-Site Scripting Vulnerability in Aajoda Testimonials WordPress Plugin 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution Unauthenticated Order Status Manipulation in WooCommerce Order Status Change Notifier WordPress Plugin 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Edge Chromium Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Arbitrary File Download and PHAR Unserialization Vulnerability in KIWIZ Invoices Certification & PDF System WordPress Plugin Windows Installer Privilege Escalation Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Windows Media Player Remote Code Execution Vulnerability Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Power BI Report Server URL Spoofing Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Exploiting the .NET and Visual Studio Remote Code Execution Vulnerability Exploiting Microsoft Defender for Endpoint Security Feature Bypass Vulnerability GitLab Refs/Replace Content Smuggling Vulnerability Windows iSCSI Service Denial of Service Vulnerability: Disrupting Storage Connectivity Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Secure Channel DoS Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Windows Active Directory Domain Services API Denial of Service Vulnerability: Disrupting Network Operations Kerberos Privilege Escalation Vulnerability in Windows Windows Secure Channel DoS Vulnerability Windows Secure Channel DoS Vulnerability Privilege Escalation Vulnerability in GitLab EE with OpenID Connect DFS Remote Code Execution Vulnerability in Windows Windows Graphics Component Privilege Escalation Vulnerability Exploiting the Windows Graphics Component for Remote Code Execution Vulnerability in Oracle Communications BRM - Elastic Charging Engine Allows Unauthorized Access to Critical Data Oracle iSupplier Portal Unauthenticated Read Access Vulnerability Oracle Hospitality Reporting and Analytics Product Vulnerability Oracle Database Data Redaction Vulnerability Oracle Hospitality Reporting and Analytics Product Vulnerability: Unauthorized Access and Data Manipulation Oracle Database RDBMS Security Component Unauthorized Access Vulnerability Unauthenticated Test Alert Abuse in Grafana Oracle Java SE and Oracle GraalVM Enterprise Edition Serialization Vulnerability Title: Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement (Advising Notes) Oracle BI Publisher Product Vulnerability: Unauthorized Takeover Oracle ZFS Storage Appliance Kit Object Store Unauthorized Read Access Vulnerability Oracle Self-Service Human Resources Vulnerability: Unauthorized Data Manipulation Oracle Java SE and Oracle GraalVM Enterprise Edition DTLS Vulnerability MySQL Server Denial of Service Vulnerability Unauthenticated Network Access Vulnerability in Oracle WebLogic Server Unauthenticated Remote Denial of Service Vulnerability in Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Reflected Cross-Site Scripting Vulnerability in WP Responsive Tabs Plugin MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Sound Component Unauthenticated Access Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Oracle BI Publisher Product Vulnerability: Unauthorized Takeover Vulnerability in Oracle Web Applications Desktop Integrator Allows Unauthorized Data Access and Manipulation Oracle Communications Convergence Product Takeover Vulnerability Oracle Applications DBA Product Vulnerability: Unauthorized Data Manipulation via Java Utils Oracle Demantra Demand Management Unauthenticated Access Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Data Manipulation Oracle Learning Management Product Vulnerability Oracle Mobile Field Service Synchronization Vulnerability Oracle Sales Offline Unauthenticated Data Manipulation Vulnerability Oracle Sales for Handhelds Unauthenticated Data Manipulation Vulnerability Oracle iSetup Unauthenticated Access Vulnerability Oracle HCM Common Architecture Unauthenticated Access Vulnerability Oracle Collaborative Planning Unauthenticated Access Vulnerability Oracle Access Manager Authentication Engine Privilege Escalation Vulnerability Format String Vulnerability in Triangle MicroWorks' SCADA Data Gateway MySQL Cluster Vulnerability: Unauthorized Takeover via Physical Communication Segment Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Oracle Web Services Manager XML Security Component Unauthenticated Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service Unauthenticated User Broadcast and Forced Logout Vulnerability in Triangle MicroWorks' SCADA Data Gateway MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server (InnoDB Component) Allows for Denial of Service Attacks MySQL Server Vulnerability: Unauthorized Access and Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service via Thread Pooling Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability SQL Injection Vulnerability in Colibri Page Builder for WordPress (Versions up to 1.0.227) Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Hang and Crash Oracle VM VirtualBox Prior to 6.1.42 and Prior to 7.0.6 Windows Vulnerability: Unauthorized Data Access Oracle VM VirtualBox Vulnerability: Unauthorized Takeover via Multiple Protocols MySQL Server Denial of Service Vulnerability Vulnerability in Primavera Gateway: Unauthorized Data Access and Manipulation Vulnerability in Oracle VM VirtualBox Allows Unauthorized Data Access Vulnerability: Unauthorized Widget Manipulation in Elementor Addons Plugin Oracle Communications Converged Application Server Remote Takeover Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Oracle Data Provider for .NET Remote Code Execution Vulnerability Oracle Global Lifecycle Management NextGen OUI Framework Takeover Vulnerability Oracle Solaris NSSwitch Vulnerability: Unauthorized Takeover of System Oracle VM VirtualBox Denial of Service Vulnerability Oracle VM VirtualBox Denial of Service Vulnerability Vulnerability: Unauthorized Access to Private Project Commits in GitLab Oracle Solaris NSSwitch Vulnerability: Unauthorized Access and Partial Denial of Service Oracle Financial Services Analytical Applications Infrastructure Product Vulnerability Vulnerability in Oracle Financial Services Behavior Detection Platform Allows Unauthorized Data Access Vulnerability in Oracle Banking Virtual Account Management Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Banking Virtual Account Management Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Banking Virtual Account Management: Unauthorized Data Access and Modification Vulnerability in Oracle Banking Virtual Account Management: Unauthorized Data Access and Modification Vulnerability in Oracle Banking Virtual Account Management Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Banking Virtual Account Management Allows Unauthorized Access and Data Manipulation Critical Data Access Vulnerability in Oracle Siebel CRM (UI Framework) Stored Cross-site Scripting (XSS) Vulnerability in AzuraCast GitHub Repository (prior to 0.18) Oracle Business Intelligence Enterprise Edition: Unauthorized Access Vulnerability Vulnerability in Oracle MySQL Server (InnoDB Component) Allows for Denial of Service Attacks MySQL Server Privilege Escalation Vulnerability MySQL Server Denial of Service Vulnerability Oracle Banking Payments: Unauthorized Data Access and Manipulation Vulnerability Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Oracle Database Recovery Manager Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Health Sciences InForm Allows Unauthorized Data Access and Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle Health Sciences InForm Vulnerability in Oracle Health Sciences InForm: Unauthorized Access and Data Manipulation Vulnerability in Oracle Health Sciences InForm: Unauthorized Data Access and Partial Denial of Service Oracle Health Sciences InForm Partial Denial of Service Vulnerability Vulnerability in Oracle Health Sciences InForm Allows Unauthorized Access to Critical Data Unauthorized Read Access Vulnerability in Oracle JD Edwards EnterpriseOne Tools Oracle Solaris IPS Repository Daemon Unauthorized Data Access Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash OAuth2 Authorization Code Invalidation Vulnerability in Mattermost Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-100210) Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Vulnerability in Oracle Hospitality OPERA 5 Property Services: Unauthorized Access and Data Compromise MySQL Server Denial of Service Vulnerability Java VM Component Vulnerability in Oracle Database Server (19c and 21c) MySQL Server Denial of Service Vulnerability Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Oracle Java SE and Oracle GraalVM Enterprise Edition Unauthenticated Network Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-0001) Out-of-Bounds Write Vulnerability in Linux Kernel's SLIMpro I2C Device Driver MySQL Server Denial of Service Vulnerability Oracle BI Publisher Unauthorized Data Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Essbase (Security and Provisioning Component) Unauthenticated Remote Code Execution Vulnerability in Oracle Essbase (Security and Provisioning Component) Unauthenticated Remote Code Execution Vulnerability in Oracle Essbase (Security and Provisioning Component) MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Solaris Core Vulnerability: Unauthorized Takeover of System Oracle Database Server Advanced Networking Option Unauthenticated Access Vulnerability Jenkins Code Dx Plugin 3.1.0 CSRF Vulnerability: Unauthorized URL Connection MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle Business Intelligence Enterprise Edition Allows Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition MySQL Server Denial of Service Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle iReceivables Attachments Unauthorized Read Access Vulnerability Jenkins Code Dx Plugin 3.1.0 and earlier: Missing Permission Check Allows Unauthorized File Path Existence Check Oracle WebLogic Server Unauthenticated Access Vulnerability Oracle Hyperion Essbase Administration Services Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service (DOS) Unauthenticated Remote Denial of Service Vulnerability in Oracle WebLogic Server Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Vulnerability in Oracle MySQL Server: JSON Component Allows for Denial of Service (DoS) Attacks Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Oracle SQL Developer Installation Vulnerability Padding Oracle Attack Vulnerability in HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 Oracle BI Publisher Product Vulnerability: Unauthorized Access to Critical Data Vulnerability in Oracle MySQL Connectors: Unauthorized Access and Denial of Service MySQL Server Denial of Service Vulnerability Oracle iProcurement E-Content Manager Catalog Vulnerability Vulnerability in Oracle Application Express Team Calendar Plugin: Remote Code Execution Vulnerability in Oracle Application Express Customers Plugin: Remote Takeover MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Application Object Library Allows Unauthorized Access and Partial Denial of Service Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Regular Expression Denial of Service in GitLab CE/EE via Crafted Payloads in preview_markdown Endpoint Vulnerability in Oracle MySQL Server Allows Takeover (CVE-2021-2345) Elastic Search Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Application Express Administration: Unauthorized Access and Partial Denial of Service Oracle Solaris HTTP Denial of Service Vulnerability Oracle Solaris Utility Vulnerability: High Privileged Takeover Oracle GraalVM Enterprise Edition Native Image Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Platform Oracle VM VirtualBox Vulnerability: Unauthorized Data Access Oracle VM VirtualBox Vulnerability: Unauthorized Access to Critical Data Regular Expression Denial of Service in GitLab CE/EE via Crafted Payloads in preview_markdown Endpoint Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2021-12345) Oracle VM VirtualBox Vulnerability: Unauthorized Data Access Vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources: Unauthorized Data Access and Manipulation Oracle Clinical Remote Data Capture Product Vulnerability Vulnerability in Oracle Mobile Security Suite: Unauthorized Access to Critical Data Oracle WebLogic Server Denial of Service Vulnerability Oracle User Management Proxy User Delegation Unauthorized Read Access Vulnerability Oracle VM VirtualBox Prior to 6.1.44 and Prior to 7.0.8 Windows VM Unauthorized Data Access Vulnerability Vulnerability in Oracle VM VirtualBox: Unauthorized Data Access HTML Injection Vulnerability in GitLab CE/EE Allows Email Address Field Manipulation Oracle VM VirtualBox Vulnerability: Unauthorized Access and Data Manipulation Oracle VM VirtualBox Vulnerability: Unauthorized Access and Data Manipulation Oracle VM VirtualBox Vulnerability: Unauthorized Access to Critical Data Oracle Solaris Utility Unauthenticated Access Vulnerability Oracle E-Business Suite Reports Configuration Unauthenticated Access Vulnerability MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Unauthenticated Network Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle MySQL Server (InnoDB Component) Allows for Denial of Service Attacks Oracle Self-Service Human Resources Unauthorized Read Access Vulnerability SQL Injection Vulnerability in Web Directory Free for WordPress (Versions up to 1.6.7) Oracle Essbase Security and Provisioning Vulnerability: Unauthorized Data Access Oracle Business Intelligence Enterprise Edition Vulnerability: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Business Intelligence Enterprise Edition allows unauthorized data manipulation Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Takeover of PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Hang and Crash Oracle VM VirtualBox Denial of Service Vulnerability Oracle VM VirtualBox RDP Network Access Vulnerability Oracle HTTP Server Unauthenticated Remote Code Execution Vulnerability GitHub Repository Access Control Vulnerability Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access Vulnerability Oracle Business Intelligence Enterprise Edition: Partial Denial of Service Vulnerability Oracle Health Sciences Sciences Data Management Workbench Blinding Functionality Unauthorized Access Vulnerability Vulnerability in Oracle Solaris Device Driver Interface Allows for Takeover Unbreakable Enterprise Kernel (UEK) RDS Module Local Denial of Service Vulnerability Unauthenticated Network Access Vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition MySQL Server Denial of Service Vulnerability Oracle Business Intelligence Enterprise Edition Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Commerce Guided Search: Unauthorized Data Access and Manipulation Use-after-free vulnerability in WebKitGTK package allows for denial of service or arbitrary code execution Oracle WebLogic Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Oracle Database Server Unified Audit Component Vulnerability Oracle E-Business Suite iSurvey Module: Unauthenticated Remote Code Execution Vulnerability Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK Utility Component Partial Denial of Service Vulnerability Vulnerability in Oracle Web Applications Desktop Integrator Allows Unauthorized Data Access and Partial Denial of Service Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in Oracle Agile PLM WebClient: Unauthorized Data Access and Manipulation Critical SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 (VDB-226969) Oracle WebLogic Server Vulnerability: Unauthorized Data Access and Server Crash Unauthenticated Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK Oracle E-Business Suite Vulnerability: Unauthorized Data Access and Manipulation in Oracle Applications Framework Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE (JavaFX) Unauthenticated Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK Unauthenticated Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Vulnerability in Oracle MySQL Server: Unauthorized Read Access to Data Unauthenticated Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 JD Edwards EnterpriseOne Orchestrator Unauthorized Data Access Vulnerability Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK Vulnerability: Unauthorized Read Access Java VM Component Vulnerability in Oracle Database Server Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service MySQL Server Denial of Service Vulnerability JD Edwards EnterpriseOne Tools Web Runtime SEC Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Replication Vulnerability: Unauthorized Hang or Crash MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Critical SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 Vulnerability in Oracle Hyperion Workspace: Unauthorized Access and Data Manipulation Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Vulnerability in Oracle Hyperion Financial Reporting: Unauthorized Access and Partial Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in MySQL Server: Unauthorized Hang and Crash (CVE-2021-2345) Vulnerability in Oracle Java SE and Oracle GraalVM: Unauthenticated Network Access via CORBA Vulnerability in MySQL Server: Unauthorized Hang and Crash (CVE-2021-2345) Oracle WebLogic Server Remote Code Execution Vulnerability SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 MySQL Server Denial of Service Vulnerability PL/SQL Component Privilege Escalation Vulnerability in Oracle Database Server Oracle WebLogic Server Remote Code Execution Vulnerability Oracle Notification Server Unauthenticated Access Vulnerability Oracle Database Sharding Component Partial Denial of Service Vulnerability Oracle Database Sharding Component Denial of Service Vulnerability Oracle E-Business Suite Vulnerability: Unauthorized Data Access and Manipulation in Oracle Applications Framework Oracle Database Recovery Manager Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Critical SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 (VDB-226973) Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Oracle Java SE, Oracle GraalVM, and Oracle GraalVM Enterprise Edition HTTPS Denial of Service Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access Unauthenticated Remote Data Read Vulnerability in Oracle Enterprise Session Border Controller Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Vulnerability in Oracle Hospitality OPERA 5 Property Services: Takeover via HTTP Access Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Hospitality OPERA 5 Property Services: Takeover via HTTP Access Vulnerability in Oracle Communications Order and Service Management Allows Unauthorized Data Access Oracle WebLogic Server Remote Code Execution Vulnerability Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 (VDB-226974) Title: Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects Vulnerability in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition: Unauthorized Data Access MySQL Server Denial of Service Vulnerability Oracle iRecruitment Product Vulnerability: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Installer Allows Unauthorized Data Access and Denial of Service MySQL Server 8.1.0 Denial of Service Vulnerability Java VM Component Vulnerability in Oracle Database Server Vulnerability in MySQL Server Allows for Denial of Service Attacks Oracle VM VirtualBox Prior to 7.0.12 Vulnerability: High Privileged Takeover Oracle VM VirtualBox Prior to 7.0.12 Vulnerability: High Privileged Takeover Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 (VDB-226975) Oracle VM VirtualBox Core Vulnerability: Unauthorized Access and Denial of Service Oracle WebLogic Server Unauthenticated Takeover Vulnerability Vulnerability in Oracle MySQL Connectors: Unauthenticated Takeover (CVE-2021-2345) MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server (InnoDB Component) Allows for Denial of Service Attacks Vulnerability in Oracle Analytics BI Publisher Web Server: Unauthorized Data Access and Manipulation Oracle Enterprise Command Center Framework API Unauthorized Access Vulnerability Vulnerability in Oracle Enterprise Command Center Framework Allows Unauthorized Data Access and Manipulation Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 MySQL Server Denial of Service Vulnerability MySQL Server UDF Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Encryption Vulnerability Vulnerability in MySQL Server: Unauthorized Hang and Crash (CVE-2021-2345) MySQL Server Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Manipulation Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Access and Data Compromise Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 (VDB-226977) Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Trade Finance: Unauthorized Access and Data Compromise Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Manipulation Unauthenticated Access Vulnerability in Oracle WebCenter Content Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Unauthenticated Network-based Filesystem Vulnerability in Oracle Solaris Oracle Solaris Kernel Denial of Service Vulnerability Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 (VDB-226978) Unauthenticated Remote Denial of Service Vulnerability in Oracle Sun ZFS Storage Appliance Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 Cross-Site Scripting (XSS) Vulnerability in Campcodes Coffee Shop POS System 1.0 Critical SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 (CVE-2021-226983) Critical SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Task Reminder System 1.0 (CVE-2021-226985) Cross-Site Scripting Vulnerability in Dream Technology Mica up to 3.0.5 (VDB-226986) SQL Injection Vulnerability in WP Custom Cursors WordPress Plugin Stack-based Buffer Overflow Vulnerability in Adobe Bridge Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe Bridge Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Stored Cross-Site Scripting Vulnerability in Login Rebuilder WordPress Plugin Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Adobe Connect Improper Access Control Vulnerability Allows Security Feature Bypass Out-of-Bounds Read Vulnerability in Adobe After Effects Stack-based Buffer Overflow Vulnerability in Adobe Premiere Rush 2.6 and Earlier: Arbitrary Code Execution Use After Free Vulnerability in InCopy Versions 18.1 and Earlier: Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe After Effects: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe After Effects: Arbitrary Code Execution Arbitrary Code Execution via Improper Input Validation in After Effects Versions 23.1 and Earlier Stored Cross-Site Scripting Vulnerability in SEO by 10Web WordPress Plugin Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Stack-based Buffer Overflow Vulnerability in Adobe Animate: Arbitrary Code Execution Use After Free Vulnerability in Adobe Premiere Rush 2.6 and Earlier Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Animate Allows Arbitrary Code Execution XML Injection Vulnerability in Adobe Commerce Allows Arbitrary File System Read Adobe Commerce Incorrect Authorization Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Commerce Versions 2.4.4-p2 and 2.4.5-p1 Stored Cross-Site Scripting Vulnerability in SEO Alert WordPress Plugin Improper Access Control Vulnerability in Adobe Commerce Versions 2.4.4-p2 and 2.4.5-p1: Security Feature Bypass Incorrect Authorization Vulnerability in Adobe Commerce Versions 2.4.4-p2 and 2.4.5-p1: Minor Information Disclosure Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions Insufficient Validation in PE and OLE Parsers in Rapid7's Velociraptor Allows for Remote Crash URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions SQL Injection Vulnerability in Adobe RoboHelp Server Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier GitHub Repository Modoboa/Modoboa Prior to 2.1.0 - Improper Authorization Vulnerability Weak Cryptography for Passwords Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier: Security Feature Bypass and Password Decryption Adobe RoboHelp Server Improper Input Validation Vulnerability Adobe RoboHelp Server Path Traversal Remote Code Execution Vulnerability Adobe RoboHelp Server XXE Vulnerability SQL Injection Vulnerability in Adobe RoboHelp Server Race condition vulnerability in Intel(R) Ethernet Controllers and Adapters E810 Series firmware (before version 1.7.2.4) enables local denial of service. CX-Programmer Ver.9.79 and Earlier: Use After Free Vulnerability with Information Disclosure and Arbitrary Code Execution m-FILTER Email Authentication Bypass Vulnerability Remote Code Execution Vulnerability in MAHO-PBX NetDevancer CSRF Vulnerability in modoboa/modoboa prior to 2.1.0 Arbitrary OS Command Execution Vulnerability in MAHO-PBX NetDevancer TMM Termination Vulnerability in BIG-IP AFM NAT Policy Unquoted File Path Vulnerability in WAB-MAT Ver.5.0.0.8 and Earlier DLL Hijacking Vulnerability in BIG-IP Edge Client for Windows (Versions 7.1.5 to 7.2.3.1) Unauthenticated Network Access Vulnerability in Intel Unison Software CSRF Vulnerability in MAHO-PBX NetDevancer and MobileGate HTML Email Injection in Tribe29 Checkmk: Exploiting Email Vulnerability in Checkmk Versions SQL Injection Vulnerability in Quick Post Duplicator for WordPress (Versions up to 2.0) Unison Software Vulnerability: Authenticated User Can Enable Denial of Service via Network Access Invalid Free Vulnerability in Ichitaro 2022 1.0.1.57600 Frame Stream Parser Unison Software Vulnerability: Local Access Privilege Escalation Exploit Vulnerability: Privilege Escalation via Improper Access Control in Intel Thunderbolt DCH Drivers for Windows Privilege Escalation via Incorrect Permissions in Tribe29 Checkmk Appliance Out of Bounds Read Vulnerability in Datakit CrossCadWare_x64.dll Arbitrary Script Injection Vulnerability in MAHO-PBX NetDevancer Series Buffer Overflow Vulnerability in Intel(R) Server Board BMC Firmware Open Redirect Vulnerability in pgAdmin 4: Remote Phishing Attack via Crafted URL OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: Remote Command Execution Privilege Escalation and Unauthorized Actions via Log Viewing Vulnerability Arbitrary Memory Access Vulnerability in OpenHarmony-v3.1.5 and Prior Versions HTTP Profile Denial of Service Vulnerability TP-Link SG105PE Firmware Authentication Bypass Vulnerability OS Command Injection Vulnerability in PIX-RT100 Versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 Integer Overflow Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5 Bridge Group Functionality Sensitive Data Exposure in Tribe29 Checkmk Appliance: Password Retrieval via Log File Reading Integer Underflow Vulnerability in SoftEther VPN's vpnserver OvsProcessData Functionality Reflective Cross-Site Scripting Vulnerability in Tribe29 Checkmk Appliance before 1.6.4 Critical Remote Management Vulnerability in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314 (VDB-227001) Race condition vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools allows for potential denial of service via local access Escalation of Privilege Vulnerability in Intel(R) Optane(TM) PMem 100 Series Management Software Intel(R) NUC BIOS Firmware Vulnerability: Local Privilege Escalation via Improper Access Control Buffer Overflow Vulnerability in Intel(R) QAT Library Software Title: Use After Free Vulnerability in CX-Programmer Ver.9.79 and Earlier Allows Information Disclosure and Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Snap One Wattbox WB-300-IP-3 Undocumented Telnet and SSH Services Vulnerability in PIX-RT100 Versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 CX-Programmer Ver.9.79 and Earlier: Use After Free Vulnerability with Information Disclosure and Arbitrary Code Execution Webconf Denial of Service Vulnerability in Tribe29 Checkmk Appliance SQL Injection Vulnerability in Milesight VPN v2.0.2 LoginAuth Functionality Allows Authentication Bypass GitLab Jira Prefix ReDoS Vulnerability Path Traversal and URL Evaluation Vulnerability in OpenAM Web Policy Agent Out-of-Bounds Read Vulnerability in Datakit CrossCadWare_x64.dll OMRON CX-Motion Pro 1.4.6.013 and Earlier XXE Vulnerability CPU Resource Utilization Vulnerability in BIP-IP Versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x Remote SQL Injection Vulnerability in CONPROSYS HMI System (CHS) Ver.3.5.0 and Earlier Denial of Service Vulnerability in SoftEther VPN's DCRegister DDNS_RPC_MAX_RECV_SIZE Functionality Incorrect Permission Assignment Vulnerabilities in iControl REST and TMOS Shell (tmsh) Dig Command Firmware Vulnerability: Out-of-Bounds Write in Intel(R) FPGA Products BIOS Firmware Vulnerability: Denial of Service via Adjacent Access Improper Authorization Vulnerability in GitLab CE/EE Allows Project Reporter to Leak Owner's Sentry Instance Projects Uninitialized Resource Vulnerability in Intel(R) NUC BIOS Firmware Allows Local Information Disclosure Default Credentials Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and Earlier: Unauthorized User Credential Alteration Pgpool-II Information Disclosure Vulnerability Arbitrary Script Injection Vulnerability in EasyMail 2.00.130 and Earlier Password Hash Authentication Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and Earlier Arbitrary File Download and Remote Code Execution Vulnerability in SS1 Ver.13.0.0.40 and Rakuraku PC Cloud Agent Ver.2.1.8 Arbitrary Code Execution via Path Traversal in SS1 Ver.13.0.0.40 and Rakuraku PC Cloud Agent Ver.2.1.8 Unauthenticated Network Access Denial of Service Vulnerability in Intel Unison Software Intel(R) oneVPL GPU Software Local Information Disclosure Vulnerability Improper Access Control Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and Earlier: Remote Unauthorized Access to Server Certificate and Private Key Zephyr Host Vulnerability: Arbitrary Code Execution via Union Variant Confusion Undisclosed Traffic Termination Vulnerability in BIG-IP OAuth Server Termination Vulnerability Escalation of Privilege Vulnerability in Intel Thunderbolt DCH Drivers for Windows Hard-coded Credentials Vulnerability in SS1 Ver.13.0.0.40 and Earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and Earlier Out-of-Bound Write Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Out-of-Bound Read Vulnerability Out-of-Bound Read Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Improper Authorization in Checkmk RestAPI Allows Unauthorized Access to Host Configs Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier: Out-of-Bound Read Vulnerability Use-After-Free Vulnerability in Linux Kernel Performance Events System Out-of-Bound Read Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Out-of-Bound Read Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Out-of-Bounds Read Vulnerability in Datakit CrossCadWare_x64.dll Uncontrolled Search Path Vulnerability in Intel(R) oneAPI Toolkit and Component Software Installers Intel(R) NUC BIOS Firmware Vulnerability: Privileged User Information Disclosure via Local Access OMRON CP1L-EL20DR-D Firmware Overwrite and Remote Code Execution Vulnerability DLL Hijacking Vulnerability in BIG-IP Edge Client Windows Installer (Versions 7.2.2 to 7.2.3.1) User Enumeration Vulnerability in Checkmk <=2.2.0p4 Use-after-free vulnerability in Linux Kernel io_uring subsystem allows local privilege escalation Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier: Use-After-Free Vulnerability Privilege Escalation Vulnerability in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier Sensitive Information Exposure in SUSHIRO App for Android Stack-based Buffer Overflow Vulnerability in Command Centre Server OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: Exploiting ys_thirdparty check_system_user Functionality Uninitialized Pointer Vulnerability in CX-Motion-MCH v2.32 and Earlier Improper Server Certificate Verification in Ichiran App for iOS and Android Untrusted Search Path Vulnerability in ELECOM Camera Assistant and QuickFileDealer SQL Injection Vulnerability in WP Replicate Post Plugin for WordPress (Versions up to 4.0.2) Stored Cross-Site Scripting Vulnerability in Unsupported Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G OS Command Injection Vulnerability in Milesight VPN v2.0.2: Remote Code Execution via liburvpn.so create_private_key Improper Message Integrity Enforcement Vulnerability in BIG-IP Edge Client for Windows and Mac OS Arbitrary Script Injection Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and Earlier iControl SOAP Format String Vulnerability CSRF Vulnerability in Unsupported Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G Reflected Cross-Site Scripting Vulnerability in Unsupported Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G XML External Entity (XXE) Vulnerability in tsClinical Define.xml Generator and Metadata Desktop Tools Blind SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Arbitrary SQL Query Execution Information Disclosure Vulnerability in Intel(R) Server Board BMC Firmware Arbitrary File Reading Vulnerability in GitHub Enterprise Server Arbitrary Environment Variable Injection in GitHub Enterprise Server Insecure Configuration of Automotive VM Listener Processing TEE Requests Camera Memory Corruption Vulnerability FMQ-based Data Transmission Vulnerability in VR Service: Memory Corruption Critical Vulnerability: Memory Corruption Exploit in Data Modem during MO and MT VOLTE Calls WLAN HOST Memory Corruption Vulnerability VM Compromise Vulnerability: Arbitrary Memory Overwrite and Memory Corruption via TX Write Bit Mask API Vulnerability in Multi-mode Call Processor: Memory Corruption Exploit Plaintext Password Storage Vulnerability in Snap One Wattbox WB-300-IP-3 Unrestricted Access to Private Personal Information in GitHub Repository microweber/microweber prior to 1.3.4 Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows CoS Queue Management DoS Vulnerability in Juniper Networks Junos OS on ACX2K Series Devices Missing Release of Memory after Effective Lifetime Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved BGP Route Processing Improper Handling of Unexpected Data Type Vulnerability in Juniper Networks Junos OS on SRX and MX Series Platforms Kernel Memory Leak Vulnerability in Juniper Networks Junos OS Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS TCP Processing Juniper Networks Junos OS Evolved PTX10003 Series Devices Memory Leak DDoS Vulnerability Uninitialized Pointer Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Buffer Overflow Vulnerability in Juniper Networks Junos OS on QFX10K Series Systems Privilege Escalation Vulnerability in GitHub Repository microweber/microweber prior to 1.3.4 Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Use After Free Vulnerability in Juniper Networks Junos OS Evolved Unauthenticated Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on QFX10K Series Out-of-bounds Write Vulnerability in Juniper Networks Junos OS on SRX and MX Series Improper Preservation of Consistency in MAC Limit Configuration Leading to Denial of Service (DoS) in Juniper Networks Junos OS Memory Exhaustion DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Incomplete Cleanup Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Validation of Array Index Vulnerability in Juniper Networks Junos OS SIP ALG Unchecked Input for Loop Condition Vulnerability in Juniper Networks Junos OS NAT Library Critical Heap-based Buffer Overflow Vulnerability in PoDoFo 0.10.0 (VDB-227226) Memory Leak Vulnerability in Juniper Networks Junos OS on MX Series Platforms with MPC10/MPC11 Line Cards Out-of-Bounds Write Vulnerability in Juniper Networks Junos OS Flow Processing Daemon (flowd) Improper Locking Vulnerability in Juniper Networks Junos OS on MX and SRX Series Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS IPsec Library Heap Memory Leak Vulnerability in Juniper Networks Junos OS PTX Series and QFX10000 Series H.323 ALG Out-of-Bounds Write Vulnerability in Juniper Networks Junos OS Buffer Overflow Vulnerability in Juniper Networks Junos OS SIP ALG Missing Release of Memory Vulnerability in Juniper Networks Junos OS Flow Processing Daemon (flowd) Open Redirect Vulnerability in BIG-IP APM Access Policy Out-of-bounds read vulnerability in Kostac PLC Programming Software (Formerly Koyo PLC Programming Software) Version 1.6.9.0 and earlier Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-227227) Buffer Overflow Vulnerability in Kostac PLC Programming Software (Formerly Koyo PLC Programming Software) Version 1.6.9.0 and Earlier HTTP Profile Enforcement Options Vulnerability Use-after-free vulnerability in Kostac PLC Programming Software (Formerly Koyo PLC Programming Software) Version 1.6.9.0 and earlier Stored Cross-Site Scripting Vulnerability in SHIRASAGI v1.16.2 and Earlier: Schedule Function Stored Cross-Site Scripting Vulnerability in SHIRASAGI v1.16.2 and Earlier: Theme Switching Function Command Centre Server Privilege Validation Vulnerability Hard-coded API Key Vulnerability in Wolt Delivery: Food and more Android App Critical SQL Injection Vulnerability in SourceCodester Complaint Management System 1.0 (VDB-227228) Open Redirect Vulnerability in web2py Versions Prior to 2.23.1: Phishing Attack Vector Experion Server Stack Overflow DoS Vulnerability UAF Vulnerability in OpenHarmony-v3.1.5 and Prior: Privilege Escalation via check_permission_for_set_tokenid Arbitrary Script Injection Vulnerability in EC-CUBE Content Management Denial of Service vulnerability in Gallagher Controller 6000 and 7000 Critical SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0 Privilege Escalation Vulnerability in Intel(R) SCS Add-on Software Installer for Microsoft SCCM Seiko Solutions SkyBridge Series: Critical Function Authentication Bypass Vulnerability Escalation of Privilege Vulnerability in Intel(R) Server Board BMC Firmware Denial of Service Vulnerability in Intel Server Board BMC Firmware BIOS Firmware Vulnerability in Intel NUC Devices Enables Local Information Disclosure Information Disclosure Vulnerability in Open CAS Software for Linux Unison Software Vulnerability: Network-Based Privilege Escalation Privilege Escalation Vulnerability in Intel(R) NUC BIOS Firmware Unrestricted Upload Vulnerability in hansunCMS 1.4.3 (VDB-227230) Arbitrary File Upload Vulnerability in Advantech WebAccess/SCADA v9.1.3 and Prior Weak password vulnerability in Kiwi TCMS versions 11.6 and prior Unvalidated Discord Channel ID Input Vulnerability in Kenny2Automate User post count exposure vulnerability in Discourse Cross-Site Scripting (XSS) Vulnerability in Discourse Cross-Site Scripting (XSS) Vulnerability in Discourse Tag Descriptions Cross-Site Scripting Vulnerability in ViewVC Versions Prior to 1.2.2 and 1.1.29 Cross-Site Request Forgery (CSRF) Vulnerability in CKEditor Integration UI Redis Denial-of-Service Vulnerability in HRANDFIELD and ZRANDMEMBER Commands Unrestricted File Upload Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Panic vulnerability in go-ipld-prime JSON codec when encoding Bytes tokens Cross-Site Scripting (XSS) vulnerability in sanitize-svg prior to v0.4.0 Stored XSS Vulnerability in Grafana's Text Plugin Hard-coded JwtSigKey in KubePi allows for arbitrary jwt token forgery and administrator account takeover Cross-Site Scripting Vulnerability in ViewVC Vulnerability in HTTP4s User-Agent and Server Header Parsers Vulnerability: Configuration Override in Tokio Named Pipe Server Quadratic Complexity DoS Vulnerability in Luxon's DateTime.fromRFC2822() Method Cross-Site Scripting (XSS) Vulnerability in Discourse Information Leakage Vulnerability in Nextcloud Deck 1.8.1 and earlier Unmasking Variable Secrets in Octopus Deploy: Exploiting the Variable Preview Function Database Error DoS Vulnerability in Nextcloud Deck Broken Access Control Vulnerability in Nextcloud Deck App Arbitrary POST Request Vulnerability in Deck Integration with Nextcloud Passcode Bypass Vulnerability in Nextcloud Talk Android App Allows Unauthorized Access to Files and Conversations Improper Client IP Address Validation in Parse Server Cross-Site Scripting Vulnerability in Canarytokens History Page Insufficient Access-Level Checks in Mantis Bug Tracker (MantisBT) Prior to 2.25.6 Denial of Service Vulnerability in Mercurius GraphQL Adapter for Fastify Unauthorized API Access and Sensitive Information Leakage in KubePi Session Fixation Vulnerability in KubePi Versions 1.6.3 and Below Unauthorized API Interface Access and Sensitive Information Leakage in KubeOperator 3.16.3 and Below Clear-text logging of passwords in FreshRSS API authentication failure Improper Authorization Bug in Argo CD Polynomial Time Complexity Vulnerabilities in cmark-gfm Polynomial Time Complexity Vulnerability in cmark-gfm Out-of-Bounds Read in cmark-gfm's validate_protocol Function Unbounded Resource Exhaustion Vulnerability in cmark-gfm Flarum Mentions Extension JSON:API Payload Leakage Vulnerability Flarum Notification Bypass Vulnerability Uncontrolled Reply Creation Vulnerability in Flarum Vulnerability: Local File Include, Server-Side Request Forgery, and PHAR Deserialization in wpForo Forum Plugin Arbitrary File Inclusion Vulnerability in Git JavaScript Injection Vulnerability in gatsby-transformer-remark Plugin Vulnerability: Insecure RefreshToken Handling in ZITADEL RSSHub Vulnerability: Server-Side Request Forgery (SSRF) Exploit Authentication Bypass Vulnerability in Izanami Docker Image Arbitrary Command Execution Vulnerability in Netdata Agent Netdata Agent Streaming Vulnerability: Unauthorized Access to MACHINE_GUID as API Key Vulnerability: Spoofing Interactive Permission Prompt in Deno Runtime Open Cluster Management (OCM) Vulnerability: Cluster-Level Privilege Escalation via Worker Node Access GLPI Incorrect Authorization Vulnerability: Unauthorized Access to Inventory Files Jira Service Management Server and Data Center Authentication Vulnerability: Impersonation and Unauthorized Access Information Disclosure in Atlassian Confluence Server and Data Center Broken Access Control Vulnerability in Atlassian Confluence Server Allows Unauthorized Attachment Upload High Severity RCE Vulnerability (CVE-2023-22505) in Confluence Data Center & Server High Severity Injection and RCE Vulnerability (CVE-2023-22506) in Bamboo Data Center High Severity RCE Vulnerability (CVE-2023-22508) in Confluence Data Center & Server Uncaught Exception Vulnerability in eemeli/yaml Prior to 2.0.0-5 High Severity RCE Vulnerability in Bitbucket Data Center and Server (Version 8.0.0) Unauthorized Creation of Confluence Administrator Accounts and Instance Access Vulnerability High Severity RCE Vulnerability in Bamboo Data Center and Server Versions 8.1.0 - 9.3.0 Unauthenticated Reset and Admin Account Creation Vulnerability in Confluence Local File Inclusion Vulnerability in Directorist WordPress Plugin High Severity RCE Vulnerability in Crowd Data Center and Server (Version 3.4.6) Confluence Template Injection Vulnerability Allows Remote Code Execution Critical Privileged RCE Vulnerability in Assets Discovery Agent Remote Code Execution Vulnerability in Atlassian Companion App for MacOS High Severity RCE Vulnerability in Confluence Data Center (Version 7.19.0) Template Injection Vulnerability in Confluence Data Center and Server Allows Remote Code Execution Denial of Service Vulnerability in `/v2/_catalog` Endpoint Stored Cross-Site Scripting (XSS) Vulnerability in Ko-fi Button WordPress Plugin Improper Access Control in Editor Components of LibreOffice Allows Unprompted Loading of External Links FTP Server Memory Consumption Vulnerability Reflected Cross-Site Scripting in Product Addons & Fields for WooCommerce WordPress Plugin Authentication Bypass in Devolutions Workspace Desktop 2023.1.1.3 and earlier: Unlocking Hub Business Space without Password Sensitive Information Exposure in Dell PowerScale OneFS Change Password API Dell PowerScale OneFS Cloudpool Sensitive Information Disclosure Vulnerability Dell PowerScale OneFS IPMI Log File Information Disclosure Vulnerability Dell PowerScale OneFS Log File Information Disclosure and Privilege Escalation Vulnerability Unauthenticated Information Disclosure in White Rabbit Switch Sequelize JS Library Vulnerability: SQL Injection Exploitation Sequelize JS Library: Improper Parameter Filtering Vulnerability CSV Formula Injection Vulnerability Improper Input Filtering in Sequelize JS Library: Potential for Sensitive Information Disclosure Root Privilege Escalation Vulnerability in White Rabbit Switch Reflected Cross-Site Scripting Vulnerability in Danfoss AK-EM100 Web Applications Critical SQL Injection Vulnerability in Danfoss AK-EM100 Web Forms Clear-text Storage of Login Credentials in Danfoss AK-EM100 Reflected Cross-Site Scripting Vulnerability in Danfoss AK-EM100 Web Applications Local File Inclusion Vulnerability in Danfoss AK-EM100 Web Applications Template Injection Vulnerability in alf.io prior to 2.0-M4-2304 Session Token Persistence Vulnerability in IBM Robotic Process Automation Insufficient Permission Settings in IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 Security Misconfiguration in IBM Robotic Process Automation for Cloud Pak Cross-Site Scripting (XSS) Vulnerability in IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 Cross-Site Scripting (XSS) Vulnerability in IBM B2B Advanced Communications and Multi-Enterprise Integration Gateway CWE-319: Cleartext Transmission of Sensitive Information in InHand Networks InRouter 302 and InRouter 615 InRouter 302 and 615 Vulnerability: OS Command Injection Leading to Remote Code Execution Vulnerability: Predictable Salt Usage in InHand Networks InRouter Devices User-Controlled Key Authorization Bypass in alf.io prior to 2.0-M4-2304 Unauthenticated MQTT Topic Subscription Vulnerability in InHand Networks InRouter Insufficiently Randomized MQTT ClientID Parameter Vulnerability in InHand Networks InRouter Authentication Bypass Vulnerability in Apache Shiro and Spring Boot Integration Authorization Bypass Vulnerability in WP Activity Log Plugin Allows User Enumeration Denial of Service Vulnerability in Geo SCADA Server via Incorrect Authorization Information Disclosure Vulnerability in EcoStruxure Geo SCADA Expert 2019-2021 Memory Corruption Vulnerability in InsydeH2O SMM Handler SMM Memory Corruption Vulnerability in InsydeH2O with Kernel 5.0-5.5 Insufficient Input Validation in BIOS Guard SMI Handler Leads to Memory Corruption in InsydeH2O SMRAM Corruption Vulnerability in Insyde InsydeH2O Insufficient Input Validation in InsydeH2O IhisiSmm Driver Leads to SMRAM Corruption Infinite Recursion Vulnerability in PowerDNS Recursor 4.8.0 Local Privilege Escalation Vulnerability in Nokia WaveLite Products Remote Code Execution Vulnerability in Rockwell Automation 1756-EN* Communication Devices Sessionid Information Disclosure and Authentication Bypass in SecurePoint UTM Authenticated Server-Side Template Injection (SSTI) in Strapi 4.5.5 Unpredictable Client Visits Vulnerability in WordPress XXE Vulnerability in Zoho ManageEngine Exchange Reporter Plus before 5708 Information Disclosure via EXPLAIN in PgHero before 3.1.0 Path Traversal Vulnerability in TitanFTP Denial-of-Service Vulnerability in Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A SQL Injection Vulnerability in IzyBat Orange Casiers (before 20221102_1) via getCasier.php?taille= URI Improper Access Controls Vulnerability in FortiNAC-F and FortiNAC Privilege Escalation via Modified Installer in FortiClientMac FortiWeb Unauthorized Configuration Download Vulnerability Cross-site Scripting (XSS) Vulnerability in FortiNAC-F and FortiNAC License Management Multiple Cross-Site Scripting (XSS) Vulnerabilities in FortiNAC Escalation of Privilege Vulnerability in Fortinet FortiOS and FortiProxy Improper Input Validation Vulnerability in SEL-411L Authenticated Code Execution Vulnerability in Fortinet FortiOS and FortiProxy Open Redirect Vulnerability in Fortinet FortiOS and FortiProxy Improper Certificate Validation Vulnerability in FortiAnalyzer and FortiManager OS Command Injection vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3 and openSUSE Leap 15.4 Sensitive Information Leakage through Log Files Improper Privilege Management in SUSE kubewarden: Arbitrary Secret Reading Vulnerability Improper Privilege Management in SUSE Rancher: Unauthorized Access to Kubernetes Secrets Improper Privilege Management in SUSE Rancher: Retention of User Permissions in Rancher UI Clickjacking Vulnerability in SEL-411L: Unauthorized UI Layer Manipulation Privilege Escalation Vulnerability in SUSE Rancher's Admission Webhook Update Logic Buffer Overflow Vulnerability in openSUSE libeconf: DoS via Malformed Config Files OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: Remote Command Execution via vtysh_ubus tcpdump_start_cb Arbitrary Script Execution Vulnerability in T&D Corporation and ESPEC MIC CORP. Data Logger Products CVE-2023-22655 Command Injection Vulnerability in F5OS Tenant File Name Processing OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: Exploiting libzebra.so change_hostname Functionality Cross-Site Scripting Vulnerability in SEL-411L Heap-based Buffer Overflow Vulnerability in Ichitaro Version 2022 1.0.1.57600 Buffer Overflow Vulnerability in Intel(R) Server Board BMC Firmware Unison Software Vulnerability: Network-based Privilege Escalation Memory Resource Utilization Vulnerability in BIG-IP Virtual Server with HTTP/2 Profile and MRF Router Option Arbitrary JavaScript Execution Vulnerability in Apache Jena AMRWBPlus Audio Player Vulnerability: Memory Corruption with Modified Content Audio Buffer Overflow Vulnerability Audio IOCTLs Vulnerability: Memory Corruption Risk Heap-based Buffer Overflow in Open Design Alliance Drawings SDK Improper Input Validation Vulnerability in SEL-411L: Reflection Attacks against Authorized Users Heap-Based Buffer Overflow in Open Design Alliance Drawings SDK Command Injection Vulnerability in Ghidra RuntimeScripts Linux Launch Script CSRF Vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress Plugin CSRF Vulnerability in MageNet Website Monetization Plugin CSRF Vulnerability in Hal Gatewood Dashicons + Custom Post Types Anders Thorborg Missing Authorization Vulnerability Code Injection Vulnerability in BinaryStash WP Booklet CSRF Vulnerability in Rafael Dery Superior FAQ Plugin <= 1.0.2 Stored Cross-Site Scripting (XSS) Vulnerability in Nicolas Lemoine WP Better Emails Plugin <= 0.4 Versions Unauthenticated Access to All Stored Server Files in Plane 0.7.1 Stored XSS Vulnerability in Altanic No API Amazon Affiliate Plugin CSRF Vulnerability in Aarvanshinfotech Online Exam Software: eExamhall Plugin <= 4.0 Reflected XSS Vulnerability in Manuel Masia | Pixedelic.Com Camera Slideshow Plugin <= 1.4.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in Clio Grow Plugin <= 1.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in Subscribers.Com Subscribers Plugin <= 1.5.3 Stored Cross-Site Scripting (XSS) Vulnerability in Tips and Tricks HQ RSS Feed Subscription Plugin CSRF Vulnerability in TriniTronic Nice PayPal Button Lite Plugin Sensitive Information Storage Vulnerability in Jose Mortellaro Freesoul Deactivate Plugins CSRF Vulnerability in Abdul Ibad WP Tabs Slides Plugin <= 2.0.3 CSRF Vulnerability in Auto Affiliate Links Plugin <= 6.3 Deadlock Vulnerability in Linux Kernel Device Mapper-Multipathing Sub-component Stored XSS Vulnerability in Shopfiles Ltd Ebook Store Plugin CSRF Vulnerability in Tips and Tricks HQ Category Specific RSS Feed Subscription Plugin CSRF Vulnerability in Jeroen Peters Name Directory Plugin <= 1.27.1 CSRF Vulnerability in WP Google Tag Manager Plugin CSRF Vulnerability in BigContact Contact Page Plugin <= 1.5.8 CSRF Vulnerability in Hiroaki Miyashita Custom Field Template Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Custom4Web Affiliate Links Lite Plugin <= 2.5 Cross-Site Scripting (XSS) Vulnerability in Jason Bobich Theme Blvd Responsive Google Maps Plugin CVE-2023-22699 Privilege Escalation via Arbitrary File Write in Netskope Client Service CSRF Vulnerability in PixelYourSite Plugin Cross-Site Scripting (XSS) Vulnerability in WPMobile.App Plugin (<= 11.13) Unauthenticated Reflected XSS Vulnerability in Webcodin WCP Contact Form Plugin <= 3.1.0 Reflected XSS Vulnerability in teachPress Plugin <= 8.1.8 Unauthenticated Reflected XSS Vulnerability in Collne Inc. Welcart e-Commerce Plugin <= 2.8.10 Unauthenticated Reflected XSS Vulnerability in PropertyHive Plugin <= 1.5.48 Cross-Site Scripting (XSS) Vulnerability in Wpsoul Greenshift Plugin CSRF Vulnerability in Atif N SRS Simple Hits Counter Plugin <= 1.1.0 CSRF Vulnerability in Tiempo.com WordPress Plugin Allows Arbitrary Shortcode Deletion Unauthenticated Reflected XSS Vulnerability in chilidevs Return and Warranty Management System for WooCommerce Plugin (<= 1.2.3) Stored Cross-Site Scripting (XSS) Vulnerability in Agent Evolution IMPress Listings Plugin <= 2.6.2 Stored Cross-Site Scripting (XSS) Vulnerability in TemplatesNext ToolKit Plugin <= 3.2.7 Cross-Site Scripting (XSS) Vulnerability in WordPress Download Manager Gutenberg Blocks Plugin CSRF Vulnerability in Supsystic Coming Soon Plugin Lester 'GaMerZ' Chan WP-CommentNavi Plugin <= 1.12.1 Authenticated Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting Vulnerability in OOPSpam Anti-Spam Plugin <= 1.1.35 Stored Cross-Site Scripting (XSS) Vulnerability in nCrafts FormCraft Plugin <= 1.2.6 Critical Reflected Cross-Site Scripting (XSS) Vulnerability in Jason Lau User Meta Manager Plugin CSV Injection vulnerability in GiveWP Reflected Cross-Site Scripting Vulnerability in Tiempo.com WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Robert Macchi WP Links Page Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Oi Yandex.Maps for WordPress <= 3.2.7 Cross-site Scripting (XSS) Vulnerability in GLPI Versions 9.4.0 to 10.0.5 Cross-site Scripting (XSS) Vulnerability in GLPI Versions Prior to 10.0.6 via Malicious RSS Feeds Cross-site Scripting Vulnerability in GLPI Versions 0.6.0 to 10.0.5 Arbitrary File Overwrite and Path Traversal Vulnerability in act SQL Injection Vulnerability in CakePHP's `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` Methods Improper Authorization Validation in Silverstripe Framework's GridField Print View Unvalidated Redirect Vulnerability in Silverstripe Framework Directory Traversal Vulnerability in Rapid7 Insight Agent Token Handler Versions 3.2.6 and Below Vulnerability: Bypassing Quantity Limits in Shopware Cart Arbitrary Code Execution in Twig Environment without Sandbox Extension in Shopware Shopware Administration Session Expiration Vulnerability Shopware Log Module Vulnerability: Unauthorized Access to User Accounts Vulnerability: Newsletter Double Opt-In Bypass in Shopware Arbitrary JavaScript Execution via File Upload in Zulip Authorization Bypass Vulnerability in Argo CD Missing Permissions Check Allows Unauthorized Removal of Bots in Wire Server Unintended Access Vulnerability in Vantage6 Federated Learning Infrastructure Unlimited Draft Size Vulnerability in Discourse Unlimited Chat Drafts Denial of Service Vulnerability in Discourse Heap overflow vulnerability in Sofia-SIP library allows for remote code execution Insecure Certificate Checking in libgit2's SSH Remote Git for Windows DLL Side-Loading Vulnerability Buffer Overrun Vulnerability in TPM2-TSS Software Stack (CVE-XXXX) Default secret key vulnerability in CKAN Docker images Aruba Networks Access Point Management Protocol (PAPI) UDP Port Command Injection Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Command Injection Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Command Injection Vulnerability WooCommerce Multivendor Marketplace – REST API Plugin for WordPress Unauthorized Data Access and Addition Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Command Injection Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Stack-Based Buffer Overflow Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Stack-Based Buffer Overflow Vulnerability PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution ArubaOS Web Management Interface Authenticated Remote Command Injection Vulnerability ArubaOS Web Management Interface Authenticated Remote Command Injection Vulnerability Insecure Direct Object References in WCFM Membership Plugin for WordPress ArubaOS Web Management Interface Authenticated Remote Command Injection Vulnerability ArubaOS Web Management Interface Authenticated Remote Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability Cross-Site Request Forgery Vulnerability in WP Directory Kit Plugin (Versions up to 1.1.9) ArubaOS Command Line Interface Authenticated Command Injection Vulnerability Insufficient Session Expiration Vulnerability in ArubaOS Command Line Interface ArubaOS Authenticated Path Traversal Vulnerability Allows Arbitrary File Deletion ArubaOS Command Line Interface Authenticated Path Traversal Vulnerability Allows Arbitrary File Deletion ArubaOS Command Line Interface Authenticated Path Traversal Vulnerability Allows Arbitrary File Deletion ArubaOS Command Line Interface Information Disclosure Vulnerability ArubaOS Command Line Interface Authenticated Path Traversal Vulnerability ArubaOS Authenticated Information Disclosure Vulnerability ArubaOS Web Management Interface Stored XSS Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Local File Inclusion Vulnerability in WP Directory Kit Plugin (Versions up to 1.1.9) Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerabilities Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerabilities Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Unauthenticated DoS Vulnerability in Aruba InstantOS and ArubaOS 10 Aruba InstantOS and ArubaOS 10 Command Injection Vulnerabilities Aruba InstantOS and ArubaOS 10 Command Injection Vulnerabilities Vulnerability: Cross-Site Request Forgery in WP Directory Kit Plugin (up to version 1.2.1) Aruba InstantOS and ArubaOS 10 Command Injection Vulnerabilities Aruba WLAN Vulnerability: Complex Disclosure of Sensitive Information Regular Expression DoS Vulnerability in Action Dispatch SQL Injection Vulnerability in ActiveRecord Regular Expression DoS Vulnerability in Action Dispatch Catastrophic Backtracking DoS Vulnerability in Active Support Open Redirect Vulnerability in Rails 7.0.4.1: Bypassing Protection with Carefully Crafted URLs Open Redirect Vulnerability in Brave's Adblock Lists GlobalID <1.0.1 Regular Expression Denial of Service (ReDoS) Vulnerability Vulnerability: Unauthorized Data Modification and Loss in WP Directory Kit Plugin Unauthenticated Access Vulnerability in LS ELECTRIC XBC-DN32U PLC Unauthenticated User Creation Vulnerability in LS ELECTRIC XBC-DN32U PLC Improper Access Control in LS ELECTRIC XBC-DN32U: Remote Lockout of Data Reading ClearText Transmission of Sensitive Information in LS ELECTRIC XBC-DN32U Unauthenticated Remote Control and Tampering Vulnerability in LS ELECTRIC XBC-DN32U Memory Disclosure Vulnerability in Arm Android Gralloc Module Privilege Escalation via Sudoedit Argument Mishandling Unsanitized Websocket Event Exposes Archived Team Data in Mattermost Insecure TLS Protocols in SanDisk PrivateAccess Prior to 6.4.9: A Man-in-the-Middle Vulnerability Missing Access Controls and Authentication Requirement in Western Digital My Cloud and SanDisk ibi Apps and Web Apps Authentication Bypass Vulnerability in My Cloud OS 5 Devices Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices Post-Authentication Remote Command Injection Vulnerability in Western Digital My Cloud OS 5 Devices SSRF Vulnerability Allowing DNS Address Manipulation and Local Server Exploitation SanDisk Security Installer DLL Search Order Hijack Vulnerabilities Uncontrolled Resource Consumption Vulnerability in Western Digital My Cloud Devices Bypassing Administrator-Enforced Web Login Restrictions in Devolutions Remote Desktop Manager Memory Allocation Bypass Vulnerability in libssh's pki_verify_data_signature Function XML External Entity (XXE) Vulnerability in ExtractCCDAAttributes Processor in Apache NiFi Vulnerability: Bypass of Access Controls in Palantir Foundry Lime2 Versions 2.519.0 - 2.532.0 Unauthorized Analysis Creation Vulnerability in Contour Service Foundry Issues Denial of Service Vulnerability Information Leakage Vulnerability in Foundry's Linter Service Arbitrary Script Injection Vulnerability in EC-CUBE 4.x Product List and Detail Screens Rapid Response Mode DNS Profile Vulnerability Vulnerability: Unauthorized Modification of Data in WP Activity Log Premium Plugin Denial of Service Vulnerability in Intel(R) oneVPL GPU Software Unquoted search path vulnerability in Intel SysFwUpdt software installer SIP Profile Configuration Vulnerability in BIG-IP JavaScript Injection in Threat Intelligence Rules Authentication Bypass Vulnerability in Milesight VPN v2.0.2's verifyToken Functionality TGAInput::decode_pixel() Out-of-Bounds Read Vulnerability in OpenImageIO v2.4.7.1 Out-of-Bounds Read Vulnerability in Datakit CrossCadWare_x64.dll Information Disclosure Vulnerability in pg_ivm Versions Prior to 1.5.1: Unauthorized Access to Protected Data Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Potential Denial of Service Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Sling App CMS version 1.1.4 and Prior Cross-Site Request Forgery Vulnerability in WP Activity Log Premium Plugin PHP Object Injection Vulnerability in Tiki Spreadsheets Feature PHP Object Injection Vulnerability in Tiki before 24.2 via TikiImporter Blog WordPress CSRF Vulnerability in Tiki through 25.0: tiki-importer.php and tiki-import_sheet.php PHP Object Injection Vulnerability in Tiki (before 24.1) with feature_create_webhelp enabled Arbitrary File Download Vulnerability in Mitel MiContact Center Business Server Remote Code Execution in Kardex Mlog MCC 5.7.12+0-a203c2a213-master via Path Concatenation Vulnerability Stored XSS Vulnerability in BlogEngine.NET 3.3.8.0 Allows Arbitrary JavaScript Injection via Specially Crafted File Upload Stored XSS Vulnerability in BlogEngine.NET 3.3.8.0 Allows Arbitrary JavaScript Injection Unauthenticated Access to Unpublished Blog Files in BlogEngine.NET 3.3.8.0 Cross-Site Request Forgery Vulnerability in WP Activity Log for WordPress (up to version 4.5.0) Stored Cross-Site Scripting Vulnerability in IBM Cloud Pak for Business Automation Insecure Transmission of Authentication Credentials in IBM Aspera Connect and Cargo (IBM X-Force ID: 244107) Default HTTP Usage in IBM Robotic Process Automation Commands Cross-Site Scripting (XSS) Vulnerability in IBM Aspera Faspex 4.4.1 CVE-2023-22869 Arbitrary URL Access Vulnerability in Orbit Fox WordPress Plugin Cleartext Transmission Vulnerability in IBM Aspera Faspex 5.0.5 Denial of Service Vulnerability in IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS Insecure Certificate Key File Distribution in IBM QRadar SIEM Privileged User Information Disclosure Vulnerability in IBM Sterling B2B Integrator CSV Injection Vulnerability in IBM InfoSphere Information Server 11.7 Clear Text Storage of User Credentials in IBM InfoSphere Information Server 11.7 Otter WordPress Plugin PHAR Deserialization Vulnerability Information Disclosure Vulnerability in Zoom for Windows Clients Zoom Client STUN Parsing Vulnerability: Remote Denial of Service (DoS) Exploit Zoom Client STUN Parsing Vulnerability: Remote Denial of Service (DoS) Exploit Zoom Client for IT Admin Windows Installers Local Privilege Escalation Vulnerability Command Injection Vulnerability in Apache Airflow and Apache Airflow MySQL Provider Improper Input Validation in Apache Airflow JDBC Provider allows RCE attacks Unauthorized File Access in Apache Airflow (CVE-2021-XXXX) Apache Airflow Run ID Manipulation Vulnerability Remote Code Execution in SmartBear Zephyr Enterprise through 7.15.0 via User-Defined Input Reflected Cross-Site Scripting Vulnerability in WordPress Vertical Image Slider Plugin (up to version 1.2.16) Unauthenticated File Upload Vulnerability in SmartBear Zephyr Enterprise Privilege Escalation Vulnerability in SmartBear Zephyr Enterprise Allows Unauthorized Password Resets Information Disclosure Vulnerability in SmartBear Zephyr Enterprise Allows Unauthorized File Access Authentication Bypass Vulnerability in Strapi through 4.5.5 with AWS Cognito Sensitive User Details Disclosure in Strapi (CVE-2021-41163) Integer Overflow in mem.rs in bzip2 crate before 0.4.4 for Rust Information Disclosure Vulnerability in SecurePoint UTM Firewall Denial of Service Vulnerability in Pandora 1.3.0 via Deeply Nested ZIP Archive Unauthenticated ZIP Archive Decryption Vulnerability in Zip4j LenovoFlashDeviceInterface SMI Handler Local Privilege Escalation Vulnerability SQL Injection Vulnerability in Efence Login Function Path Traversal Vulnerability in ChangingTec MOTP System Insufficient Filtering in Openfind Mail2000 File Uploading Function Allows for XSS Attack Incorrect Access Control in User API Views Default TELNET Access with Root Privileges on Hero Qubo HCD01_02_V1.38_20220125 Devices Denial of Service Vulnerability in MediaWiki's SpecialMobileHistory Static Credentials Vulnerability in ManageEngine Access Manager Plus (AMP), Password Manager Pro, and PAM360 XSS Vulnerability in MediaWiki's Wikibase Date Formatting Cross-Site Scripting (XSS) Vulnerability in MediaWiki E-Widgets Insecure AES-CTR Encryption with Repeated Nonce in MediaWiki's CheckUser TokenManager Post-Authentication Command Injection Vulnerability in Zyxel USG FLEX and VPN Series Firmware Path Traversal Vulnerability in Zyxel USG FLEX and VPN Series Firmware Buffer Overflow Vulnerability in Zyxel USG FLEX Series Firmware Configuration Parser Input Sanitization Vulnerability Buffer Overflow Vulnerability in Zyxel ATP and USG Series Firmware Post-Authentication Information Exposure Vulnerability in Zyxel ATP, USG, VPN, NWA, WAC, and WAX Series Firmware Zyxel NBG6604 Firmware V1.01(ABIR.0)C0 Post-Authentication Command Injection Vulnerability Default Telnet Access Vulnerability in Zyxel LTE3316-M604 Firmware V2.00(ABMP.6)C0 Zyxel NBG-418N v2 Firmware XSS Vulnerability Buffer Overflow Vulnerability in Zyxel NBG-418N v2 Firmware: Remote DoS via Crafted Packets Format String Vulnerability in Zyxel NBG-418N v2 Firmware Buffer Overflow Vulnerability in Zyxel NBG-418N v2 Firmware Cross-Site Scripting (XSS) Vulnerability in SourceCodester Purchase Order Management System 1.0 Unauthenticated RSS Feed Overwrite Vulnerability in Splunk Enterprise Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise 9.0.4 and Below Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise XML View Vulnerability: Privilege Escalation via 'pivot' Command in Splunk Enterprise Splunk Enterprise 'display.page.search.patterns.sensitivity' Bypass Vulnerability Blind Server-Side Request Forgery (SSRF) Vulnerability in Splunk Enterprise Vulnerability: Arbitrary File Upload in Splunk Enterprise Lookup Tables Unrestricted Email Sending Vulnerability in Splunk Enterprise Versions Below 8.1.13, 8.2.10, and 9.0.4 Splunk Enterprise 'map' Command Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in UCMS 1.6.0 Component Column Configuration (saddpost.php) Unprotected Alias Commands in Splunk Enterprise Versions Below 8.1.13, 8.2.10, and 9.0.4 Improperly-Formatted 'INGEST_EVAL' Parameter Vulnerability in Splunk Enterprise Cross-Site Request Forgery (CSRF) Vulnerability in Splunk Secure Gateway (SSG) App Allows Unauthorized Collection Updates Insecure Reversion to HTTP in Splunk Add-on Builder and Splunk CloudConnect SDK Vulnerability: Unauthorized Mentorship Enrollment and Editing in GrowthExperiments Extension Privilege Escalation via Malicious Configuration Classes in Apache Spark Privilege Escalation via Insecure Folder Permissions in Shibboleth Service Provider (SP) Installation Path Unsecured Read Access to SSH Private Key in TigerGraph Enterprise Free Edition 3.x User Credentials Logging Vulnerability in TigerGraph Enterprise Free Edition 3.x Title: Libreswan IKEv1 Aggressive Mode Vulnerability in Red Hat Enterprise Linux Arbitrary Data Reading Vulnerability in TigerGraph Enterprise Free Edition 3.x Authentication Bypass Vulnerability in TigerGraph Enterprise Free Edition 3.x Code Injection Vulnerability in SugarCRM EmailTemplates Authenticated Remote Code Execution in ExpressionEngine (CVE-2021-12345) Insecure Firmware Validation Allows for Malicious Firmware Installation on AudioCodes VoIP Desk Phones Hard-coded Cryptographic Key Vulnerability in AudioCodes VoIP Desk Phones Hard-coded Cryptographic Key Vulnerability in AudioCodes VoIP Desk Phones Vulnerability: Spoofing of 2FA PIN Validation in Syracom Secure Login Plugin for Jira SQL Injection Vulnerability in WebChess 0.9.0 and 1.0.0.rc2: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName) Reflected Cross-Site Scripting Vulnerability in Loginizer WordPress Plugin Lexmark Products Vulnerability: Improper Control of Interaction Frequency Vulnerability: Mishandling of Personnummer with Matching Last Four Digits Authentication Bypass Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP Vulnerability: Unauthorized Password Resets in Profile Builder Plugin for WordPress Remote Code Execution Vulnerability in Bottles before 51.0 XSS Vulnerability in Hughes Network Systems Router Terminal for Multiple Versions Reflected Cross-site Scripting (XSS) Vulnerability in OpenEMR < 7.0.0 OpenEMR < 7.0.0 LFI Vulnerability in new.php Allows Code Execution Arbitrary File Read Vulnerability in OpenEMR < 7.0.0 via Path Traversal in setup.php Cross Site Scripting (XSS) Vulnerability in jfinal_cms 5.1.0 Stored Cross-Site Scripting Vulnerability in Online Booking & Scheduling Calendar for WordPress by vcita Plugin Axis 207W Network Camera: Reflected XSS Vulnerability in Web Administration Portal Cross Site Scripting (XSS) Vulnerability in Sourcecodester Simple Guestbook Management System v1 Unauthenticated Modification of Plugin Settings in Online Booking & Scheduling Calendar for WordPress by vcita Plugin Missing resource deallocation in dwc3_qcom_acpi_register_core in Linux kernel before 5.17 Unreleased Reference Vulnerability in qcom_aoss.c Driver Misinterpretation of module_get_next_page Return Value in Linux Kernel Misinterpretation of drm_gem_shmem_get_sg_table Return Value in virtgpu_object.c Misinterpretation of Return Value in dwc3-qcom.c in Linux Kernel Stored Cross-Site Scripting Vulnerability in Contact Form Builder by vcita Plugin for WordPress Improper Error Handling in Tegra XUSB Driver in Linux Kernel Misinterpretation of regulator_get Return Value in Linux Kernel UFS MediaTek Driver Misinterpretation of devm_gpiod_get_index_optional Return Value in Linux Kernel Bluetooth Driver Missing Error Handling in hashmap__new Function in Linux Kernel Misinterpretation of get_sg_table Return Value in Linux Kernel's malidp_planes.c Misinterpretation of alloc_memory_type Return Value in Linux Kernel Misinterpretation of mlx5_get_uars_page Return Value in Linux Kernel 5.15.13 and Earlier SQL Injection Vulnerability in ESPCMS P8.21120101 Background Login Function Denial of Service Vulnerability in Libreswan 4.9 Cross-Site Request Forgery Vulnerability in Contact Form Builder by vcita Plugin for WordPress Arbitrary Code Execution via XSS in Ecommerce-CodeIgniter-Bootstrap XSS Vulnerability in InvoicePlane 1.6 via filter_product Input Arbitrary Code Execution Vulnerability in craigrodway classroombookings 2.6.4 via bgcol Parameter in Weeks.php XSS Vulnerability in InventorySystem via edit_store_name and edit_active inputs XSS Vulnerability in Kalkun 0.8.0 via User_model.php CVE-2023-23019 Stored Cross-Site Scripting Vulnerability in vcita WordPress Plugin CVE-2023-23021 CVE-2023-23022 Cross-Site Scripting (XSS) Vulnerability in Book Store Management System v1.0 Arbitrary Code Execution via XSS in Sourcecodester Oretnom23 Sales Management System 1.0 Cross-Site Request Forgery Vulnerability in vcita WordPress Plugin (Versions up to 2.6.4) Race Condition and Use-After-Free Vulnerability in Linux Kernel's VCC Device Handling Stored Cross-Site Scripting Vulnerability in Favorites Plugin for WordPress Deprecated MD5 Algorithm Used for Admin Password Hashing in TP-Link Router TL-WR940N V6 Stored Cross-Site Scripting Vulnerability in Download Manager Plugin for WordPress Improper Permissions in GeoVision GV-Edge Recording Manager 2.2.3.0 for Windows Allows Arbitrary Code Execution and Privilege Escalation Hard-coded Credentials Expose Sensitive Information in Qognify NiceVision Versions 3.1 and Prior Local File Disclosure Vulnerability in Cellinx NVT v1.0.6.002b Incorrect Access Control Vulnerability in TOTOLINK A720R V4.1.5cu.532_ B20210610 CSRF Vulnerability in GitHub Repository Builderio/qwik (prior to 0.104.0) XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 14 Purchase Component XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via Embedded Videos in Language Component Zoho Asset Explorer 6.9 XSS Vulnerability via Credential Name in New Assets Workstation Creation Support Center Plus 11 OS Command Injection Vulnerability in Schedule Creation XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via Comment Field XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 14: Comment Field in Assets Credentials Change Command Injection Vulnerability in Tenda CP7, CP3, IT7-PCS, IT7-LCS, and IT7-PRS Denial of Service Vulnerability in Kodi Home Theater Software 19.5 via Heap Buffer Overflow Buffer Overflow Vulnerability in MojoJson v1.2.3: Arbitrary Code Execution via SkipString Function Arbitrary Code Execution Vulnerability in MojoJson v1.2.3 Buffer Overflow Vulnerability in Barenboim json-parser Allows Arbitrary Code Execution Reflected Cross-Site Scripting Vulnerability in wpForo Forum WordPress Plugin Non-Endpoint Channel Access Vulnerability in SEL Real-Time Automation Controller (RTAC) NULL Pointer Dereference Vulnerability in crasm 1.8-3 Divide by Zero Vulnerability in crasm 1.8-3 Bypassing File System Restrictions in Google Chrome (CVE-2021-37976) Firmware Modification Vulnerability in Certain Netgear Products CRC Algorithm Vulnerability in Ubiquiti airFiber AF2X Radio Firmware Use After Free Vulnerability in Google Chrome on Android (Chromium Security Severity: High) Vulnerability: Firmware Modification via CRC Check Bypass in TRENDnet TV-IP651WI Network Camera Clickjacking Vulnerability in Connectwise Automate 2022.11 Lack of HSTS Implementation in Connectwise Control 22.8.10013.8329 Login Page Cross Origin Resource Sharing (CORS) Vulnerability in Connectwise Control 22.8.10013.8329 Arbitrary Read/Write Vulnerability in Google Chrome Sandbox on Windows Cleartext Authentication Vulnerability in Connectwise Automate 2022.11 Insecure App Transport Security (ATS) Settings in Selfwealth iOS Mobile App 3.3.1 Sensitive Key Disclosure in Selfwealth iOS Mobile App 3.3.1 Arbitrary Code Execution via Crafted JPG File Upload in Ftdms v3.1.6 Arbitrary File Deletion Vulnerability in LMXCMS v1.41 via BackdbAction.class.php Bypassing Navigation Restrictions in Google Chrome DevTools Buffer Overflow Vulnerability in avc_parse_slice Function Integer Overflow Vulnerability in Q_DecCoordOnUnitSphere Function Memory Leak Vulnerability in GPAC Version 2.2-rev0-gab012bbfb-master's lsr_read_rare_full Function Command Execution Vulnerability in DEK-1705 Firmware:34.23.1 Arbitrary File Deletion Vulnerability in OpenCart 4.0.0.0 to 4.0.2.2 Critical Code Execution Vulnerability Found in SA-WR915ND Router Firmware v17.35.1 Arbitrary File Deletion Vulnerability in bloofoxCMS v0.5.2.1 SQL Injection Vulnerability in Art Gallery Management System Project in PHP 1.0 SQL Injection Vulnerability in Art Gallery Management System Project in PHP 1.0 Stored XSS Vulnerability in Art Gallery Management System Project v1.0 via Crafted Payload in Fullname Parameter Stored XSS Vulnerability in Art Gallery Management System Project v1.0 Local File Exfiltration via Typora Path Handling Vulnerability Reflected XSS Vulnerability in Art Gallery Management System Project v1.0 SQL Injection Vulnerability in Art Gallery Management System Project v1.0 SQL Injection Vulnerability in Art Gallery Management System Project v1.0 Title: Vulnerability Alert: Local File Inclusion and Server-Side Request Forgery Directory Traversal in Synapsoft PDFocus 1.17 DOM-based XSS in Typora's updater/update.html allows arbitrary JavaScript execution DOM-based XSS in pasteCtrl.js in MarkText 0.17.1 and earlier versions allows arbitrary code execution in MarkText main window Red Hat Enterprise Linux 9.2 Update Failure: Webpack Issue CVE-2023-28154 Vulnerability Authentication Bypass Vulnerability in IS Decisions UserLock MFA 11.01 via Scheduled Task Reflected Cross-Site Scripting in CF7 Google Sheets Connector WordPress Plugin Memory Leak in lib60870 Multi-Client Server Example Cross-Site Scripting (XSS) Vulnerability in Genesys Administrator Extension (GAX) via iWD Business Structure Page (GAX-11261) Reflected Cross-Site Scripting Vulnerability in WPForms Google Sheet Connector WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Reflected Cross-Site Scripting Vulnerability in Elementor Forms Google Sheet Connector and gsheetconnector-for-elementor-forms-pro WordPress Plugins Stored XSS Vulnerability in M-Files Classic Web: Remote Code Execution via Stored HTML Document CSRF Vulnerability in Gravity Forms Google Sheet Connector WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Cross Site Scripting (XSS) vulnerability in Snippet-box 1.0.0 SQL Injection Vulnerability in Canteen Management System 1.0 via /php_action/getOrderReport.php Cross-site Scripting (XSS) Vulnerability in pimcore/pimcore GitHub Repository Cross Site Scripting (XSS) Vulnerability in Provide Server 14.4 via Login Form CSRF Vulnerability in WooCommerce Google Sheet Connector WordPress Plugin Command Injection Vulnerability in Korenix JetWave 4200 and JetWave 3000 Series Command Injection Vulnerability in Korenix Jetwave 4200 and JetWave 3000 Series Denial of Service Vulnerability in Korenix JetWave 4200 and JetWave 3200 Series Integer Overflow Vulnerability in CIQ API Method `Toybox.Graphics.BufferedBitmap.initialize` Bypassing Permission System in GarminOS TVM Component: Unauthorized Access to Sensitive Data CSRF Vulnerability in Caldera Forms Google Sheets Connector WordPress Plugin Buffer Overflow Vulnerability in `Toybox.Cryptography.Cipher.initialize` API Method Out-of-Bounds Memory Read Vulnerability in CIQ API Buffer Overflow Vulnerability in CIQ API Method `Toybox.GenericChannel.setDeviceConfig` Buffer Overflow Vulnerability in CIQ API Method `Toybox.Ant.GenericChannel.enableEncryption` Unauthorized Access to Toybox.SensorHistory Module in GarminOS TVM Component Buffer Overflow Vulnerabilities in GarminOS TVM Component Type Confusion Vulnerability in Toybox.Ant.BurstPayload.add API Method Unquoted Service Path Vulnerability in 42Gears Surelock Windows SureLock Service Draytek Router Web Application Cross Site Scripting (XSS) Vulnerability Arbitrary Code Execution via File Upload in zdir v3.2.0 Blind SQL Injection Vulnerability in PrestaShop StripeJS Module Hardcoded Credentials in Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 Command Injection Vulnerability in Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 Stored XSS Vulnerability in AvantFAX 3.3.7 Allows Session Hijacking Information Disclosure Vulnerability in AvantFAX 3.3.7: Unprotected Storage of Sent/Received Faxes and Database Backups File Upload Bypass Vulnerability in AvantFAX 3.3.7 Reflected Cross-Site Scripting Vulnerability in Ninja Forms Google Sheet Connector WordPress Plugin Local File Inclusion Vulnerability in Amano Xparc Parking Solutions 7.1.3879 SQL Injection Vulnerability in Amano Xoffice Parking Solutions 7.1.3879 SolarView Compact Command Injection Vulnerability Circumvention of Cryptographic Key Validation through Local File Manipulation Clickjacking Vulnerability in HCL BigFix OSD Bare Metal Server 311.12 or Lower Unauthorized Access to Administrator Page in BigFix WebUI Insights Site (Version 14) Vulnerability: Broken Cryptographic Algorithm in HCL DRYiCE MyCloud Vulnerability: Broken Cryptographic Algorithm in HCL DRYiCE iAutomate Configuration File Edit Vulnerability in HCL Launch CVE-2023-23349 Insecure Storage of Admin Credentials in surelockwinsetupv2.40.0.Exe OS Command Injection Vulnerability in QNAP Operating Systems GitHub Repository Path Traversal Vulnerability in pimcore/pimcore (prior to 10.5.21) Remote Command Execution Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating System Unbounded Buffer Copy Vulnerability in QNAP Operating Systems Music Station Path Traversal Vulnerability Allows Unauthorized File Access Music Station Path Traversal Vulnerability Allows Unauthorized File Access Title: OS Command Injection Vulnerability in QNAP Operating Systems Allows Remote Command Execution Critical OS Command Injection Vulnerability in QNAP Operating Systems OS Command Injection Vulnerability in QNAP Operating System Versions Reflected Cross-Site Scripting in ConvertKit WordPress Plugin (CVE-2021-12345) Insufficiently Protected Credentials Vulnerability in QVPN Device Client Cleartext Transmission of Sensitive Information Vulnerability in QVPN Device Client Critical Cross-Site Scripting (XSS) Vulnerability Patched in QNAP Operating System Versions QUSBCam2 OS Command Injection Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Critical Remote Code Execution Vulnerability in Microsoft ODBC and OLE DB Windows Common Log File System Driver Privilege Escalation Vulnerability 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Printer Remote Code Execution Vulnerability Guardian Breached: Microsoft Defender for IoT Elevation of Privilege Vulnerability Exposed Critical SQL Injection Vulnerability in pimcore/pimcore Repository (Version < 10.5.21) Exploiting Visual Studio Remote Code Execution Vulnerability Azure Machine Learning Compute Instance Information Disclosure Vulnerability Service Fabric Explorer URL Spoofing Vulnerability SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Windows PPPoE Privilege Escalation Vulnerability BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Unprivileged Access Exploit in Microsoft Defender Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution Office for Android App Spoofing Vulnerability HTTP Protocol Stack RCE Vulnerability Windows BrokerInfrastructure Service Privilege Escalation Vulnerability CSRSS Information Disclosure Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Crash Vulnerability: Exploiting Denial of Service Outlook Privilege Escalation Vulnerability Excel Impersonation Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Critical Remote Code Execution Vulnerability in Windows DNS Server Windows Media Player Remote Code Execution Vulnerability Windows Media Player Remote Code Execution Vulnerability Print Nightmare: Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Pervasive Windows PPTP Remote Code Execution Vulnerability RPC Runtime RCE Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Windows PPPoE Remote Code Execution Vulnerability Azure Apache Ambari Spoofing Vulnerability: Unauthorized Access and Data Manipulation Risk CSRSS Information Disclosure Vulnerability Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Windows HTTP.sys Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows Accounts Picture Privilege Escalation Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Windows PPPoE Remote Code Execution Vulnerability ICMP Remote Code Execution Vulnerability: A Critical Threat to Network Security CryptoCode: Exploiting Windows Cryptographic Services for Remote Code Execution Windows Partition Management Driver Privilege Escalation Vulnerability Windows Resilient File System (ReFS) Privilege Escalation Vulnerability Windows Resilient File System (ReFS) Privilege Escalation Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Honor Products Vulnerable to File Writing Exploit with Potential Code Execution Honor Products Vulnerable to File Writing Exploit Leading to Information Disclosure Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions DOM-based Cross-site Scripting (XSS) in GitHub repository pimcore/pimcore prior to 10.5.21 Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Honor Products Vulnerable to Signature Management Exploit Honor Products Vulnerable to Signature Management Exploit Honor Products Vulnerable to Signature Management Exploit Honor Products Vulnerable to Information Leak Exploitation Honor Products Vulnerable to Signature Management Exploit Signature Management Vulnerability in Honor Products Honor Products Vulnerable to Information Leak Exploitation Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Honor Products Vulnerable to Information Leak Exploitation Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-227587) Honor Products Vulnerable to Information Leak Exploitation Out of Bounds Read Vulnerability in Certain Honor Products: Potential Information Leak Type Confusion Vulnerability in Honor Products: Potential Information Leak Type Confusion Vulnerability in Honor Products: Potential Information Leak Unauthenticated Remote Attack to Influence Device Availability via UDP Packet Broadcast Unauthorized Access to Data Fields via REST Interface in SICK FTMg AIR FLOW SENSOR Unprivileged Remote File Download Vulnerability in SICK FTMg AIR FLOW SENSOR Uncontrolled Resource Consumption Vulnerability in SICK FTMg AIR FLOW SENSOR Sensitive Information Exposure in SICK FTMg AIR FLOW SENSOR: Source Code Analysis Vulnerability Remote Information Disclosure Vulnerability in SICK FTMg AIR FLOW SENSOR Improper Authorization Vulnerability in SourceCodester Service Provider Management System 1.0 Authentication Bypass Vulnerability in SICK FTMg AIR FLOW SENSOR Telnet Enabled with Default Configuration and No Password Set Arbitrary Remote Code Execution in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 via Missing Authentication Arbitrary Remote Code Execution in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 via Missing Authentication Type Confusion Vulnerability in cbq_classify in Linux Kernel Type Confusion Vulnerability in atm_tc_enqueue in Linux Kernel Heap-Based Buffer Overflow Vulnerability in UPX's PackTmt::pack() Function Segmentation Fault Vulnerability in UPX: Denial of Service via PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp Unspecified Request Vulnerability in Sunell DVR: Unauthorized Access to Sensitive Information SQL Injection Vulnerability in Windows Operating System Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-227589) Authentication Bypass Vulnerability in Priority Web Version 19.1.0.68 Libpeconv - Pre-Commit Access Violation Vulnerability Integer Overflow Vulnerability in Libpeconv Unprotected Credentials Exposed in Sunell DVR (CWE-522) Permissive Flash Cross-domain Policy in Media CP Media Control Panel: Potential Information Disclosure Vulnerability CSRF Vulnerability in Media CP Media Control Panel Insufficient Credential Protection in Media CP Media Control Panel Reflected XSS Vulnerability in Media CP Media Control Panel Insufficient Security Configuration in IBM Robotic Process Automation for Cloud Pak Local File Disclosure Vulnerability in IBM ICP4A - Automation Decision Services Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-227590) Elevated Privilege Vulnerability in IBM i 7.2, 7.3, 7.4, and 7.5 Cross-Site Request Forgery (CSRF) Vulnerability in IBM InfoSphere Information Server 11.7 CVE-2023-23474 Cross-Site Scripting (XSS) Vulnerability in IBM Infosphere Information Server 11.7 Insufficient Authorization Validation in IBM Robotic Process Automation API Routes Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Traditional Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-227591) Cross-Site Scripting (XSS) Vulnerability in IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 Stored Cross-Site Scripting Vulnerability in IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 Remote Click Hijacking Vulnerability in IBM Sterling Partner Engagement Manager Insufficient Audit Logging Vulnerability in IBM Db2 for Linux, UNIX and Windows Unauthenticated SQL Injection Vulnerability in Paid Memberships Pro WordPress Plugin Unauthenticated SQL Injection Vulnerability in Easy Digital Downloads WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SourceCodester Service Provider Management System 1.0 Authenticated SQL Injection Vulnerability in Survey Maker WordPress Plugin (Version < 3.1.2) Reflected Cross-Site Scripting Vulnerability in Quick Event Manager WordPress Plugin Authenticated SQL Injection Vulnerability in Login with Phone Number WordPress Plugin Unauthenticated User Can Remount Encrypted Volume Without Password Prompt Buffer Overflow Vulnerability Patched in iOS 16.4 and iPadOS 16.4 Improved Redaction of Sensitive Information in macOS Sonoma 14 Arbitrary Code Execution Vulnerability in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2, iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3, and iPadOS 16.3 Root Privilege Escalation Vulnerability in macOS Big Sur, Ventura, and Monterey Email Forwarding Vulnerability in iOS, iPadOS, and macOS Vulnerability: User-sensitive data exposure through app access Cross-Site Scripting (XSS) Vulnerability in SourceCodester Service Provider Management System 1.0 Memory Handling Vulnerability in macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3 Improved Memory Handling in macOS Ventura 13.2: Fixing Kernel Memory Disclosure Vulnerability Vulnerability: Kernel Memory Layout Disclosure in macOS and iOS Privacy Preference Bypass Vulnerability Arbitrary Code Execution Vulnerability in macOS and iOS Improved Private Data Redaction for Log Entries in macOS Monterey 12.6.3 and Other OS Versions Improved Validation Fixes Permissions Issue Allowing Unauthorized Access to User-Sensitive Data in macOS Ventura 13.2 Arbitrary Code Execution Vulnerability in macOS Monterey and Ventura Vulnerability: App Bypasses Privacy Preferences in macOS Vulnerability in WP Directory Kit Plugin Allows Unauthorized Data Modification and Loss Improved Validation Fixes Safari History Access Vulnerability in macOS Ventura 13.2 Privacy Bypass Vulnerability Patched in macOS Monterey 12.6.3 and iOS 16.3 Cache-based Denial-of-Service Vulnerability Buffer Overflow Vulnerability in macOS Samba Network Share Mounting Use After Free Vulnerability in macOS and iOS Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in macOS Arbitrary Code Execution Vulnerability in macOS, watchOS, Safari, tvOS, iOS, and iPadOS Arbitrary Code Execution Vulnerability in macOS, watchOS, Safari, tvOS, iOS, and iPadOS Memory Corruption Vulnerability in Image Processing Cross-Site Request Forgery Vulnerability in CHP Ads Block Detector Plugin for WordPress Vulnerability Patched: Privilege Escalation via Arbitrary File Read Improved Handling of Temporary Files in macOS Ventura 13.2.1 Addresses Privacy Vulnerability Hidden Photos Album Vulnerability: Unauthorized Access through Visual Lookup Improved Input Validation Fixes Denial-of-Service Vulnerability in Apple Devices Privilege Escalation Vulnerability in macOS and iOS Gatekeeper Vulnerability: Bypassing File Checks in iCloud Shared-by-Me Folder Vulnerability Patched: Unauthorized Access to Protected File System Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in tvOS, iOS, and iPadOS Type Confusion Vulnerability in Apple Software Allows Arbitrary Code Execution Vulnerability: Unauthorized Plugin Settings Update and Reset in CHP Ads Block Detector Plugin for WordPress Improved Memory Handling Vulnerability Improved Memory Handling Vulnerability Sandbox Escape Vulnerability Patched in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4 Vulnerability: Logic Issue Allows Unauthorized Modification of File System Memory Disclosure Vulnerability in macOS Ventura 13.3 and macOS Big Sur 11.7.5 Memory Disclosure Vulnerability in Image Processing Arbitrary Code Execution Vulnerability in macOS and iOS Improved Private Data Redaction for Log Entries in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4: Addressing Privacy Vulnerability Vulnerability: Logic Issue Allows Unauthorized Modification of File System Buffer Overflow Vulnerability in macOS Ventura 13.2 Allows Arbitrary Code Execution via Malicious Samba Network Share Stored Cross-Site Scripting Vulnerability in CHP Ads Block Detector Plugin for WordPress Arbitrary Code Execution Vulnerability in Memory Handling Improved Private Data Redaction for Log Entries in iOS and iPadOS 15.7.4 and 16.4 Improved Private Data Redaction for Log Entries in macOS Ventura 13.3, macOS Monterey 12.6.4, and macOS Big Sur 11.7.5 Sandboxed App Camera Usage Disclosure Vulnerability Authentication Bypass Vulnerability in T&D Corporation and ESPEC MIC CORP. Data Logger Products Privilege Escalation via Misconfigured urvpn_client in Milesight UR32L v32.3.0.5 Directory Traversal Vulnerability in Milesight UR32L v32.3.0.5: Arbitrary File Read Critical Reflected XSS Vulnerability in Checkmk Business Intelligence Denial of Service Vulnerability in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 via Long Hostnames DLL Hijacking Vulnerability in Acronis Snap Deploy (Windows) before build 3900 OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: ys_thirdparty user_delete Functionality Remote Code Execution Vulnerability in Control By Web X-600M Devices Memory Resource Utilization Vulnerability in BIG-IP Advanced WAF and BIG-IP ASM Cross-Site Scripting Vulnerability in Control By Web X-400 Devices Uncontrolled Search Path Element Vulnerability in pg_ivm Undisclosed Traffic Termination Vulnerability in BIG-IP Virtual Edition and BIG-IP SPK Out-of-Bound Write Vulnerability in Hermes JavaScript Engine Hermes Algorithm Type Confusion Vulnerability Fixed Path Vulnerability in Eternal Terminal 6.2.1's TelemetryService Integer Overflow in rndis_query_oid in Linux Kernel Relative Path Traversal Vulnerability in mlflow/mlflow (prior to 2.3.1) SSRF Vulnerability in Lexmark Products: Lack of Input Validation Incorrect Access Control in Stormshield Endpoint Security 2.3.0 through 2.3.2 allows authenticated users to read sensitive information Incorrect Access Control in Stormshield Endpoint Security 2.3.0 through 2.3.2 allows authenticated users to update global parameters SQL Injection Vulnerability in Geomatika IsiGeo Web 6.0 Remote Command Execution Vulnerability in Geomatika IsiGeo Web 6.0 Local File Inclusion Vulnerability in Geomatika IsiGeo Web 6.0 Bypassing 2-Step Verification in Axigen 10.3.3.52: Unauthorized Mailbox Access Heap-Based Buffer Overflow in Accusoft ImageGear 20.1's CreateDIBfromPict Functionality Privilege Escalation Vulnerability in Command Centre Server Allows Unauthorized Access to Personal Data Fields Stack-based Buffer Overflow in Intel(R) Trace Analyzer and Collector Software (Before Version 2021.8.0) Bypassing Client-Side Enforcement of Server-Side Security in Gallagher Command Centre Access Violation Vulnerability in Milesight UR32L v32.3.0.5 Eventcore Functionality Arbitrary script injection vulnerability in SEIKO EPSON printers/network interface Web Config Improper Access Control in Intel(R) Unite(R) Android Application: Potential Information Disclosure via Local Access Blind SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Improper Access Control Vulnerability in CONPROSYS IoT Gateway Products Privileged User Physical Access Vulnerability Uncontrolled Search Path Element Vulnerability in ITE Tech Consumer Infrared Drivers for Intel(R) NUC Remote Unauthenticated Access to SkyBridge MB-A200 ADB Port Vulnerability Out-of-Bounds Write Vulnerability in Datakit CrossCadWare_x64.dll Plaintext Password Storage Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Stack-based Buffer Overflow in Intel(R) Trace Analyzer and Collector Software (before version 2021.8.0) - Local Privilege Escalation Vulnerability Denial-of-Service Vulnerability in SoftEther VPN's vpnserver EnSafeHttpHeaderValueStr Functionality Heap-Based Buffer Overflow in Snap One Wattbox WB-300-IP-3 Versions WB10.9a17 and Prior Intel(R) Processor Vulnerability: Sequence of Instructions Enables Privilege Escalation, Information Disclosure, and Denial of Service Insecure Data Inference in Gallagher Command Centre RESTAPI Experion Server Heap Overflow Vulnerability Kernel Memory Information Leakage via io_uring Vulnerability Non-Unique TLS Certificate Vulnerability in SIMATIC IPC Devices Unsafe SOCKS4 Protocol Logic Error in Tor 0.4.7.13: TROVE-2022-002 Arbitrary File Upload and Remote Code Execution in Slider Revolution WordPress Plugin Denial of Service Vulnerability in Mercedes-Benz XENTRY Retail Data Storage 7.8.1 Log Information Disclosure Vulnerability in Terminalfour Remote Information Disclosure Vulnerability in WALLIX Access Manager 3.x through 4.0.x CL4NX Printer Web Client Interface Authentication Bypass Vulnerability BlueCat Device Registration Portal 2.2 XXE Vulnerability OS Command Injection in jc21 NGINX Proxy Manager Arbitrary File Read Vulnerability in Firefox < 109 Arbitrary File Read Vulnerability in Firefox and Thunderbird Improper Sanitization of Curl Command Output in Firefox, Thunderbird, and Firefox ESR CORS Misconfiguration in Acronis Cyber Infrastructure (ACI) before build 5.2.0-135 Leads to Sensitive Information Disclosure Cross-Origin Notification Leakage in Firefox for Android (Versions < 109) Cross-Origin URL Dragging Vulnerability WebSocket Connection Bypass Vulnerability in Firefox, Thunderbird, and Firefox ESR Inadequate Regular Expression Filtering in Console.log Allows Exfiltration of Data from Firefox, Thunderbird, and Firefox ESR Duplicate SystemPrincipal Object Creation Vulnerability in Firefox < 109 Memory Corruption Vulnerabilities in Firefox 108 and Firefox ESR 102.6 Critical Memory Corruption Vulnerability in Firefox 108 Unrestricted File Upload Vulnerability in erohtar/Dasherr Arbitrary API Endpoint Redirection in Spotipy Library (CVE-2021-XXXX) Out-of-Bounds Write Vulnerability in Contiki-NG BLE-L2CAP Module Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Improper Privilege Management in GLPI Allows Unauthorized Data Export LTI Consumer XBlock Missing Authorization Vulnerability OpenSearch JWT Role Claim Trimming Vulnerability Field-Level Security Bypass in OpenSearch Insufficient Session Expiration in Pi-hole®'s Web Interface Allows for Persistent Cookie-Based Attacks Unauthenticated User Can Create Topics Without Title or Content in Discourse Embeddable Comments Unrestricted Character Limit in Membership Request Reason Field Infinite Loop Vulnerability in OpenMage LTS eCommerce Platform Insecure Execution of External Executables in Git for Windows Code Injection Vulnerability in Modelina Library Reflected Cross-Site Scripting Vulnerability in Multiple WordPress Plugins Unrestricted Access to Contents of Restricted Tags in Discourse Regular Expression Denial of Service (ReDoS) Vulnerability in Discourse Tag topic count vulnerability in Discourse Content-Security-Policy Bypass in Electron with Disabled Sandbox Discourse Hidden Tag Filtering Vulnerability Vulnerability: Panics and Virtual Memory Leaks in go-unixfs HAMT Sharded Directories Panic Vulnerability in go-bitfield Package Cross-site Scripting (XSS) Vulnerability in Sanitize 5.0.0 - 6.0.0 Metabase Dashboard Subscription Information Disclosure Vulnerability Improper Privilege Management in Metabase Subscriptions Critical SQL Injection Vulnerability in SourceCodester Resort Reservation System 1.0 (CVE-2021-227639) XSS Vulnerability in Eta Templating Engine for Express API Panic and Virtual Memory Leak Vulnerability in go-unixfsnode Prior to 1.5.2 Local Authentication Bypass in BeyondTrust Privileged Remote Access (PRA) Versions 22.2.x to 22.4.x SQL Injection Vulnerability in Documize 5.4.2: Remote Code Execution via /api/dashboard/activity Endpoint Stored XSS Vulnerability in Jellyfin 10.8.x through 10.8.3 Allows Theft of Access Tokens Stored XSS Vulnerability in Jellyfin 10.8.x through 10.8.3 Allows Theft of Access Tokens Stored XSS Vulnerability in IMPatienT before 1.5.2 Allows Attackers to Steal Protected Health Information Dubbo Deserialization Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Resort Reservation System 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in WPmanage Uji Popup Plugin <= 1.4.3 CSRF Vulnerability in A WP Life Album Gallery – WordPress Gallery Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Sk. Abul Hasan Team Member – Team with Slider Plugin <= 4.4 CVE-2023-23649 Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (VDB-227641) MainWP MainWP Code Snippets Extension Plugin <= 4.0.2 - Stored XSS Vulnerability MainWP Google Analytics Extension Plugin <= 4.0.4 - Authenticated SQL Injection Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in SparkPost Plugin <= 3.2.5 CVE-2023-23656 Stored Cross-Site Scripting (XSS) Vulnerability in Webforward Mail Subscribe List Plugin CSRF Vulnerability in MainWP Matomo Extension <= 4.0.4 Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (VDB-227642) MainWP MainWP Maintenance Extension Plugin <= 4.1.1 - Authenticated SQL Injection Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in ConvertBox Auto Embed WordPress Plugin BeRocket Brands for WooCommerce Plugin <= 3.7.0.6 - Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in GiveWP Plugin <= 2.25.1 Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 Cross-Site Scripting (XSS) Vulnerability in Team Heateor Fancy Comments WordPress Plugin CSRF Vulnerability in Muneeb Layer Slider Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Harish Chouhan, Themeist I Recommend This Plugin <= 3.8.3 Stored Cross-Site Scripting (XSS) Vulnerability in RVOLA WP Original Media Path Plugin <= 2.4.0 Stored XSS Vulnerability in Catchsquare WP Smart Preloader Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Bruno Aesqe Babic File Gallery Plugin <= 1.8.5.3 GTmetrix for WordPress Plugin <= 0.4.5 XSS Vulnerability CSV Injection vulnerability in WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) User-Controlled Key Authorization Bypass in JS Help Desk: Exploiting Unconstrained ACLs Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (VDB-227644) CSRF Vulnerability in Bob Goetz WP-TopBar Plugin <= 5.36 Stored Cross-Site Scripting (XSS) Vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 Stored Cross-Site Scripting (XSS) Vulnerability in EZP Maintenance Mode Plugin <= 1.0.1 Stored XSS Vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder Plugin WPGraphQL Server-Side Request Forgery (SSRF) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in RadiusTheme Portfolio Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Brett Shumaker Simple Staff List Plugin <= 2.2.2 Youtube Shortcode <= 1.8.5 Auth. Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Sumo Social Share Boost Plugin <= 4.4 Uncontrolled Resource Consumption Vulnerability in Dell PowerScale Nodes Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (VDB-227645) Improper Check for Certificate Revocation in Dell EMC Cloud Mobility for Cloud Storage Devices Dell EMC PV ME5 Client-side Desync Vulnerability OS Command Injection Vulnerability in Dell EMC DDOS 7.9 Dell VxRail OS Command Injection Vulnerability Dell VxRail Manager OS Command Injection Vulnerability Broken Cryptographic Algorithm Vulnerability in Dell Secure Connect Gateway (SCG) Version 5.14.00.12 Improper Authorization Vulnerability in Dell Command Intel vPro Out of Band Arbitrary Folder Deletion Vulnerability in Dell Command | Intel vPro Out of Band Insecure Operation on Windows Junction in Dell Command | Update, Dell Update, and Alienware Update Stored Cross-Site Scripting (XSS) Vulnerability in Chris Reynolds Progress Bar Plugin <= 2.2.1 Critical SQL Injection Vulnerability in SourceCodester Online DJ Management System 1.0 (VDB-227646) Stored Cross-Site Scripting (XSS) Vulnerability in Andrew @ Geeenville Web Design Easy Sign Up Plugin <= 3.4.1 Pixelgrade Comments Ratings Plugin <= 1.1.7 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Arconix Shortcodes Plugin <= 2.1.7 - Stored XSS Vulnerability CSRF Vulnerability in Pixelgrade Comments Ratings Plugin CSRF Vulnerability in HM Plugin WordPress Books Gallery Plugin CSRF Vulnerability in miniOrange WordPress Social Login and Register Plugin Stored Cross-Site Scripting (XSS) via Unrestricted Upload of SVG and HTML Files in Awsm Innovations Embed Any Document Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress Plugin <= 3.9.4 Stored Cross-Site Scripting (XSS) Vulnerability in Denis WPJAM Basic Plugin <= 6.2.1 Critical SQL Injection Vulnerability in SourceCodester Online DJ Management System 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in miniOrange WordPress Social Login and Register Plugin CSRF Vulnerability in A2 Optimized WP Plugin <= 3.0.4 CSRF Vulnerability in User Meta Manager Plugin <= 3.4.9 CSRF Vulnerability in Manoj Thulasidas Theme Tweaker Plugin CSRF Vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash Plugin Cross-Site Scripting (XSS) Vulnerability in George Gecewicz Portfolio Slideshow Plugin <= 1.13.0 Esstat17 Page Loading Effects Plugin XSS Vulnerability CSRF Vulnerability in Premmerce Plugin <= 1.3.17 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online DJ Management System 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) Plugin <= 2.3.13 CSRF Vulnerability in David Gwyer Admin Log Plugin <= 1.50 Stored Cross-Site Scripting (XSS) Vulnerability in Winwar Media WP eBay Product Feeds Plugin <= 3.3.1 Stored Cross-Site Scripting (XSS) Vulnerability in Winwar Media WP Email Capture Plugin <= 3.9.3 CSRF Vulnerability in Winwar Media WP Email Capture Plugin Formilla Live Chat by Formilla Plugin <= 1.3 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Winwar Media WP Flipclock Plugin <= 1.7.4 Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227649) CSRF Vulnerability in HasTheme WishSuite Plugin <= 1.3.3 Stored XSS Vulnerability in Joel James Disqus Conditional Load Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Joel James Lazy Social Comments Plugin <= 2.0.4 Stored XSS Vulnerability in Userlike – WordPress Live Chat Plugin Unauthenticated SQL Injection Vulnerability in MainWP Broken Links Checker Extension Plugin Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227650) LDAP Injection Vulnerability in 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' Extension Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227651) CSRF Vulnerability in Joomla! Post-Installation Message Handling Vulnerability: Unauthorized Access to com_actionlogs in Joomla! 4.0.0 through 4.2.4 Improper Access Check Vulnerability in Joomla! 4.0.0 through 4.2.7 SQL Injection Vulnerability in Visforms Base Package for Joomla 3 Open Redirect and XSS Vulnerability in Joomla! 4.2.0 through 4.3.1 MFA Selection Screen Vulnerability: Lack of Rate Limiting Enables Brute Force Attacks on MFA Methods in Joomla! 4.2.0 - 4.3.1 Cross-site Scripting (XSS) Vulnerability in advcomsys.com oneVote Component for Joomla SQL Injection Vulnerability SQL Injection Vulnerability Remote Denial of Service Vulnerability in Fizz Library Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227652) GitHub Enterprise Server Path Traversal Vulnerability Allows Remote Code Execution GitHub Enterprise Server Improper Authentication Vulnerability GitHub Enterprise Server Incorrect Comparison Vulnerability GitHub Enterprise Server Authorization Bypass and Sensitive Information Disclosure Vulnerability GitHub Enterprise Server Incorrect Comparison Vulnerability Incorrect Diff Display Vulnerability in GitHub Enterprise Server Allows Commit Smuggling GitHub Enterprise Server Incorrect Comparison Vulnerability Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-XXXX) Motorola MBTS Site Controller Vulnerability: Hard-Coded Backdoor Password Motorola MBTS Base Radio: Unchangeable Hard-Coded Backdoor Password Vulnerability Firmware Update Authentication Bypass in Motorola MBTS Site Controller Lack of Firmware Authenticity Check in Motorola EBTS/MBTS Base Radio Motorola EBTS/MBTS Site Controller Debug Prompt Vulnerability Heartbeat Response Password Disclosure Vulnerability in FortiAnalyzer OS Command Injection Vulnerability in FortiWeb Versions 7.0.1 and Below, 6.4, and 6.3.18 and Below Relative Path Traversal Vulnerability in FortiWeb Versions 7.0.1 and Below, 6.4, 6.3, and 6.2 OS Command Injection Vulnerabilities in FortiWeb Versions 7.0.1 and below, 6.4, and 6.3.19 and below Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-12345) Stack-Based Buffer Overflow Vulnerability in Fortinet FortiWeb Stack-based Buffer Overflow in FortiWeb SAML Server Configuration Heap-based Buffer Overflow Vulnerability in Fortinet FortiWeb Fortinet FortiWeb External Format String Vulnerability Relative Path Traversal Vulnerability in Fortinet FortiWeb Stored XSS Vulnerability in DgCult Exquisite PayPal Donation Plugin <= v2.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in Christof Servit Affiliate-Toolkit Plugin <= 3.3.3 CSRF Vulnerability in Premmerce Redirect Manager Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Florin Arjocu Custom More Link Complete Plugin <= 1.4.1 Stored XSS Vulnerability in Premmerce Redirect Manager Plugin Critical Denial of Service Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227655) CSRF Vulnerability in Pods Framework Team Pods Plugin CSRF Vulnerability in HasThemes HT Menu Plugin <= 1.2.1 CSRF Vulnerability in HasThemes Swatchly Plugin <= 1.2.0 Stored Cross-Site Scripting (XSS) Vulnerability in Eightweb Interactive Read More Without Refresh Plugin <= 3.1 Stored Cross-Site Scripting (XSS) Vulnerability in Alex Moss Semalt Blocker Plugin <= 1.1.3 CSRF Vulnerability in Muneeb Form Builder Plugin <= 1.9.9.0 CSV Injection Vulnerability in Muneeb Form Builder | Create Responsive Contact Forms CSRF Vulnerability in SecondLineThemes Auto YouTube Importer Plugin Muneeb Layer Slider Plugin <= 1.1.9.7 - Stored XSS Vulnerability Stored XSS Vulnerability in Leonardo Giacone Easy Panorama Plugin <= 1.1.4 Remote Denial of Service Vulnerability in Netgear SRX5308 up to 4.3.5-3 (VDB-227658) SSRF Vulnerability in WP Shortcodes Plugin — Shortcodes Ultimate CSRF Vulnerability in HasThemes Really Simple Google Tag Manager Plugin CSRF Vulnerability in HasThemes HT Easy GA4 Plugin CSRF Vulnerability in HasThemes JustTables Plugin <= 1.4.9 CSRF Vulnerability in HasThemes HT Feed Plugin Stored XSS Vulnerability in Davinder Singh Custom Settings Plugin <= 1.0 Qumos MojoPlug Slide Panel Plugin <= 1.1.2 - Authenticated Stored XSS Vulnerability Stored XSS Vulnerability in Sergey Panasenko Sponsors Carousel Plugin <= 4.02 Stored XSS Vulnerability in Moris Dov Stock Market Charts Plugin Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Stored XSS Vulnerability in SnapOrbital Panorama Plugin <= 1.5 Stored Cross-Site Scripting (XSS) Vulnerability in Neil Gee Smoothscroller Plugin <= 1.0.0 Stored XSS Vulnerability in Joost de Valk Enhanced WP Contact Form Plugin CSRF Vulnerability in Joseph C Dolson My Calendar Plugin <= 3.4.3 Stored Cross-Site Scripting (XSS) Vulnerability in Alan Jackson Multi-column Tag Map Plugin Critical Cross-Site Scripting (XSS) Vulnerability in Twardes Sitemap Index Plugin <= 1.2.3 Cross-Site Scripting (XSS) Vulnerability in Vera Nedvyzhenko Simple PDF Viewer Plugin Stored XSS Vulnerability in Aviplugins.Com WP Register Profile With Shortcode Plugin <= 3.5.7 Stored Cross-Site Scripting (XSS) Vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich Snippets Plugin Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Stored Cross-Site Scripting (XSS) Vulnerability in ProfilePress Membership Team ProfilePress Plugin Marcin Pietrzak Interactive Polish Map Plugin <= 1.2 - Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Ludwig Media UTM Tracker Plugin <= 1.3.1 WP-TopBar Authenticated SQL Injection (SQLi) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Arsham Mirshah Add Posts to Pages Plugin <= 1.4.1 Cross-Site Scripting (XSS) Vulnerability in Google Maps v3 Shortcode Plugin <= 1.2.1 Stored Cross-Site Scripting (XSS) Vulnerability in Swashata WP Category Post List Widget Plugin <= 2.0.3 Stored XSS Vulnerability in Pierre JEHAN Owl Carousel Plugin <= 0.5.3 Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 Unauthenticated Reflected XSS Vulnerability in ProfilePress Membership Team ProfilePress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Rating-Widget Rating-Widget: Star Review System Plugin <= 3.1.9 Cross-Site Scripting (XSS) Vulnerability in TC Ultimate WP Query Search Filter Plugin Cross-Site Scripting (XSS) Vulnerability in Steven Henty Drop Shadow Boxes Plugin XPath Injection Vulnerability in Mendix Applications SolarWinds Platform 2022.4.1 Deserialization of Untrusted Data Remote Code Execution Vulnerability Unprotected Exception Handling Vulnerability Exposing Sensitive Information Server Vulnerability: Directory Traversal and File Enumeration SolarWinds Platform Vulnerability: Unauthorized Access to Sensitive Information Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 SolarWinds Platform: Incorrect Comparison Vulnerability Sensitive Data Disclosure in SolarWinds Serv-U File Share and File Request Attribute Changes SolarWinds Network Configuration Manager Directory Traversal Vulnerability SolarWinds Platform: Arbitrary Command Execution Vulnerability SolarWinds Platform: Incorrect Comparison Vulnerability SolarWinds Platform: Incorrect Comparison Vulnerability Open5GS GTP Library Denial of Service Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Synopsys Jenkins Coverity Plugin Unauthenticated Remote Code Execution in Synopsys Jenkins Coverity Plugin Unauthenticated Cross-Site Scripting Vulnerability in Coverity Connect Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 Vulnerability: Enumeration of Credentials IDs in Synopsys Jenkins Coverity Plugin Arbitrary File Upload Vulnerability in SAP Business Planning and Consolidation Cross-Site Scripting (XSS) Vulnerability in SAP Solution Manager (System Monitoring) Version 720 Unauthenticated Link Redirection Vulnerability in AP NetWeaver Application Server for ABAP and ABAP Platform Privilege Escalation Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Insufficient URL Validation in SAP Solution Manager 720 Allows for User Redirection to Malicious Sites XSS Vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence User Interface) Unauthenticated Access and Unauthorized Operations Vulnerability in SAP NetWeaver AS for Java - Version 7.50 Insufficient Input Validation in SAP NetWeaver AS for ABAP and ABAP Platform Unauthenticated Link-Based Information Disclosure and Modification Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Unauthenticated Link Redirection Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform CSRF Vulnerability in German Mesky GMAce Plugin <= 1.5.2 Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Vertical Scroll Recent Post Plugin <= 14.0 Stored XSS Vulnerability in TreePress – Easy Family Trees & Ancestor Profiles Plugin Cross-Site Scripting (XSS) Vulnerability in Michael Aronoff Very Simple Google Maps Plugin CSRF Vulnerability in Stripe Payments For WooCommerce Plugin Allows Unauthorized Settings Change Stored Cross-Site Scripting (XSS) Vulnerability in Carlos Moreira Interactive Geo Maps Plugin <= 1.5.8 Stored Cross-Site Scripting (XSS) Vulnerability in Gautam Thapar Button Builder – Buttons X Plugin <= 0.8.6 CSRF Vulnerability in Amit Agarwal Google XML Sitemap for Mobile Plugin Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 Stored Cross-Site Scripting (XSS) Vulnerability in wpdevart Responsive Vertical Icon Menu Plugin <= 1.5.8 Webdzier Button Plugin <= 1.1.23 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Flector BBSpoiler Plugin <= 2.01 Stored Cross-Site Scripting (XSS) Vulnerability in Metaphor Creations Ditty Plugin <= 3.0.32 Stored XSS Vulnerability in Himanshu Bing Site Verification Plugin Stored Cross-Site Scripting (XSS) Vulnerability in TMS-Plugins wpDataTables Plugin <= 2.1.49 Stored Cross-Site Scripting (XSS) Vulnerability in bkmacdaddy designs Pinterest RSS Widget Plugin Stored Cross-Site Scripting (XSS) Vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS Plugin <= 4.3.9 CSRF Vulnerability in Nicolas Zeh PHP Execution Plugin Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface ExactMetrics Plugin <= 7.14.1: Stored Cross-Site Scripting (XSS) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in GreenTreeLabs Circles Gallery Plugin <= 1.0.10 Missing Authorization vulnerability in Ultimate Addons for Beaver Builder – Lite (versions n/a through 1.5.5) Stored XSS Vulnerability in David Gwyer WP Content Filter Plugin <= 3.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in Kanban for WordPress Kanban Boards Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Fullworks Quick Contact Form Plugin <= 8.0.3.1 Stored Cross-Site Scripting (XSS) Vulnerability in Fullworks Quick Paypal Payments Plugin <= 5.7.25 Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface CSRF Vulnerability in LJ Apps WP Airbnb Review Slider Plugin OceanWP Ocean Extra Plugin <= 2.1.1 Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jamie Poitra M Chart Plugin <= 1.9.4 Stored Cross-Site Scripting (XSS) Vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar Plugin Missing Authorization vulnerability in MyThemeShop URL Shortener CSRF Vulnerability in Ozette Plugins Simple Mobile URL Redirect Plugin Stored Cross-Site Scripting (XSS) Vulnerability in CreativeThemes Blocksy Companion Plugin CSRF Vulnerability in HasThemes Extensions For CF7 Plugin Allows Arbitrary Plugin Activation Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Unauthenticated Reflected XSS Vulnerability in YIKES, Inc. Easy Forms for Mailchimp Plugin (<= 6.8.8) Chain of Trust Vulnerability in SkyBridge MB-A200 and SkyBridge BASIC MB-A130 Firmware Buffer Overflow Vulnerability in Milesight UR32L v32.3.0.5 uhttpd Login Functionality Allows Remote Code Execution SAML Configuration File Upload Vulnerability Unauthenticated Remote Execution of Critical Functions in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier Arbitrary File Read Vulnerability in Milesight VPN v2.0.2 Improper Access Control Vulnerability in 3rd Generation Intel Xeon Scalable Processors Information Disclosure Vulnerability in Intel(R) Trace Analyzer and Collector Software Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 Privilege Escalation via Out-of-Bounds Write in Intel(R) Trace Analyzer and Collector Software E2E Encryption Bypass Vulnerability in Chat Room Group Key Change Remote Code Execution Vulnerability in EdgeRouters and UniFi Security Gateways HSTS Failure in Serial Requests Vulnerability in curl <v7.88.0 Parallel Requests HSTS Cache Overwrite Vulnerability Unlimited Resource Allocation Vulnerability in curl <v7.88.0 Prototype Pollution Vulnerability in Rocket.Chat Server <5.2.0 Allows Remote Code Execution (RCE) and Admin Account Takeover Privilege Escalation Vulnerability in Node.js Experimental Permissions OpenSSL Error Stack Leakage Vulnerability in Node.js Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Untrusted Search Path Vulnerability in Node.js Allows for Potential Loading of ICU Data Cross-Site Scripting (XSS) Vulnerability in Moodle's ReturnURL Parameter Cross-Site Scripting (XSS) Vulnerability in Moodle Blog Search Unrestricted Access to Restricted Functionality in Moodle Arbitrary Object Unserialize and Remote Code Execution in Dompdf 2.0.1 Regular Expression Denial of Service (reDOS) Vulnerability in Switcher Client SDK XML External Entity (XXE) Vulnerability in APOC Core Plugin of Neo4j Graph Database Cross-Site Scripting (XSS) Vulnerability in Craft CMS Quick Post Widget Insecure HS256 Signature Validation in reason-jose Insecure Refresh Token Validity in vantage6 Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Vulnerability: Security Issue with Default Serialization in vantage6 Versions Prior to 4.0.0 Vulnerability: Mutable Objects in Cipher.update_into Crash Vulnerability in OpenDDS Exposed to Untrusted RTPS Network Traffic OpenSearch Anomaly Detection Plugin Unauthorized Data Access Vulnerability Vulnerability: Cookie Parsing Issue in Werkzeug Insecure Personal Message Tag Count Display in Discourse CRLF Injection Vulnerability in Undici Library Unvalidated File Content-Type Upload Vulnerability in Pimcore Cross-Site Scripting (XSS) Vulnerability in Tuleap Tracker Administration Insecure Temporary File Creation in Azure/setup-kubectl GitHub Action Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface (CVE-2021-XXXX) Missing `finalize_keccak` call in `is_valid_eth_signature` allows impersonation vulnerability in OpenZeppelin Contracts for Cairo Inconsistent Amount and Item List Vulnerability in SwagPayPal Integration Unsanitized QML Labels in Nextcloud Desktop Client Prior to 3.6.3 Allow JavaScript Injection Nextcloud Mail App Vulnerability: Internal Service and Server Scanning Cleartext Password Storage Vulnerability in Nextcloud Mail App Path Traversal Vulnerability in Git's `git apply` Command Improper Authorization Bug in Argo CD Allows Unauthorized Access to Cluster Secrets SQL Injection Vulnerability in ownCloud Android App Client-Side Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface CRLF Injection Vulnerability LDAP Attribute Enumeration Vulnerability Command Injection Vulnerability in Advanced Secure Gateway and Content Analysis Elevation of Privilege Vulnerability in Advanced Secure Gateway and Content Analysis Stored Cross-Site Scripting Vulnerability in Advanced Secure Gateway and Content Analysis Server-Side Request Forgery Vulnerability in Advanced Secure Gateway and Content Analysis Client-Side Code Execution Vulnerability Vulnerability: Unauthenticated User Can Manipulate 'next' Query Parameter in Symantec Identity Portal 14.4 Hash Leak Vulnerability in Symantec Protection Engine (prior to 9.1.0) Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Denial-of-Service Vulnerability in Django's Accept-Language Header Parsing Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Mobile Comparison Website 1.0 Unrestricted Upload of Dangerous File Type in WooRockets Corsa Stored XSS Vulnerability in CodePeople WP Time Slots Booking Form Plugin Stored XSS Vulnerability in Smplug-in Social Like Box and Page by WpDevArt Plugin CSRF Vulnerability in a3rev Software Contact Us Page – Contact People Plugin <= 3.7.0 CSRF Vulnerability in Fullworks Quick Event Manager Plugin: Registration Actions CVE-2023-23976 Stored Cross-Site Scripting (XSS) Vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments Plugin <= 1.6.1 Sensitive Information Exposure in SwitchWP WP Client Reports Plugin Unauthenticated Stored XSS Vulnerability in Fullworks Quick Event Manager Plugin (<= 9.7.4) Reflected Cross-Site Scripting in Icegram Engage WordPress Plugin MailOptin Popup Builder Team MailOptin Plugin <= 1.2.54.0 - Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in QuantumCloud Conversational Forms for ChatBot Plugin <= 1.1.6 Stored Cross-Site Scripting (XSS) Vulnerability in WPGear.Pro WPFrom Email Plugin <= 1.8.8 CSRF Vulnerability in wpdevart Responsive Vertical Icon Menu Plugin Allows Theme Deletion CSRF Vulnerability in Wow-Company Bubble Menu Plugin Leads to Form Deletion CVE-2023-23985 Stored Cross-Site Scripting (XSS) Vulnerability in WPEverest User Registration Plugin <= 2.3.0 CVE-2023-23989 Unfiltered User Input Vulnerability in QuBot WordPress Plugin CVE-2023-23991 CSRF Vulnerability in AutomatorWP Plugin Allows Object Deletion CSRF Vulnerability in LionScripts IP Blocker Lite Plugin Marcel Bootsman Auto Hide Admin Bar Plugin <= 1.6.1 - Stored XSS Vulnerability Stored XSS Vulnerability in TinyMCE Custom Styles Plugin <= 1.1.2 Stored XSS Vulnerability in ProfilePress Membership Team ProfilePress Plugin CSRF Vulnerability in Dave Jesch Database Collation Fix Plugin <= 1.2.7 Stored XSS Vulnerability in VikRentCar Car Rental Management System Plugin Stored Cross-Site Scripting (XSS) Vulnerability in MonsterInsights Plugin <= 8.14.0 User Vault Data Leakage Vulnerability SQL Injection vulnerability in GamiPress gamipress allows unauthorized database access Stored XSS Vulnerability in Yannick Lefebvre Modal Dialog Plugin <= 3.5.9 Stored Cross-Site Scripting (XSS) Vulnerability in WPdevart YouTube Embed, Playlist and Popup Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Timersys WP Popups – WordPress Popup Plugin <= 2.1.4.8 Stored Cross-Site Scripting (XSS) Vulnerability in WPdevart Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 Stored Cross-Site Scripting (XSS) Vulnerability in Winwar Media Inline Tweet Sharer Plugin Cross-Site Scripting (XSS) Vulnerability in WP Terms Popup Plugin <= 2.6.0 CSRF Vulnerability in TheOnlineHero - Tom Skroza Admin Block Country Plugin CSRF Vulnerability in yonifre Maspik – Spam Blacklist Plugin <= 0.7.8 Reflected Cross-site Scripting (XSS) Vulnerability in Wpazure Themes Upfrontwp Theme <= 1.1 Stored Cross-Site Scripting Vulnerability in QuBot WordPress Plugin Heap-Based Buffer Overflow in Delta Electronics' CNCSoft-B DOPSoft Versions 1.0.0.4 and Prior Authenticated User Exploits Null Name Vulnerability to Partially Disable Reports Section Uncontrolled Search Path Element Vulnerability in Intel(R) Quartus(R) Prime Pro and Standard Edition Software for Linux Stack-based Buffer Overflow in libzebra.so.0.0.0 security_decrypt_password Functionality of Milesight UR32L v32.3.0.5 Stack-based Buffer Overflow in Milesight UR32L v32.3.0.5: Exploiting the urvpn_client http_connection_readcb Functionality Reflected Cross-Site Scripting Vulnerability in Photo Gallery Slideshow & Masonry Tiled Gallery Plugin for WordPress Snap One Wattbox WB-300-IP-3 Brute Force Login Vulnerability Vulnerability: ModSecurity File Uploads '\0' Byte Handling Issue Hardcoded SSH Credentials in Baicells Nova LTE TDD eNodeB Devices BLUFFS: Bluetooth Vulnerability Allowing Man-in-the-Middle Attacks and Key Discovery Universal Forgeries of Digital Signatures via Template Side-Channel Attack in CRYSTALS-DILITHIUM Algorithm XSS Vulnerability in MISP 2.4.167 via Event-Graph Preview Payload Cross-Site Scripting (XSS) Vulnerability in MISP 2.4.167 via app/webroot/js/action_table.js Incorrect Access Control in MISP 2.4.167's ACLComponent.php for Decaying Import Function Privilege Escalation Vulnerability in WS_FTP Server before 8.8 Open Redirect Vulnerability in Zimbra Collaboration Suite through 9.0 and 8.8.15 Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration (ZCS) 9.0 and 8.8.15 Local Privilege Escalation (LPE) Vulnerability in Zimbra Collaboration Suite through 9.0 and 8.8.15 SDP Format Type Check Vulnerability in Samsung Exynos Modem Chipsets Catastrophic Backtracking Vulnerability in HTML-StripScripts Module Stack-based Buffer Overflow in ParseColors in libXm in Common Desktop Environment 1.6 Stored Cross-Site Scripting Vulnerability in CRM and Lead Management by vcita Plugin for WordPress Arbitrary Printer Name Injection Vulnerability in Common Desktop Environment 1.6 Path Traversal Vulnerability in LightFTP 2.2 via Malformed FTP Request Host Header Injection Vulnerability in Plesk Obsidian Login Page User File Download Vulnerability in Dataiku DSS 11.2.1 Arbitrary Command Execution Vulnerability in Connectize AC21000 G6 641.139.1.1256 Weak Hashing Algorithm in Connectize AC21000 G6 641.139.1.1256: A Critical Credential Management Vulnerability CSRF Vulnerability in Connectize AC21000 G6 641.139.1.1256: Unauthorized Device Control via /man_password.htm Vulnerability: Privilege Escalation via Poor Credential Management on Connectize AC21000 G6 641.139.1.1256 Cross-Site Request Forgery Vulnerability in CRM and Lead Management by vcita Plugin for WordPress Cross Site Scripting (XSS) Vulnerability in Connectize AC21000 G6 641.139.1.1256 Admin Panel Client Side Rate Limit Bypass Vulnerability in Connectize AC21000 G6 641.139.1.1256 Unauthenticated Password Change Vulnerability in Connectize AC21000 G6 641.139.1.1256 KeePass XML Configuration File Write Access Vulnerability Unbounded String Expansion Vulnerability in pkgconf through 1.9.3 Arbitrary Directory Extraction Vulnerability in HL7 FHIR Core Libraries User Impersonation Vulnerability in Booked Scheduler 2.5.5 and LabArchives Scheduler (Sep 6, 2022 Feature Release) Critical Vulnerability in Grand Theft Auto V for PC Enables Remote Code Execution and File Modification Stored Cross-Site Scripting Vulnerability in Event Registration Calendar and Online Payments Plugins for WordPress Server-Side Request Forgery (SSRF) Vulnerability in Haven 5d15944 Stored XSS Vulnerability in NOSH 4a5cfdb: Execution of JavaScript Payload via Create User Page Insecure Modification of Conversation Attachments in Signal Desktop Insecure Attachment Handling in Signal Desktop Cross-Site Request Forgery Vulnerability in Event Registration Calendar By vcita and Online Payments Plugins for WordPress Cross-Site Scripting (XSS) Vulnerability in MISP 2.4.167 via Referer Field in authkey_add FuguHub v8.1 and Earlier Remote Code Execution Vulnerability Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 (VDB-227702) Unrestricted Password Reset Endpoint Allows Brute Force Attacks in Chamberlain myQ v5.222.0.32277 (iOS) Stored XSS Vulnerabilities in Redrock Software TutorTrac before v4.2.170210 SQL Injection Vulnerability in ChiKoi v1.0 via load_file Function Reflected Cross-Site Scripting (XSS) Vulnerability in SLIMS v9.5.2 via /customs/loan_by_class.php?reportView Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Authentication Bypass Vulnerability in H3C A210-G A210-GV100R005 Denial of Service (DoS) Vulnerability in MikroTik RouterOS v6.40.5 Bridge2 Component Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Bypassing Domain Restrictions in Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 Code Execution Backdoor in Hour of Code Python 2015 Commit 520929797b9ca43bb818b2e8f963fb2025459fa3 via Request Package Code Execution Backdoor in MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 via Request Package Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 (VDB-227705) Remote Code Execution (RCE) Vulnerability in Typecho 1.1/17.10.30 via install.php Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Command Injection Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Unauthenticated Modification of Data and Code Injection in Online Booking & Scheduling Calendar for WordPress by vcita Plugin Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Hard-coded Telnet Password Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Hard-coded Root Password Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Vulnerability: Unauthorized Data Modification and Denial of Service in vcita WordPress Plugin Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu via Crafted MQTT Packet Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu: Arbitrary Command Execution via Crafted MQTT Packet Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu: Exploiting MQTT Packet Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu's recvSlaveCloudCheckStatus Function Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu via slaveIpList Parameter in setUpgradeFW Function Hard-coded Telnet Password Vulnerability in TOTOLINK T8 V4.1.5cu Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu MQTT Packet Handling Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu: Remote Code Execution via MQTT Packet Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Cross-Site Request Forgery Vulnerability in vcita WordPress Plugin Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Dromara Hutool v5.8.11 Deserialization Vulnerability in XmlUtil.readObjectFromXml Parameter Arbitrary Code Execution via Aviator Template Engine in Dromara Hutool v5.8.11 Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/FUN_000c2318 Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/initIpAddrInfo Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/formWifiBasicSet Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/add_white_node Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/FUN_0007343c Unquoted Search Path Vulnerability in ks-soft Advanced Host Monitor Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/fromSetWirelessRepeat Insufficiently Random Values Vulnerability in Konga 2.8.3 Login API (VDB-227715) Integer Overflow in Libelfin v0.3's load function at elf/mmap_loader.cc Allows for Denial of Service (DoS) via Crafted ELF File Reflected Cross-Site Scripting (XSS) Vulnerability in LuCI openwrt-22.03 branch git-22.361.69894-438c598 Stored Cross-Site Scripting (XSS) Vulnerability in LuCI openwrt-22.03 branch git-22.361.69894-438c598 via /system/sshkeys.js Command Injection Vulnerability in TOTOLink A7100RU V7.4cu.2313_B20191024 XML External Entity (XXE) Vulnerability in ureport v2.2.9 Allows Arbitrary Code Execution via Crafted XML File Upload Directory Traversal Vulnerability in uReport v2.2.9 Allows Arbitrary File Deletion XML External Entity (XXE) Vulnerability in urule v2.1.7 Allows Arbitrary Code Execution via Crafted XML File Upload Unrestricted Upload Vulnerability in Zhong Bang CRMEB 4.6.0 (VDB-227716) Cross-Site Scripting (XSS) Vulnerability in Online Food Ordering System v2 via signup.php Cross-Site Scripting (XSS) Vulnerability in Online Food Ordering System v2 Cross-Site Scripting (XSS) Vulnerability in Online Food Ordering System v2 via navbar.php's page parameter Cross-Site Scripting (XSS) Vulnerability in Online Food Ordering System v2 SQL Injection Vulnerability in Online Food Ordering System v2 via id parameter at view_order.php Multiple SQL Injection Vulnerabilities in Raffle Draw System v1.0 SQL Injection Vulnerability in Raffle Draw System v1.0 Critical SQL Injection Vulnerability in MLECMS 3.0 (CVE-2021-XXXX) SQL Injection Vulnerability in Raffle Draw System v1.0 SQL Injection Vulnerability in Raffle Draw System v1.0 Local File Inclusion Vulnerability in Raffle Draw System v1.0 Remote Code Execution Vulnerability in Clash for Windows v0.20.12 via Configuration File Overwrite SQL Injection Vulnerability in Davinci v0.3.0-rc via copyDisplay Function Cross-Site Scripting (XSS) Vulnerability in Control iD RHiD 23.3.19.0 Stack Overflow Vulnerability in Tenda AX3 V16.03.12.11 via timeType function at /goform/SetSysTimeCfg Local File Inclusion Vulnerability in AgileBio Electronic Lab Notebook v4.234 SQL Injection Vulnerability in LuckyframeWEB v3.5 via dataScope Parameter at /system/UserMapper.xml Keycloak Server Vulnerability: Unauthorized Access via mTLS Authentication SQL Injection Vulnerability in LuckyframeWEB v3.5 via dataScope Parameter SQL Injection Vulnerability in LuckyframeWEB v3.5 via dataScope Parameter at /system/DeptMapper.xml Command Injection in DrayTek Vigor2960 v1.5.1.4 (Unsupported Version) Denial-of-Service Vulnerability in Rockwell Automation Armor PowerFlex Device Stored XSS Vulnerability in Formwork v1.12.1: Arbitrary Code Execution via Page Title Parameter Stored XSS Vulnerability in Inventory Management System v1's Categories Name Parameter Stored XSS Vulnerability in Inventory Management System v1's Product Name Parameter Stored XSS Vulnerability in Inventory Management System v1: Arbitrary Code Execution via Client Name Parameter Stored XSS Vulnerability in Inventory Management System v1's Brand Name Parameter Command Injection Vulnerability in TOTOlink A7100RU(V7.4cu.2313_B20191024) Command Injection Vulnerability in TOTOlink A7100RU(V7.4cu.2313_B20191024) Unrestricted Upload Vulnerability in DedeCMS 5.7.106 (VDB-227750) SQL Injection Vulnerability in Forget Heart Message Box v1.1 Server-Side Request Forgery (SSRF) Vulnerability in CData RSB Connect v22.0.8336 Arbitrary File Upload Vulnerability in Laravel-Admin v1.8.19 Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Student Information System 1.0 Cross-Site Scripting (XSS) Vulnerability in WangEditor v5 via /dist/index.js Component SQL Injection Vulnerability in Domotica Labs srl Ikon Server v2.8.6 and earlier Path Traversal Privilege Escalation Vulnerability in com.nextev.datastatistic Component of NIO EC6 Aspen SQL Injection Vulnerability in SPIP v4.1.5 and Earlier via _oups Parameter Out-of-range Pointer Offset Vulnerability in vim/vim (prior to 9.0.1499) Arbitrary Code Execution Vulnerability in GL.iNET GL-E750 Mudi Arbitrary Code Execution via File Upload in Textpattern v4.8.8 Plugin Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.13 Command Injection Vulnerability in TOTOlink A7100RU(V7.4cu.2313_B20191024) Squidex before 7.4.0 - squid.svg Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Open Networking Foundation ONOS API Documentation Dashboard Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.13 Arbitrary Code Execution via Crafted Ringtone File in Poly Trio 8800 7.2.2.1094 Improper Access Control in GitHub Repository: thorsten/phpmyfaq (prior to 3.1.13) Buffer Overflow Vulnerability in Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 Arbitrary Code Execution Vulnerability in SoftMaker FlexiPDF v3.0.3.0 Missing Lock in io_cqring_event_overflow() in Linux Kernel: A Local Privilege Escalation Vulnerability Arbitrary Code Execution Vulnerability in IrfanView v4.60 PDF.dll Plugin Memory Vulnerability in PDF-XChange Editor 9.3 Allows Code Execution via Crafted PDF File Kubelet Vulnerability: Bypassing Seccomp Profile Enforcement Arbitrary File Upload Vulnerability in Judging Management System 1.0 via edit_organizer.php Unauthenticated Command Execution Vulnerability in Axcora POS #0~gitf77ec09 Reflected Cross-Site Scripting (XSS) Vulnerability in mojoPortal v2.7.0.0 FileDialog.aspx Component Authenticated XML External Entity (XXE) Injection Vulnerability in Mojoportal v2.7 Bypassing Blocklisting Methods in urllib.parse Component of Python Stored Cross-Site Scripting Vulnerability in YARPP Plugin for WordPress (up to version 5.30.3) Command Injection Vulnerability in D-Link DIR-882 Firmware Version DIR882A1_FW130B06 Command Injection Vulnerability in D-Link DIR-816 Firmware v1.10CNB04 Stack Overflow Vulnerability in Tenda AC6 Firmware Version US_AC6V5.0re_V03.03.02.01_cn_TDC01 Stack Overflow Vulnerability in Tenda AC21 Firmware US_AC21V1.0re_V16.03.08.15_cn_TDC01 Arbitrary Command Execution Vulnerability in Tenda AC23 Firmware US_AC23V1.0re_V16.03.07.45_cn_TDC01 Vulnerability: Unauthorized Data Loss in Nested Pages WordPress Plugin Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Local File Inclusion Vulnerability in Blog-in-Blog WordPress Plugin (Versions up to 1.1.1) Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 via /goform/formWPS Parameter Stored Cross-Site Scripting Vulnerability in Blog-in-Blog WordPress Plugin (Versions up to 1.1.1) SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0's Admin Panel Arbitrary File Download Vulnerability in rConfig v6.8.0 UJCMS v4.1.3 Cross-Site Scripting (XSS) Vulnerability in Add New Articles Function Authentication Bypass Vulnerability in UserPro WordPress Plugin (CVE-2023-2448) Stored XSS Vulnerability in USB Memory Direct Simple Custom Author Profiles Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Photon WP Material Design Icons for Page Builders Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Nico Graff WP Simple Events Plugin <= 1.0 CSRF Vulnerability in Ecwid Ecommerce Shopping Cart Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Codeat Glossary Plugin <= 2.1.27 Cross-Site Request Forgery (CSRF) Vulnerability in UserPro WordPress Plugin CSRF Vulnerability in Simple Wp Sitemap Plugin Stored Cross-Site Scripting (XSS) Vulnerability in NsThemes Advanced Social Pixel Plugin <= 2.1.1 CSRF Vulnerability in Photon WP Material Design Icons for Page Builders Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Namaste! LMS Plugin <= 2.5.9.1 CSRF Vulnerability in WpDevArt Organization Chart Plugin Stored Cross-Site Scripting (XSS) Vulnerability in David Lingren Media Library Assistant Plugin <= 3.11 Stored XSS Vulnerability in Karishma Arora AI Contact Us Form Plugin <= 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in WPdevart Organization Chart Plugin <= 1.4.4 CSRF Vulnerability in WpDevArt Booking Calendar Plugin Stored XSS Vulnerability in brandiD Social Proof (Testimonial) Slider Plugin <= 2.2.3 Stored Cross-Site Scripting Vulnerability in UserPro WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WeSecur Security Plugin <= 1.2.1 Stored XSS Vulnerability in Spider Teams ApplyOnline Plugin <= 2.5 Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Full Width Banner Slider WP Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Sk. Abul Hasan Animated Number Counters Plugin <= 1.6 Stored XSS Vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions CSRF Vulnerability in Contact Form 7 Redirect & Thank You Page Plugin Stored XSS Vulnerability in VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 Reservation.Studio Widget Plugin <= 1.0.11 - Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in EZP Coming Soon Page Plugin <= 1.0.7.3 OceanWP Ocean Extra Plugin <= 2.1.2 - Stored Cross-Site Scripting (XSS) Vulnerability UserPro WordPress Plugin Cross-Site Request Forgery Vulnerability Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA Plugin XSS Vulnerability Stored XSS Vulnerability in Davidsword Mobile Call Now & Map Buttons Plugin <= 1.5.0 Cross-Site Scripting (XSS) Vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar Plugin WP For The Win bbPress Voting Plugin <= 2.1.11.0 - Authenticated Stored XSS Vulnerability VryaSage Marketing Performance Plugin XSS Vulnerability CSRF Vulnerability in Contact Form 7 – PayPal & Stripe Add-on Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Muneeb ur Rehman Simple PopUp Plugin <= 1.8.6 Stored Cross-Site Scripting (XSS) Vulnerability in Ecwid Ecommerce Shopping Cart Plugin Unauthenticated Reflected XSS Vulnerability in WP Responsive Tabs Plugin (<= 1.1.15) SQL Injection Vulnerability in Fluent Forms Contact Form Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Kerry Kline BNE Testimonials Plugin <= 2.0.7 Stored XSS Vulnerability in Web-Settler Image Social Feed Plugin <= 1.7.6 Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution WordPress Vertical Image Slider Plugin CSRF Vulnerability in RoboSoft Photo Gallery Plugin CSRF Vulnerability in QuantumCloud AI ChatBot Plugin Arne Franken All In One Favicon Path Traversal Vulnerability CSRF Vulnerability in tiggersWelt.Net Worthy Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider Plus Plugin <= 3.2 CSRF Vulnerability in Formidable Forms Plugin (<= 5.5.6) Stored XSS Vulnerability in GitLab CE/EE Versions 15.11 - 15.11.7 and 16.0 - 16.0.2 Unauthenticated Reflected XSS Vulnerability in Zestard Technologies Admin Side Data Storage for Contact Form 7 Plugin (<= 1.1.1) CSRF Vulnerability in WP Engine PHP Compatibility Checker Plugin Sandbox Bypass Vulnerability in Jenkins Script Security Plugin CSRF Vulnerability in Jenkins Gerrit Trigger Plugin Allows Unauthorized Rebuilding of Previous Builds Session Invalidation Vulnerability in Jenkins OpenId Connect Authentication Plugin Jenkins Kubernetes Credentials Provider Plugin Unauthorized Access Vulnerability Session Persistence Vulnerability in Jenkins Azure AD Plugin Session Invalidation Vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and Earlier Jenkins Bitbucket OAuth Plugin CSRF Vulnerability: User Account Hijacking Unrestricted Execution and Path Parsing Vulnerability in Jenkins Semantic Versioning Plugin Insecure Cipher Vulnerability in Rockwell Automation ThinManager Product XML External Entity (XXE) Vulnerability in Jenkins Semantic Versioning Plugin 1.14 and Earlier Jenkins Orka by MacStadium Plugin 1.31 and Earlier: Credential Enumeration Vulnerability Jenkins Orka by MacStadium Plugin 1.31 CSRF Vulnerability: Unauthorized Credential Capture Jenkins Orka by MacStadium Plugin 1.31 and Earlier: Missing Permission Checks Allow Unauthorized Access to HTTP Server CSRF Vulnerability in Jenkins GitHub Pull Request Builder Plugin Allows Unauthorized Credential Capture Vulnerability: Unauthorized Access to Jenkins Credentials via GitHub Pull Request Builder Plugin Credential Enumeration Vulnerability in Jenkins GitHub Pull Request Builder Plugin Jenkins JIRA Pipeline Steps Plugin CSRF Vulnerability Jenkins JIRA Pipeline Steps Plugin Vulnerability: Unauthorized URL Connection and Credential Capture Unencrypted Storage of Private Keys in Jenkins JIRA Pipeline Steps Plugin Cross Site Request Forgery Vulnerability in Rockwell Automation's FactoryTalk Vantagepoint Private Key Exposure in Jenkins JIRA Pipeline Steps Plugin XML External Entity (XXE) Vulnerability in Jenkins MSTest Plugin 1.0.0 and Earlier Unencrypted Storage of GitHub and Sonar Credentials in Jenkins Global Configuration File Vulnerability: XML External Entity (XXE) Attack in Jenkins TestComplete Support Plugin Session Persistence Vulnerability in Jenkins OpenID Plugin Open Redirect Vulnerability in Jenkins OpenID Plugin Jenkins OpenID Plugin CSRF Vulnerability: Account Hijacking via Login Manipulation Jenkins RabbitMQ Consumer Plugin CSRF Vulnerability Jenkins RabbitMQ Consumer Plugin 2.8 and Earlier: Missing Permission Check Allows Unauthorized Connection File Path Disclosure Vulnerability in Jenkins PWauth Security Realm Plugin Improper Access Control in Subscriptions Folder Path Filter in Devolutions Server 2023.1.1 and Earlier Unencrypted Password Storage in Jenkins View-Cloner Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Cisco Spark Notifier Plugin CSRF Vulnerability in Jenkins TestQuality Updater Plugin 1.3 and Earlier Allows Unauthorized URL Connections Jenkins TestQuality Updater Plugin 1.3 and Earlier: Unauthorized URL Connection Vulnerability Unencrypted Storage of TestQuality Updater Password in Jenkins Controller Configuration File File Path Disclosure Vulnerability in Jenkins visualexpert Plugin Session Invalidation Vulnerability in Jenkins Keycloak Authentication Plugin Jenkins Keycloak Authentication Plugin CSRF Vulnerability: Account Hijacking via Login Impersonation Jenkins BearyChat Plugin CSRF Vulnerability Unauthenticated Remote URL Connection Vulnerability in Jenkins BearyChat Plugin Sensitive Information Disclosure in UserPro WordPress Plugin (Versions up to 5.1.1) Improper Certificate Validation Vulnerability in BIG-IP Edge Client Improper Input Validation in Intel Thunderbolt DCH Drivers for Windows: Potential Information Disclosure Vulnerability Stored Cross-Site Scripting Vulnerability in Buffalo Network Devices Null Pointer Reference Vulnerability in OpenHarmony Wi-Fi Subsystem Vulnerability: Broken Access Control in Advanced Authentication Critical Cross-Site Scripting Vulnerability in ArcSight Logger Prior to 7.3.0 Cross-Site Request Forgery (CSRF) Vulnerability in UserPro WordPress Plugin XML External Entity Injection in ArcSight Logger versions prior to 7.3.0 Access Control Vulnerability in Debug Functionality Allows Unauthorized Information Retrieval Denial of Service Vulnerability in OpenImageIO Project OpenImageIO v2.4.7.1 Information Disclosure Vulnerability in OpenImageIO Project OpenImageIO v2.4.7.1 Experion Server Heap Overflow Vulnerability Intel(R) Server Board BMC Firmware Information Disclosure Vulnerability Local Traffic Recording Vulnerability Session Invalidation Vulnerability in Guardian/CMC Versions Before 22.6.2 Insufficiently Random Values in Intel Agilex Software: Potential Information Disclosure Vulnerability Authentication Bypass Vulnerability in Yifan YF325 v1.0_20221108's httpd nvram.cgi Functionality UserPro Plugin for WordPress Arbitrary Shortcode Execution Vulnerability Stack Overflow Vulnerability in Controller: Decoding Server Message DoS Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Local Privilege Escalation Vulnerability SEH-based Buffer Overflow Vulnerability in COMOS Cache Validation Service Privilege Escalation Vulnerability on Citrix Virtual Apps and Desktops Windows VDA Unauthorized Log File Write Vulnerability Privilege Escalation Vulnerabilities in Citrix Workspace App Enable SYSTEM-Level Access Local User Privilege Escalation Vulnerability in Citrix Workspace app for Linux Critical Arbitrary File Read Vulnerability in Citrix ADC and Citrix Gateway Cross-Site Scripting Vulnerability in Citrix ADC and Citrix Gateway Remote Code Execution Vulnerability in Customer-Managed ShareFile Storage Zones Controller UserPro WordPress Plugin Unauthorized Password Reset Vulnerability Unauthorized Desktop Launch Vulnerability Privilege Escalation Vulnerability in Citrix Secure Access Client for Windows Remote Code Execution Vulnerability in Citrix Secure Access Client for Ubuntu Formula Injection Vulnerability in Tenable.sc Allows Arbitrary Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in Tenable.sc Tenable.sc Server Side Request Forgery (SSRF) Vulnerability Arbitrary JavaScript Code Injection through XSS in Milesight VPN v2.0.2 Arbitrary JavaScript Code Injection via Cross-Site Scripting (XSS) in Milesight VPN v2.0.2 Authentication Bypass Vulnerability in Switch Web Server Privacy Breach: Butterfly Button Plugin Exposes User Activity, Posing Risks to Domestic Privacy Stored Cross-Site Scripting Vulnerability in FiboSearch - AJAX Search for WooCommerce Plugin for WordPress Electra Central AC Unit Vulnerability: Unauthorized Firmware Loading via Adjacent Attack Critical Security Vulnerability: Hardcoded Credentials in Electra Central AC Unit Critical Security Flaw: Electra Central AC Unit Vulnerable to Easily Exploitable AP Password Electra Central AC Unit Vulnerability: Unauthorized Firmware Loading via Adjacent Attack Electra Central AC Unit Vulnerability: Unauthorized Update Server Connection Unspecified Request Vulnerability in Milesight NCR/Camera Version 71.8.0.6-r5 Unspecified Request Exposes Credentials in Milesight NCR/Camera Version 71.8.0.6-r5 Insecure File Upload Vulnerability in AgilePoint NX v8.0 SU2.2 & SU2.3 Remote Shell Code Exploitation via HTTP Command Injections in Baicells Nova LTE TDD eNodeB Devices Privilege Escalation Vulnerability in Arista EOS with Redundant Supervisor Modules Critical SQL Injection Vulnerability in SourceCodester Online DJ Management System 1.0 (VDB-227795) Denial of Service Vulnerability in EOS DHCP Relay Agent Memory Leak Vulnerability in Arista EOS SNMPd Process Arbitrary Configuration Update Vulnerability in Arista EOS with Enabled Streaming Telemetry Agent and gNMI Access Denial of Service Vulnerability in Arista CloudEOS Software Forwarding Engine Visual Console Module in Pandora FMS v767 and prior versions is vulnerable to Cross-site Scripting (XSS) leading to session hijacking and phishing attacks. Server-Side Request Forgery (SSRF) vulnerability in Pandora FMS API checker allows unauthorized access to internal files Pandora FMS Special Days Component XSS Vulnerability Arbitrary Command Execution through Unrestricted File Upload in Pandora FMS File Manager CSRF Vulnerability in Pandora FMS Version 767 and Earlier OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Exploiting vtysh_ubus toolsh_excute.constprop.1 and Ping Utility Stored Cross-Site Scripting Vulnerability in Advanced Woo Search Plugin for WordPress OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Exploiting vtysh_ubus toolsh_excute.constprop.1 and trace tool utility Unauthenticated User Session Manipulation in SAP NetWeaver AS ABAP (BSP Framework) Unauthenticated User Session Manipulation Vulnerability in SAP NetWeaver AS ABAP Privilege Escalation via Crafted ConfigureOutsideDiscovery Request in SAP Host Agent (Start Service) - Versions 7.21, 7.22 SAP S/4 HANA Map Treasury Correspondence Format Data Privilege Escalation Vulnerability SAP CRM WebClient UI - Cross-Site Scripting (XSS) Vulnerability Unauthenticated Privilege Escalation in SAP NetWeaver Application Server Java Unauthenticated Access to SAP NetWeaver AS Java for Deploy Service Sensitive Data Exposure in SAP Fiori Travel Management App Reflected Cross-Site Scripting (XSS) Vulnerability in BSP Application (CRM_BSP_FRAME) Arbitrary File Inclusion Vulnerability in PHPFusion Remote Code Execution Vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC) Vulnerability: Incorrect Result in ScalarMult and ScalarBaseMult Methods of P256 Curve Vulnerability: Incorrect Multiplication of Unreduced P-256 Scalars Denial of Service Vulnerability in HTTP and MIME Header Parsing Panic Vulnerability in Parsing Invalid Messages Denial of Service Vulnerability in Multipart Form Parsing Infinite Loop Vulnerability Caused by Integer Overflow in Parse Functions with Large Line Numbers Improper Handling of Backticks in Template Literals Allows Arbitrary Code Injection CSS Injection via Unexpected HTML Injection PostgreSQL Vulnerability: Arbitrary Code Execution via Schema_Element Improper Sanitization of Whitespace Characters in JavaScript Templates Unquoted search path vulnerability in Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 Improper Access Control Vulnerability in Buffalo Network Devices Denial of Service Vulnerability in Arista CloudEOS Software Forwarding Engine Improper Access Controls in Arista CloudVision Portal: Expanding Data Access Vulnerability BGP Password Logging Vulnerability in Arista MOS Vulnerability: Egress Port Packet Forwarding Issue in Arista EOS with VXLAN Configuration Stack-based Buffer Overflow in Solid Edge SE2022 and SE2023 Vulnerability: Inconsistent Application of Row Security Policies in PostgreSQL Heap-based Buffer Overflow in Solid Edge SE2022 and SE2023 Heap-Based Buffer Underflow in Solid Edge SE2022 and SE2023 Out-of-Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out-of-Bounds Write Vulnerability in Solid Edge SE2022 and SE2023 Uninitialized Pointer Access Vulnerability in Solid Edge SE2022 and SE2023 Uninitialized Pointer Access Vulnerability in Solid Edge SE2022 and SE2023 Uninitialized Pointer Access Vulnerability in Solid Edge SE2022 and SE2023 Memory Corruption Vulnerability in Solid Edge SE2022 and SE2023 (ZDI-CAN-19069) Out-of-Bounds Read Vulnerability in Solid Edge STL File Parsing (ZDI-CAN-19428) Stack-based Buffer Overflow in Solid Edge SE2022 and SE2023 (ZDI-CAN-19472) Dell NetWorker Version Disclosure Vulnerability: Exploiting RabbitMQ for Targeted Attacks Dell NetWorker Rabbitmq Port Vulnerability: Disallowing Replacement of CA Signed Certificates Local Privilege Escalation Vulnerability in Dell Alienware Command Center Heap Corruption Vulnerability in ChromeOS Audio Server Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Arbitrary Folder Delete Vulnerability in Dell Command | Integration Suite for System Center Arbitrary Folder Deletion Vulnerability in Dell Command | Monitor Uncontrolled Resource Consumption Vulnerability in Dell Enterprise SONiC OS Authentication Component Local Privilege Escalation Vulnerability in Dell E525w Printer Driver and Software Suite Unauthenticated Remote Code Execution Vulnerability in EMC NetWorker Client Execution Service Privilege Escalation Vulnerability in McAfee Total Protection DLL Sideloading Vulnerability in McAfee Total Protection prior to 16.0.49 Allows Privilege Escalation Uninstallation Exploit in McAfee Total Protection Prior to 16.0.51 Use After Free Vulnerability in ChromeOS Camera Denial-of-Service Vulnerability in Django Multipart Request Parser Use-After-Free Vulnerability in Solid Edge SE2022 and SE2023 (ZDI-CAN-19425) OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Arbitrary Command Execution via Network Request OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Arbitrary Command Execution via UDP Packet Buffer Overflow Vulnerability in Controller 6000 Diagnostic Web Interface Upload Feature Out-of-Bounds Write Vulnerability in Weston Embedded uC-HTTP v3.01.01 Cleartext Storage of Sensitive Information in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier Denial of Service Vulnerability in Intel(R) Optane(TM) SSD Firmware Intel Optane SSD Firmware Vulnerability: Unauthorized Access to Sensitive Information Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows Bypassing Permission Restrictions in Prompts in Google Chrome Format String Vulnerability in Gallagher Controller 6000's Diagnostic Web Interface Uncontrolled Search Path Vulnerability in Intel(R) Binary Configuration Tool Software Path Traversal Vulnerability in Intel(R) oneAPI Toolkits and Component Software (Before Version 2023.1) Allows Privilege Escalation via Local Access Undisclosed Traffic Vulnerability in SSL Profile Configuration OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5 Unauthenticated Loading of Remote Resources in OX App Suite Email Printing Information Leakage in Distribution List Handling in OX App Suite ID Confusion Vulnerability in OX App Suite Allows Unauthorized Appointment Changes Bypassing File Access Checks via Crafted HTML Page in Google Chrome Extensions Bypassing Access Controls in OX App Suite: Unauthorized Reading of Contacts Cross-Site Scripting (XSS) Vulnerability in OX App Suite before frontend 7.10.6-rev24 Cross-Site Scripting (XSS) Vulnerability in OX App Suite Tumblr Portal Widget Unrestricted Data Download Vulnerability in OX App Suite Unrestricted Header Length Vulnerability in OX App Suite Lack of Two-Factor Authentication Enforcement in OX App Suite Denial of Service Vulnerability in Qt SQL ODBC Driver Plugin Length-Subtraction Integer Overflow in TLS 1.3 Server: Matrix SSL and Rambus TLS Toolkit Vulnerability Use After Free Vulnerability in Google Chrome on ChromeOS Arbitrary Code Execution Vulnerability in NOSH 4a5cfdb's Practice Logo Upload Feature Command Injection Vulnerability in PdfBook Extension for MediaWiki Remote Code Execution Vulnerability in Array Networks AG Series and vxAG Cleartext AWS Credentials Disclosure in Redpanda (CVE-2022-XXXX) Remote Code Execution Vulnerability in Prompts in Google Chrome XML Entity Expansion Attack in YamlBeans YamlReader Untrusted Deserialization Vulnerability in Esoteric YamlBeans Insufficiently Restrictive Regular Expression in isInList Function Leads to SSRF Vulnerability SSRF Vulnerability in Paranoidhttp before 0.3.0 Insecure Direct Object Reference (IDOR) Vulnerability in Faveo 5.0.1 Privilege Escalation via SIGHUP Signal in GNU Screen Omnibox Content Hiding Vulnerability in Google Chrome on Android Origin Spoofing Vulnerability in Picture-in-Picture Feature in Google Chrome SQL Injection Vulnerability in Judging Management System v1.0 via sid Parameter at /php-jms/updateview.php SQL Injection Vulnerability in Judging Management System v1.0 via sid Parameter at /php-jms/updateTxtview.php SQL Injection Vulnerability in Judging Management System v1.0 via sid Parameter at /php-jms/updateBlankTxtview.php Arbitrary File Upload Vulnerability in Food Ordering System v2.0 SQL Injection Vulnerability in Food Ordering System v2.0 via Email Parameter Cross-Site Scripting (XSS) Vulnerability in Zstore v6.6.0 via /index.php Component CORS Implementation Vulnerability in Google Chrome: Cross-Origin Data Leakage SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0's Request a Quote Function SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0: Profile Update Function SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0's Create Ticket Function Reflected Cross-Site Scripting (XSS) Vulnerability in phpIPAM v1.6 Spoofing Vulnerability in Prompts in Google Chrome Bypassing Permissions Restrictions in Prompts on Google Chrome for Android Unquoted Service Path Vulnerability in VX Search v13.8 and v14.7 Bludit CMS v.4.0.0 Local Privilege Escalation via role:admin Parameter BluditCMS v.3.14.1 Cross Site Scripting Vulnerability in Categories Friendly URL Arbitrary Code Execution Vulnerability in ProcessWire 3.0.210 via download_zip_url Parameter Denial of Service (DoS) Vulnerability in Centralite Pearl Thermostat 0x04075010 via Crafted Zigbee Message Obfuscation of Security UI in Picture-in-Picture in Google Chrome SQL Injection Vulnerability in ChurchCRM v4.5.3 and Below via EID Parameter at GetText.php SQL Injection Vulnerability in ChurchCRM v4.5.3 and Below: Event Attendance Reports Module Arbitrary Code Execution Vulnerability in ChurchCRM v4.5.3 and Below via CSV Import Stored Cross-Site Scripting (XSS) Vulnerability in Mojoportal v2.7.0.0 Company Info Settings Component Unauthenticated User Registration Bypass in Mojoportal v2.7.0.0 CSS File Disclosure Vulnerability in Mojoportal v2.7.0.0 and Below Stored Cross-Site Scripting (XSS) Vulnerability in ChurchCRM 4.5.3 and Below at /api/public/register/family Directory Traversal Vulnerability in Foswiki v2.1.7 and Below Cross-Site Scripting (XSS) Vulnerability in Add to Feedly WordPress Plugin Denial of Service Vulnerability in Paradox Security Systems IPR512 Reflected Cross-Site Scripting Vulnerability in Sendinblue WordPress Plugin with WPML Integration Arbitrary Code Execution via Crafted EPUB File Upload in readium-js v0.32.0 Cross-Site Scripting (XSS) Vulnerability in LiveAction LiveSP v21.1.2 Stored XSS Vulnerability in SAS 9.4 Admin Console User Management Module SQL Injection Vulnerability in Art Gallery Management System v1.0 via viewid Parameter SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 Inefficient Algorithmic Complexity in Dreamer CMS UserController.java (VDB-227860) SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 Reflected XSS Vulnerability in PMB v7.4.6 via /admin/convert/export_z3950_new.php Arbitrary Code Execution via Image File Upload in PMB v7.4.6 Open Redirect Vulnerability in PMB v7.4.6 via /opac_css/pmb.php Component Remote Code Execution Vulnerability in PMB v7.4.6 via /sauvegarde/restaure_act.php Reflected Cross-Site Scripting (XSS) Vulnerability in PMB v7.4.6 via /admin/convert/export_z3950.php Cross-Site Request Forgery Vulnerability in Rebuild 3.2 (VDB-227866) Arbitrary Code Execution via Cross Site Scripting (XSS) in Rediker Software AdminPlus 6.1.91.00 Cross-Site Scripting (XSS) Vulnerability in Jfinal CMS v5.1 via /system/dict/list Component Cross-Site Scripting (XSS) Vulnerability in Dromara J2eeFAST up to 2.6.0 NULL Pointer Dereference in libde265 v1.0.10's mc_chroma Function at motion.cc NULL Pointer Dereference Vulnerability in libde265 v1.0.10's ff_hevc_put_hevc_epel_pixels_8_sse Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's ff_hevc_put_weighted_pred_avg_8_sse Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's put_weighted_pred_8_fallback Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's ff_hevc_put_unweighted_pred_8_sse Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's put_unweighted_pred_16_fallback Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's ff_hevc_put_weighted_pred_avg_8_sse Function Cross-Site Scripting (XSS) Vulnerability in Dromara J2eeFAST up to 2.6.0 Privilege Escalation Vulnerability in Ofcms v.1.1.4 OS Command Injection Vulnerability in D-Link DIR-867 Firmware 1.30B07 SQL Injection Vulnerability in Xen Forum for PrestaShop (Versions up to 2.13.0) Stored Cross-Site Scripting (XSS) Vulnerability in Changedetection.io Cross-Site Scripting (XSS) Vulnerability in Funadmin up to 3.2.3 (CVE-2021-227869) SQL Injection Vulnerability in Funadmin v3.2.0 via id parameter at /databases/database/list SQL Injection Vulnerability in Funadmin v3.2.0 via selectFields Parameter in \controller\auth\Auth.php SQL Injection Vulnerability in Funadmin v3.2.0 via selectFields Parameter in \member\Member.php Remote Code Execution (RCE) Vulnerability in Funadmin v3.2.0 via \controller\Addon.php SQL Injection Vulnerability in Funadmin v3.2.0 via id parameter at /databases/table/list Unauthorized User Exploits GraphQL Endpoint to Attach Malicious Runner in GitLab SQL Injection Vulnerability in Funadmin v3.2.0 via id Parameter at /databases/table/columns SQL Injection Vulnerability in Funadmin v3.2.0 via selectFields Parameter in \member\MemberLevel.php SQL Injection Vulnerability in Funadmin v3.2.0 via id Parameter at /databases/database/edit Denial of Service Vulnerability in Giorgio Tani PeaZip v9.0.0 SQL Injection Vulnerability in NotrinosERP v0.7 via OrderNumber Parameter Authenticated SQL Injection Vulnerability in JEECG-Boot v3.4.4 via Building Block Report Component OS Command Injection in GitHub Repository Appium/Appium-Desktop (Prior to v1.22.3-4) Title: Critical Command Execution Vulnerability in JHR-N916R Router Firmware (<=21.11.1.1483) Remote Code Execution Vulnerability in Vinga WR-AC1200 81.102.1.4370 and Earlier via Password Parameter Stack Overflow Vulnerability in D-Link DIR882 Router (Model DIR882A1_FW110B02) Allows for DoS and Arbitrary Code Execution Stack Overflow Vulnerability in D-Link DIR878 DIR_878_FW120B05 Router Stack Overflow Vulnerability in D-Link DIR878 DIR_878_FW120B05: Exploiting sub_48AF78 Function Elevation of Privilege Vulnerability in M-Files Client Stack Overflow Vulnerability in D-Link DIR878 DIR_878_FW120B05: Potential DoS and Code Execution Incomplete Fix for Path Traversal Vulnerability in ownCloud Android App Remote Code Execution Vulnerability in CUPS-Filters Backend Error Handler (BEH) Regular Expression Denial of Service (ReDoS) Vulnerability in Undici HTTP/1.1 Client Denial of Service (DOS) Vulnerability in PDFio Parser (Versions prior to 1.1.0) Buffer Overflow Vulnerability in NetHack 3.6.2 - 3.6.6 Buffer Clearing Vulnerability in sli_se_opaque_import_key Arbitrary JavaScript Execution Vulnerability in Misskey's `miauth` Authentication Cross Site Scripting Vulnerability in Misskey URL Preview Function SQL Injection Vulnerability in Misskey's note search API by tag (notes/search-by-tag) Arbitrary URL and Protocol Calling Vulnerability in Dompdf Unfiltered Server Environment Variable Injection in TYPO3 Vert.x-Web: Exfiltration of Class Path Resources via Wildcard Mount Point on Windows Command Injection Vulnerability in IPython.utils.terminal.set_term_title Integer Underflow and Out-of-Bounds Access Vulnerability in RIOT-OS Network Stack NULL Pointer Dereference in RIOT-OS Network Stack Leads to Denial of Service Out-of-Bounds Write and Arbitrary Code Execution Vulnerability in RIOT-OS Network Stack SQL Injection Vulnerability in Responsive CSS EDITOR WordPress Plugin Denial of Service Vulnerability in RIOT-OS Network Stack Out-of-Bounds Write Denial of Service Vulnerability in RIOT-OS Network Stack Denial of Service Vulnerability in RIOT-OS Network Stack Type Confusion Vulnerability in RIOT-OS Network Stack Quadratic Complexity Vulnerability in cmark-gfm Leading to Denial of Service NULL Pointer Dereference Vulnerability in RIOT-OS Network Stack Uninitialized Object Denial of Service Vulnerability in RIOT-OS Network Stack Password Disclosure Vulnerability in Syft v0.69.0 and v0.69.1 Insecure Access Token and Password Reset Key Generation in Onedev Apache IoTDB Incorrect Authorization Vulnerability Improper Authentication Vulnerability in Apache IoTDB Web Workbench Apache IoTDB Grafana Connector Improper Authentication Vulnerability Null Pointer Dereference Vulnerability in Hermes Runtime Use-after-free vulnerability in BigIntPrimitive addition in Hermes VM Improper Access Control in WisdomGarden Tronclass Allows Unauthorized File Access Code Injection Vulnerability in Softnext Technologies Corp.’s SPAM SQR Allows Remote Attackers to Execute Arbitrary Commands Path Traversal Vulnerability in SUNNET CTMS File Upload Function Insufficient Filtering in HGiga PowerStation Remote Management Function Allows Arbitrary Command Execution Title: HGiga PowerStation Information Leakage Vulnerability Enables Remote Code Execution Insufficient Filtering in HGiga MailSherlock Allows for Reflected XSS Attack Time-Based SQL Injection Vulnerability in Active Directory Integration Plugin for WordPress Insufficient Validation in HGiga MailSherlock Mail Query Function Allows SQL Injection Insufficient Filtering in HGiga MailSherlock Query Function Allows Remote Code Execution Insufficient Access Control in HGiga MailSherlock Allows Unauthorized Access to User Mail Content Transient Denial of Service (DoS) Vulnerability in Modem during 5G Cell Camping Hardware Protected Address Range Vulnerability in Access Control Core Library Vulnerability: Insufficient Blocking of Data Forwarding in RUGGEDCOM Devices Transient Denial of Service Vulnerability in Modem DSM Item Allocation VoLTE Call Vulnerability: Information Disclosure in Data Modem FMTP Line Parsing Vulnerability in SDP Message Leads to Information Disclosure Privilege Escalation Vulnerability in GitLab CE/EE Versions 14.1 to 16.0.2 KeyMaster Trusted Application Vulnerability: Memory Corruption during Cryptographic Key Import WLAN HOST Memory Corruption Vulnerability Secure Memory Access Vulnerability in Core during Modem Image Loading HLOS Memory Corruption Vulnerability during Key Provisioning Notify Registration WLAN HOST Memory Corruption Vulnerability in QMI WLAN Firmware Response Parsing Modem Memory Corruption Vulnerability during AS Security Exchange Configuration Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Microsoft Printer Driver Information Disclosure Vulnerability Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class IKE Extension Denial of Service Vulnerability Microsoft Defender DoS Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Windows Secure Channel DoS Vulnerability Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability in Microsoft PostScript and PCL6 Class Drivers Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer RPC Runtime RCE Vulnerability Sensitive Information Exposure in Smackcoders Export All Posts, Products, Orders, Refunds & Users Plugin Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class BlueBleed: Windows Bluetooth Service Remote Code Execution Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Reflected Cross-Site Scripting Vulnerability in Stop Spammers Security WordPress Plugin Exploiting Windows SmartScreen Security Feature Bypass Vulnerability Exposed Data: Microsoft Teams Information Disclosure Vulnerability Unsecured Data Exposure in Microsoft OneDrive for Android Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Print Nightmare: Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Stored Cross-Site Scripting Vulnerability in Stop Spammers Security WordPress Plugin iOS OneDrive Security Feature Bypass Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Edge (Chromium-based) Webview2 Spoofing Vulnerability Exposes Users to Phishing Attacks Code Execution Vulnerability in Visual Studio Code Remote Access .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable by Remote Attackers Exploiting Dynamics 365 Finance Spoofing Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable by Remote Attackers Windows SMB Service Disruption Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Fernando Briano UserAgent-Spy Plugin <= 1.3.1 Windows NTLM Information Disclosure Vulnerability Windows NFS Portmapper Information Disclosure Vulnerability Exposes Sensitive Data Windows Kernel Win32k Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Installer Privilege Escalation Vulnerability Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Microsoft Printer Driver Information Disclosure Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer RPC Runtime RCE Vulnerability Print Nightmare: Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Arbitrary Command Execution Vulnerability in Emacs org-babel-execute:latex Function Windows Graphics Component Privilege Escalation Vulnerability Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Windows Graphics Component Privilege Escalation Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Windows Kernel Win32k Elevation of Privilege Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) SQL Injection Vulnerability in QueryWall WordPress Plugin Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Unveiling Sensitive Data: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Unsecured Data Exposure in Microsoft OneDrive for Android Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer SQL Injection Vulnerability in All In One Redirection WordPress Plugin MacOS Elevation of Privilege Vulnerability in Microsoft OneDrive Windows Secure Channel DoS Vulnerability BootGuard Bypass Vulnerability Exploiting Microsoft Defender Security Feature Bypass Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Elevated Privilege Vulnerability in .NET Framework and Visual Studio Windows CryptoAPI Denial of Service Vulnerability: Disrupting Cryptographic Operations Windows CryptoAPI Denial of Service Vulnerability: Exploiting Weaknesses in Cryptographic Services NFS Server Denial of Service Vulnerability Unauthenticated Modification of Data Vulnerability in Go Pricing - WordPress Responsive Pricing Tables Plugin Windows PGM Denial of Service Vulnerability Windows Network File System RCE Vulnerability RPC Runtime DoS Vulnerability PGM Remote Code Execution Vulnerability in Windows Windows Bluetooth Driver Data Exposure Vulnerability Windows iSCSI Target Service Information Disclosure Vulnerability Exposes Sensitive Data Windows Backup Service Privilege Escalation Vulnerability BlueBleed: Exploiting the Windows Bluetooth Driver for Remote Code Execution BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Windows Kernel Privilege Escalation Vulnerability Unauthenticated Access and CSRF Vulnerability in Greeklish-permalink WordPress Plugin Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server SharePoint Server Remote Code Execution Vulnerability SQL Injection Vulnerability in Forget Heart Message Box v1.1 Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 18.0.0.0 - 22.0.2 IBM TS7700 Management Interface Privilege Escalation and Remote Code Execution Vulnerability IBM InfoSphere Information Systems 11.7 Host System and Environment Configuration Exposure Vulnerability Arbitrary File Upload Vulnerability in Go Pricing - WordPress Responsive Pricing Tables Plugin Directory Traversal Vulnerability in IBM InfoSphere Information Server 11.7 Local User Information Disclosure in IBM InfoSphere Information Server 11.7 Unrestricted Access Vulnerability in IBM Aspera Faspex 5.0.5 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Cross-Site Request Forgery and PHP Object Injection Vulnerability in UserPro WordPress Plugin Denial of Service Vulnerability in IBM B2B Advanced Communications and IBM Multi-Enterprise Integration Gateway HTTP Header Injection Vulnerability in IBM Spectrum Symphony 7.3 Apache InLong Out-of-bounds Read Vulnerability Uninitialized Pointer Access Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19788) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19789) Stored Cross-Site Scripting Vulnerability in Go Pricing - WordPress Responsive Pricing Tables Plugin Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19790) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19791) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19804) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19805) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19806) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19807) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19808) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19809) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19810) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19811) Authentication Bypass Vulnerability in RegistrationMagic WordPress Plugin Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19812) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19813) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19814) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19815) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19816) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19817) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19818) Apache InLong Deserialization of Untrusted Data Vulnerability Unlimited File Upload DoS Vulnerability in Apache Commons FileUpload Vulnerability: Unauthorized Destruction of Secret IDs in HashiCorp Vault's AppRole Auth Method PHP Object Injection Vulnerability in Go Pricing - WordPress Responsive Pricing Tables Plugin Cache-timing vulnerability in HashiCorp Vault's Shamir's secret sharing implementation Use-After-Free Vulnerability in Autodesk Navisworks 2023 and 2022 via Malicious SKP File Use-After-Free Vulnerability in Autodesk Products via Malicious SKP File Out-of-Bound Read/Write Vulnerability in Autodesk AutoCAD 2023 and Maya 2022 Integer Overflow Vulnerabilities in Autodesk Products Boundary Read Vulnerability in Autodesk InfraWorks DLL Parsing Use-After-Free Exploit: Code Execution via Malicious USD File Uninitialized Pointer Vulnerability in USD File Parsing Out-of-Bounds Read Vulnerability in USD File Parsing Leading to Code Execution Out-of-Bounds Write Vulnerability in USD File Parsing Uninitialized Variable Exploitation in USD File Parsing Privilege Escalation Vulnerability in PC Settings Tool Use-After-Free Vulnerability in Linux Kernel's HID-Bigbenff Driver Unauthenticated User Password Manipulation in TYPO3 femanager Extension Unauthenticated User Deletion Vulnerability in femanager Extension CSRF Vulnerability in Clockwork Web before 0.1.2 with Rails before 5.2 Information Disclosure Vulnerability in Couchbase Server Incorrect Authorization Vulnerability in RIFARTEK IOT Wall Insufficient Filtering in RIFARTEK IOT Wall Transportation Function Allows for Reflected XSS Attack Premio Chaty Plugin <= 3.0.9 Unauthenticated Reflected XSS Vulnerability Unauthenticated Stored XSS Vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in FareHarbor for WordPress Plugin <= 3.6.6 Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Watu Quiz Plugin <= 3.3.8 Saleswonder.Biz Webinar Ignition Plugin <= 2.14.2 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Icegram Collect Plugin <= 1.3.8 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in Chetan Gole WP-CopyProtect Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Chained Quiz Plugin <= 1.3.2.5 Stored XSS Vulnerability in chuyencode CC Custom Taxonomy Plugin <= 1.0.1 CSRF Vulnerability in utahta WP Social Bookmarking Light Plugin Reflected Cross-Site Scripting Vulnerability in 10Web Social Post Feed WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter Plugin <= 2.7.1 Stored Cross-Site Scripting (XSS) Vulnerability in Print, PDF, Email by PrintFriendly Plugin <= 5.5.1 CSRF Vulnerability in Sumo Social Share Boost Plugin CSRF Vulnerability in BoLiQuan WP Clean Up Plugin CSRF Vulnerability in akhlesh-nagar Social Media Icons Widget Plugin CSRF Vulnerability in 984.Ru For the Visually Impaired Plugin <= 0.58 CVE-2023-25039 Hard-coded Credentials Vulnerability in Firmware Images Stored Cross-Site Scripting (XSS) Vulnerability in Shortcodes Ultimate Plugin <= 5.12.6 Unauthenticated Reflected XSS Vulnerability in Cththemes Monolit Theme <= 2.0.6 Stored Cross-Site Scripting (XSS) Vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers Plugin <= 2.3.0 CVE-2023-25043 Stored XSS Vulnerability in Sumo Social Share Boost Plugin <= 4.4 SQL Injection vulnerability in David F. Carr RSVPMaker Podlove Podcast Publisher Plugin <= 3.8.2 - Authenticated Stored XSS Vulnerability SQL Injection Vulnerability in David F. Carr RSVPMaker rsvpmaker Stored XSS Vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress Plugin <= 3.3.4 CSRF Vulnerability in Product Upload Functionality CSRF Vulnerability in Denishua Comment Reply Notification Plugin <= 1.4 Stored XSS Vulnerability in Teplitsa Yandex.News Feed Plugin Code Injection Vulnerability in David F. Carr RSVPMaker CSRF Vulnerability in Amit Agarwal Google XML Sitemap for Videos Plugin CSRF Vulnerability in SlickRemix Feed Them Social Plugin <= 3.0.2 Unauthorized Access to Sensitive Information in Libsyn Publisher Hub CSRF Vulnerability in Brainstorm Force Schema Plugin Stored Cross-Site Scripting (XSS) Vulnerability in avalex GmbH avalex – Automatically Secure Legal Texts Plugin <= 3.0.3 Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 Stored XSS Vulnerability in PINPOINT.WORLD Pinpoint Booking System Plugin <= 2.9.9.2.8 Stored XSS Vulnerability in Anadnet Quick Page/Post Redirect Plugin <= 5.2.3 Stored XSS Vulnerability in Matteo Candura WP htpasswd Plugin <= 1.7 CSRF Vulnerability in ShapedPlugin WP Tabs Plugin CSRF Vulnerability in FolioVision FV Flowplayer Video Player Plugin Improper Access Control Privilege Escalation Vulnerability in TXOne StellarOne Remote Code Execution via CleverTap Cordova Plugin Deeplinks Cleartext Transmission Vulnerability in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier Denial of Service Vulnerability in Intel(R) Arc(TM) & Iris(R) Xe Graphics Drivers Weak Credentials Vulnerability in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier: Remote Password Decryption in WebUI Improper Access Control in Intel(R) DSA Software: Potential Denial of Service Vulnerability Privilege Escalation in Command Centre Server Allows Unauthorized Access to Competencies Unquoted Search Path Vulnerability in Intel Server Configuration Utility Software Buffer Overflow Vulnerability in SNIProxy 0.6.0-2 and Master Branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba) Allows Arbitrary Code Execution Arbitrary Script Injection in EC-CUBE Authentication Key Settings Heap Overflow Vulnerability in Server or Console Station CSRF Vulnerability in PaperCutNG Mobility Print Version 1.0.3512 Information Disclosure Vulnerability in Intel(R) Distribution of OpenVINO Toolkit Software Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Cross-Site Scripting (XSS) Vulnerability in ADM, LooksGood, and SoundsGood Apps Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerability in set_ike_profile Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerability in set_gre Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_gre Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_gre Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_gre Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerability in set_l2tp Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Integer Overflow Vulnerability in FormData API Implementation Buffer Overflow Vulnerability in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerability in set_ike_profile Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Use-After-Free Vulnerability in Linux Kernel's ext4 Filesystem Default Password Vulnerability in PowerPanel Business Software Unrestricted File Upload Vulnerability in PowerPanel Business Software Privilege Escalation Vulnerability in PowerPanel Business Software Vulnerability: Arbitrary Modification of McAfee COM Component in Windows Registry vBulletin Deserialization Remote Code Execution Vulnerability Double-Free Vulnerability in OpenSSH Server (sshd) 9.1 Allows Remote Code Execution Buffer Overflow in sprintf in glibc 2.37 with Correct Buffer Size Exposing Database Credentials in Mattermost Server Initialization Logs Out of Bounds Read Vulnerability in Parasolid and Solid Edge Critical Injection Vulnerability in Apache Sling JCR Base < 3.1.12 with Old JDK Versions Uncontrolled Search Path Element Vulnerability in Trend Micro Apex One Server Installer Allows Remote Code Execution Improper Access Control Vulnerability in Trend Micro Apex One Agent Allows Local Privilege Escalation and Arbitrary Directory Creation Privilege Escalation Vulnerability in Trend Micro Apex One Agent Scanning Function Trend Micro Apex One Agent File Replacement Vulnerability Vulnerability: Bypassing Protection in Trend Micro Apex One Agent via Crafted DLL Privilege Escalation Vulnerability in Trend Micro Apex One Privilege Escalation Vulnerability in TimescaleDB 2.8.0 - 2.9.2 Privilege Escalation Vulnerability in Mattermost Nextcloud Office App (Collabora Integration) File Access Vulnerability Denial-of-Service Vulnerability in OpenTelemetry-Go v0.38.0 Wings Server Control Plane Vulnerability: Unauthorized File and Directory Creation Unbounded File Read Vulnerability in containerd Unvalidated URL in Misskey prior to 13.5.0 allows remote code execution Integer Overflow Vulnerability in Redis Server Lack of Rate Limits in Kiwi TCMS Login Page Allows Brute-Force Attacks Vulnerability: Misuse of OGC Filter Expression Language in GeoServer SQL Injection Vulnerabilities in GeoTools JDBCDataStore Implementations Unauthenticated Access to Watermark-Free Previews in Nextcloud Server and Nextcloud Office Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.7 Mailbox Access Vulnerability in Nextcloud Mail Missing Rate Limiting on Password Reset Functionality in Nextcloud Server and Nextcloud Enterprise Server Server-side Request Forgery (SSRF) Vulnerability in Nextcloud Server and Nextcloud Enterprise Server Argo CD Repository Access Credentials Leakage Vulnerability Sensitive values stored in process.env variable are exposed in plaintext in index.js file in TinaCMS CLI versions >= 1.0.0 && < 1.0.9 Information Disclosure via getHostByName in Helm Templates Denial of Service Vulnerability in formula Parser Regular Expression Denial of Service in Discourse Wings Server Control Plane File Deletion Vulnerability User Data Leakage in Discourse Yearly Review Plugin Cross-Site Request Forgery (CSRF) Vulnerability in Metform Elementor Contact Form Builder Plugin for WordPress PrestaShop CSRF Token Bypass Vulnerability Lack of Rate Limits in Kiwi TCMS Prior to v12.0 Allows Denial-of-Service Attacks on Password Reset Page Cross-Site Scripting (XSS) Vulnerability in Discourse Improper Supplementary Group Setup in containerd Runtime Improper Access Control in Intel Chipset Driver Software: Potential Privilege Escalation Vulnerability Information Disclosure Vulnerability in Intel(R) Server Board BMC Firmware CVE-2023-25176 Stack-Based Buffer Overflow in Delta Electronics' CNCSoft-B DOPSoft Versions 1.0.0.4 and Prior Remote Code Execution Vulnerability in Controller Firmware Denial of Service Vulnerability in Intel(R) Unite(R) Android Application Reflected Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Heap-based Buffer Overflow in Weston Embedded uC-HTTP v3.01.01 HTTP Server Functionality Uncontrolled Search Path Element Vulnerability in Intel(R) Unite(R) Client Software for Mac Arbitrary Command Execution Vulnerability in Snap One OvrC Pro Versions Prior to 7.2 Weak Credentials Vulnerability in Seiko Solutions SkyBridge and SkySpider Series Privilege Escalation Vulnerability in NOKIA Airscale ASIKA Single RAN Devices Directory Path Traversal Vulnerability in Nokia Airscale ASIKA Single RAN Devices Default SSH Keys Vulnerability on NOKIA Airscale ASIKA Single RAN Devices Unauthenticated Access to Nokia Airscale ASIKA Single RAN BTS Baseband Unit via AaShell Critical SQL Injection Vulnerability in Caton CTP Relay Server 1.2.9 Password Disclosure Vulnerability in AMI MegaRAC SPX Devices through Redfish User Enumeration Vulnerability in AMI MegaRAC SPX Devices through Redfish HarfBuzz O(n^2) Growth Vulnerability in hb-ot-layout-gsubgpos.hh Apache Kafka Connect API Vulnerability: Unrestricted Deserialization and Remote Code Execution (RCE) Apache Fineract: Server-Side Request Forgery (SSRF) Vulnerability SQL Injection Vulnerability in Apache Fineract SQL Injection Vulnerability in Apache Fineract CVE-2023-25199 Critical Command Injection Vulnerability in Caton Prime 2.1.2.51.e8d7225049(202303031001) CVE-2023-25200 Arbitrary Code Execution via Crafted Script Upload in MultiTech Conduit AP MTCAP2-L4E1 SQL Injection Vulnerability in PrestaShop ws_productreviews < 3.6.2 Critical SQL Injection Vulnerability in PrestaShop dpdfrance <6.1.3 via ajax.php Cross-Site Scripting (XSS) Vulnerability in NEXTU NEXT-7004N 3.0.1 Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 Firmware Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 Firmware Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 Firmware Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Critical Remote Command Injection Vulnerability in Chengdu VEC40G 3.0 Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Potential DoS and Code Execution Heap-Buffer-Overflow Vulnerability in Libde265 v1.0.10's derive_spatial_luma_vector_prediction Function Heap-based Buffer Overflow Vulnerability in GNU LibreDWG v0.12.5 SQL Injection Vulnerability in CRMEB <=1.3.4 via /api/admin/user/list Unrestricted File Upload Vulnerability in Weaver E-Office 9.5 (VDB-228014) Server-Side Request Forgery (SSRF) Vulnerability in Loonflow R2.0.14 Buffer Overflow Vulnerability in Tenda Router W30E V1.0.1.25(633) - fromRouteStatic Function Buffer Overflow Vulnerability in Tenda AC500 V2.0.1.9(1307) via Parameters entrys and mitInterface Buffer Overflow Vulnerability in Tenda AC500 V2.0.1.9(1307) via fromAddressNat Parameters Buffer Overflow Vulnerability in Tenda AC500 V2.0.1.9(1307) - formOneSsidCfgSet Function Critical Remote Code Execution Vulnerability in Control iD RHiD 23.3.19.0 Arbitrary Code Execution Vulnerability in pimCore v10.5.15 due to Improper SameSite Attribute Reflected Cross-Site Scripting (XSS) Vulnerability in bgERP v22.31 via Search Parameter Cross-Site Request Forgery Vulnerability in Easy Google Maps Plugin for WordPress (up to version 1.11.7) Local File Inclusion Vulnerability in Stimulsoft Designer (Web) 2023.1.3 Remote Code Execution in Stimulsoft Designer and Viewer Server Side Request Forgery (SSRF) vulnerability in Stimulsoft Designer (Web) 2023.1.3 allows for data exfiltration and outbound traffic Static Secret Used for Connection String Decryption in Stimulsoft Designer (Desktop) 2023.1.5 and 2023.1.4 Authentication Bypass Vulnerability in Docmosis Tornado Directory Traversal Vulnerability in Docmosis Tornado <= 2.9.4 Arbitrary Remote Code Execution (RCE) via Office Directory Setting in Docmosis Tornado Stack-based Buffer Overflow in GFI Kerio Connect 9.4.1 Patch 1 Webmail Component's 2FASetup Function SQL Injection Vulnerability in Integration for Contact Form 7 and Zoho CRM, Bigin WordPress Plugin D-Link DIR820LA1_FW105B03 Privilege Escalation via OS Command Injection Vulnerability Cross-Site Request Forgery Vulnerability in Contact Form by Supsystic Plugin for WordPress D-Link DIR820LA1_FW105B03 Privilege Escalation via OS Command Injection Stack Overflow Vulnerability in D-Link DIR-820L Router's pingV4Msg Component Heap Overflow Vulnerability in D-Link DIR-820L Router Firmware (Version 1.06B02) Stack Overflow Vulnerability in D-Link DIR-820L A1 Firmware 1.06B02 Virtualreception Digital Receptie Directory Traversal Vulnerability Unsanitized SVG Uploads in Enable SVG Uploads WordPress Plugin: XSS Vulnerability Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, leading to Privilege Escalation and Information Disclosure via GO_LANGUAGE Cookie Cross Site Scripting (XSS) Vulnerability in GRUEN eVEWA3 Community 31-53 Login Panel Orchestration Service Privilege Escalation: Remote Code Execution Vulnerability Directory Traversal Vulnerability in ATLauncher <= 3.4.26.0 Allows Arbitrary File Creation Prism Launcher <= 6.1 Directory Traversal Vulnerability PolyMC Launcher <= 1.4.3 Directory Traversal Vulnerability Directory Traversal Vulnerability in MultiMC Launcher <= 0.6.16 Directory Traversal Vulnerability in Nothub Mrpack-Install v0.16.2 XSS Vulnerability in Fetlife Rollout-UI v0.5: Arbitrary Code Execution via Crafted URL Excessive Authentication Attempts Vulnerability in AzuraCast Repository OS Injection Vulnerability in AVideo Version Before 12.4: Arbitrary Code Execution via Video Link Field XSS Vulnerability in World Wide Broadcast Network AVideo Allows Information Disclosure CSRF Vulnerability in PaperCut NG/MF Allows Unauthorized Changes and Code Execution Mybatis Plus SQL Injection Vulnerability in Versions Below 3.5.3.1 Improper Authorization Vulnerability in OTRS AG OTRS 8: Unauthorized User Tracking and Data Leakage CVE-2023-25341 Arbitrary Code Execution Vulnerability in swig-templates and swig Arbitrary File Read Vulnerability in Swig-Templates and Swig Reflected Cross-Site Scripting (XSS) Vulnerability in ChurchCRM 4.5.3 Stored XSS Vulnerability in ChurchCRM 4.5.3: Arbitrary Script Injection via EventEditor.php Title Input Field CSV Injection Vulnerability in ChurchCRM 4.5.3: Arbitrary Code Execution via Crafted Excel File SQL Injection Vulnerability in Faveo Helpdesk 1.0-1.11.1 Privilege Escalation via Insecure Permissions in CoreDial sipXcom 21.04 Arbitrary Command Injection and Remote Code Execution in CoreDial sipXcom 21.04 Remote Code Execution Vulnerability in WebKitGTK's RenderLayer::addChild Remote Code Execution Vulnerability in WebKitGTK's WebCore::RenderLayer::renderer Remote Code Execution Vulnerability in WebKitGTK's RenderLayer::setNextSibling Remote Code Execution Vulnerability in WebKitGTK's RenderLayer::repaintBlockSelectionGaps Remote Code Execution Vulnerability in WebKitGTK's RenderLayer::updateDescendantDependentFlags CVE-2023-25364 Arbitrary Code Execution via Cross Site Scripting (XSS) Vulnerability in October CMS v3.2.0 with .mp3 File Type Insecure SCPI Interface in Siglent SDS 1104X-E Exposes Web Password Remote Code Execution (RCE) Vulnerability in Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS Incorrect Access Control Vulnerability in Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS Denial of Service Vulnerability in Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS BMC TLS Private Key Exposure Vulnerability Allegro Tech BigFlow <1.6 Vulnerability: Missing SSL Certificate Validation Race Condition in Videostream macOS App Updater Script Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Router MSI Repair Functionality Privilege Escalation Vulnerability in Caphyon Advanced Installer 20.0 and Below Memory Leak Vulnerability in Py_FindObjects() Function in scipy commit 8627df31ab Unrestricted File Upload Vulnerability in CleverStupidDog yf-exam 1.8.0 Authentication Bypass Vulnerability in CleverStupidDog yf-exam v 1.8.0 Vulnerability: Incorrect Access Control in Aten PE8108 2.4.232 Vulnerability: Incorrect Access Control in Aten PE8108 2.4.232 Unauthenticated Remote Information Disclosure in KNIME Business Hub CSRF Vulnerability in Aten PE8108 2.4.232 Vulnerability: Unauthenticated Access to Telnet and SNMP Credentials in Aten PE8108 2.4.232 Denial of Service (DOS) Vulnerability in Aten PE8108 2.4.232 Vulnerability: Unauthenticated Access to Event Notification Configuration in Aten PE8108 2.4.232 DLL Hijacking Vulnerability in Soft-o Free Password Manager 1.1.20 Allows Arbitrary DLL Creation and Code Execution XSS Vulnerability in Online Reviewer Management System v1.0 via course-update.php SQL Injection Vulnerability in Online Reviewer Management System v1.0 Buffer Overflow Vulnerability in libtiff 4.5.0 via tiffcrop.c:8499 Buffer Overflow Vulnerability in libtiff 4.5.0: extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215 Buffer Overflow Vulnerability in libtiff 4.5.0: extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753 Cleartext Password Exposure in vTech VCS754 Version 1.1.1.A to 1.1.1.H Arbitrary Code Execution and Privilege Escalation Vulnerability in Genomedics MilleGP5 5.9.2 Stored Cross Site Scripting (XSS) Vulnerability in Square Pig FusionInvoice 2023-1.0 Authorization Bypass Vulnerability in UPV PEIX: Unauthorized Access to User Information via pdf_curri_new.php Stored Cross Site Scripting (XSS) Vulnerability in CiviCRM 5.59.alpha1: Arbitrary Code Execution in First/Second Name Field Marcel Pol Zeno Font Resizer Plugin <= 1.7.9 - Authenticated Stored XSS Vulnerability CSRF Vulnerability in Wow-Company Button Generator Plugin CSRF Vulnerability in Inkthemescom ColorWay Theme <= 4.2.3 CSRF Vulnerability in Eric Teubert Archivist – Custom Archive Templates Plugin CSRF Vulnerability in cformsII Plugin <= 15.0.4 Feather Login Page Plugin for WordPress: Unauthorized Access and Privilege Escalation Vulnerability CSRF Vulnerability in GiveWP Donation Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WPChill CPO Content Types Plugin <= 1.1.0 Stored XSS Vulnerability in CMS Press Plugin <= 0.2.3 Unauthenticated Reflected XSS Vulnerability in Ian Sadovy WordPress Tables Plugin (<= 1.3.9) Stored Cross-Site Scripting (XSS) Vulnerability in Klaviyo Plugin <= 3.0.7 CVE-2023-25457 Stored XSS Vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa Plugin <= 2.0.3 Stored XSS Vulnerability in Postsnippets Post Snippets Plugin <= 4.0.2 Authentication Bypass Vulnerability in WP User Switch Plugin CodeSolz Easy Ad Manager Plugin <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in namithjawahar Wp-Insert Plugin <= 2.5.0 Stored Cross-Site Scripting (XSS) Vulnerability in WP htaccess Control Plugin <= 3.5.1 CSRF Vulnerability in Gopi Ramasamy WP Tell a Friend Popup Form Plugin <= 7.1 Stored XSS Vulnerability in StreamWeasels Twitch Player Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy WP Tell a Friend Popup Form Plugin <= 7.1 Unauthenticated Reflected XSS Vulnerability in Mahlamusa Who Hit The Page – Hit Counter Plugin (<= 1.4.14.3) CSRF Vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus Plugin <= 1.3 CSRF Vulnerability in Reservation.Studio Widget Plugin Vulnerability: Unauthorized Data Loss in Feather Login Page Plugin for WordPress CSRF Vulnerability in Anton Skorobogatov Rus-To-Lat Plugin <= 0.3 Unauthenticated Reflected XSS Vulnerability in Webcodin WCP OpenWeather Plugin <= 2.5.0 CSRF Vulnerability in Podlove Podcast Publisher Plugin CSRF Vulnerability in Miro Mannino Flickr Justified Gallery Plugin <= 3.5 CSRF Vulnerability in Csaba Kissi About Me 3000 Widget Plugin CSRF Vulnerability in Smart YouTube PRO Plugin <= 4.3 Unauthenticated Reflected XSS Vulnerability in Ezoic AmpedSense – AdSense Split Tester Plugin (<= 4.68) Stored Cross-Site Scripting (XSS) Vulnerability in Yotuwp Video Gallery Plugin <= 1.3.12 CSRF Vulnerability in Jason Rouet Weather Station Plugin Podlove Subscribe Button Plugin <= 1.3.7 - Authenticated Stored XSS Vulnerability Insecure Direct Object References in RegistrationMagic WordPress Plugin: User-Controlled Access Exploitation CSRF Vulnerability in BoldGrid Post and Page Builder Plugin CSRF Vulnerability in Podlove Subscribe Button Plugin <= 1.3.7 CSRF Vulnerability in Mike Martel WP Tiles Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Easy Coming Soon Plugin <= 2.3 Stored XSS Vulnerability in Simple Yearly Archive Plugin <= 2.1.8 Stored Cross-Site Scripting (XSS) Vulnerability in Bernhard Kux JSON Content Importer Plugin <= 1.3.15 CSRF Vulnerability in Pixelgrade PixTypes Plugin <= 1.4.14 Stored Cross-Site Scripting (XSS) Vulnerability in Duc Bui Quang WP Default Feature Image Plugin <= 1.0.1.1 CSRF Vulnerability in Jeff Sherk Update Theme and Plugins from Zip File Plugin Vulnerability Title: Cross-Site Request Forgery in Feather Login Page WordPress Plugin (Versions 1.0.7 - 1.1.1) Stored XSS Vulnerability in Eric Teubert Archivist – Custom Archive Templates Plugin (<= 1.7.4) Title: Critical Stored XSS Vulnerability in Samuel Marshall JCH Optimize Plugin <= 3.2.2 Format String Injection Vulnerability in XCC Web User Interface API CVE-2023-25493 CVE-2023-25494 LDAP Client Password Disclosure Vulnerability Lenovo Driver Manager Privilege Escalation Vulnerability Information Disclosure Vulnerability in Vaadin Versions 10.0.0 - 24.1.0.beta1 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.13 RPC Response Information Disclosure Vulnerability in Vaadin Server-Side Request Forgery Vulnerability in Apache Superset NVIDIA DGX-1 BMC AMI MegaRAC IPMI Handler Buffer Overflow Vulnerability Preconditioned Heap Access Beyond Buffer in NVIDIA DGX-1's AMI SBIOS Arbitrary Command Injection Vulnerability in NVIDIA DGX-1 BMC's SPX REST API Arbitrary File Upload and Download Vulnerability in NVIDIA DGX-1 BMC Critical Vulnerability in NVIDIA DGX-1 SBIOS Allows Code Execution, DoS, and Privilege Escalation Remote File Inclusion Vulnerability in unilogies/bumsys prior to 2.1.1 NULL Pointer Dereference in cuobjdump: Limited Denial of Service Vulnerability Division-by-Zero Vulnerability in NVIDIA CUDA Toolkit's cuobjdump Vulnerability in NVIDIA CUDA Toolkit: Out-of-Bounds Memory Read in cuobjdump Vulnerability in NVIDIA CUDA Toolkit: Out-of-Bounds Read in cuobjdump Vulnerability in NVIDIA CUDA Toolkit: Out-of-Bounds Read in cuobjdump Vulnerability in NVIDIA GPU Display Driver for Windows and Linux: Potential Code Execution and Data Tampering Integer Overflow Vulnerability in NVIDIA GPU Display Driver for Linux Unauthorized Resource Control Vulnerability in NVIDIA vGPU Software Vulnerability in NVIDIA Jetson CBoot Allows Arbitrary Memory Access Privilege Escalation Vulnerability in NVIDIA ConnectX Host Firmware for BlueField Data Processing Unit CSRF Vulnerability in GitHub Repository unilogies/bumsys prior to 2.1.1 Denial of Service Vulnerability in NVIDIA Jetson Linux Driver Package's nvbootctrl Unauthenticated Privilege Escalation in NVIDIA DGX A100/A800 SBIOS Improper Input Validation in NVIDIA DGX A100/A800 SBIOS Configuration NVIDIA CUDA Toolkit: Denial of Service Vulnerability in nvdisasm Binary Authentication Token Exposure in NVIDIA Omniverse Workstation Launcher Vulnerability in NVIDIA Cumulus Linux Forwarding of VxLAN-Encapsulated IPv6 Packets Vulnerability in NVIDIA Cumulus Linux: Denial of Service via Crafted Packet Injection Vulnerability in NVIDIA DGX H100 BMC Host KVM Daemon Allows Arbitrary Kernel Code Execution and Privilege Escalation NVIDIA DGX H100 BMC Web Server Plugin Stack Overflow Vulnerability Timing-based Session Token Leak in NVIDIA DGX BMC Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository unilogies/bumsys prior to 2.2.0 Vulnerability in NVIDIA DGX H100 BMC KVM Service: Improper Input Validation Critical Vulnerability in NVIDIA DGX H100 BMC IPMI: Credential Protection Insufficiency Insufficient Credential Protection in NVIDIA DGX H100 BMC IPMI Vulnerability: NVIDIA DGX H100 BMC Web UI Input Validation Vulnerability Vulnerability in NVIDIA DGX H100 BMC IPMI: Multiple Security Risks Critical Local Privilege Escalation Vulnerability in Dell SupportAssist Installer (Versions Prior to 3.13.2.19) Certificate Management Vulnerability in Dell PowerScale OneFS 9.4.0.x Out of Bounds Write Vulnerability in Dell PowerEdge 14G and Dell Precision BIOS Dell NetWorker 19.6.1.2 OS Command Injection Vulnerability Arbitrary File Path Manipulation in GitHub Repository unilogies/bumsys prior to 2.2.0 Arbitrary File Overwrite Vulnerability in Dell PowerScale OneFS 9.4.0.x Improper Installation Permissions Vulnerability in Dell Trusted Device Agent Dell Power Manager Privilege Escalation Vulnerability Dell NetWorker Apache Tomcat Version Disclosure Vulnerability Buffer Overflow Vulnerability in Intel(R) Server Board BMC Firmware Title: Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Allows Unauthorized Package Upload and Installation Title: Unauthorized Access to Device Credentials in StruxureWare Data Center Expert (V7.9.2 and prior) Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Unauthenticated Modification of Data in WPCS WordPress Currency Switcher Professional Plugin Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) via Improper Control of Code Generation Cross-Site Scripting (XSS) Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Unauthorized Access and Control Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Cross-site Scripting (XSS) Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) OS Command Injection Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) OS Command Injection Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Vulnerability: Weak Authentication in KNX Installation Improper URL Construction in DataHub Frontend Proxy Allows Request Rerouting (GHSL-2022-076) Unsafe Deserialization in DataHub Frontend with SSO Authentication (GHSL-2022-086) Case-insensitive header name vulnerability in DataHub allows for unauthorized user impersonation (GHSL-2022-079) Vulnerability: Unauthorized Deletion of Custom Currency Switcher in WPCS WordPress Plugin DataHub: Authentication Bypass and System Compromise Vulnerability (GHSL-2022-080) Authentication Bypass Vulnerability in DataHub Authentication Bypass Vulnerability in DataHub (GHSL-2022-083) GSS-NTLMSSP Plugin Out-of-Bounds Read Denial-of-Service Vulnerability Memory Corruption Vulnerability in GSS-NTLMSSP Plugin (CVE-XXXX-XXXX) Incorrect Free in GSS-NTLMSSP Plugin Prior to 1.2.0 Allows Denial of Service Memory Leak Vulnerability in GSS-NTLMSSP Plugin Out-of-Bounds Read Vulnerability in GSS-NTLMSSP Plugin Arbitrary Memory Allocation Vulnerability in Boxo's Bitswap Server Unauthenticated User Role Assignment Vulnerability in Apollo Configuration Management System Unauthenticated Arbitrary Custom Drop-Down Currency Switcher Modification Vulnerability in WPCS WordPress Currency Switcher Professional Plugin Unauthenticated Access to Apollo Configservice and Apollo Adminservice Cross-Site Scripting (XSS) Vulnerability in Backstage Software Catalog Cross-Site Scripting (XSS) Vulnerability in react-admin's `<RichTextField>` Improper Access Control Vulnerability in Metersphere's File Download API Disclosure of Secured Resource Properties in API Platform Core Denial of Service Vulnerability in @fastify/multipart Plugin Denial of Service Vulnerability in Werkzeug's Multipart Form Data Parser Denial of Service (DoS) Vulnerability in Starlite ASGI Framework Path Traversal and Data Overwrite Vulnerability in Nextcloud Server Stored Cross-Site Scripting Vulnerability in WPCS – WordPress Currency Switcher Professional Plugin OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Exploiting VLAN Configuration Management OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Exploiting VLAN Configuration Management Out-of-Bounds Read Vulnerability in Binutils' parse_module Function Uninitialized Field Vulnerability in Binutils Leads to Application Crash and Local Denial of Service Uninitialized Variable Vulnerability in Binutils' bfd_init_section_decompress_status Function Uninitialized Field in Binutils' bfd_mach_o_get_synthetic_symtab Function Leads to Application Crash and Local Denial of Service Arbitrary User Creation Vulnerability in ClearPass Policy Manager ClearPass OnGuard Linux Agent Privilege Escalation Vulnerability ClearPass Policy Manager Web Interface Information Disclosure Vulnerability ClearPass Policy Manager Web Interface Reflected XSS Vulnerability ClearPass Policy Manager Web Interface Reflected XSS Vulnerability ClearPass Policy Manager Web Interface Privilege Escalation Vulnerability ClearPass OnGuard Ubuntu Agent Local Information Disclosure Vulnerability ClearPass Policy Manager: Administrative Privilege Vulnerability Unauthenticated File Download Vulnerability in Mitel MiCollab Mitel MiVoice Connect Conferencing Component Reflected XSS Vulnerability Mitel MiVoice Connect Conferencing Component Reflected XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in jja8 NewBingGoGo up to 2023.5.5.2 (VDB-228167) InsydeH2O EFI Variable Tampering Vulnerability Improper Authentication in Apache DolphinScheduler's Python Gateway Stack-based Buffer Overflow in Fortinet FortiWeb: Unauthorized Code Execution via Crafted Command Arguments Permissive Cross-Domain Policy Vulnerability in Fortinet FortiADC and FortiDDoS Fortinet FortiGuest 1.0.0 Local Attacker Access to Plaintext Passwords in RADIUS Logs Vulnerability Improper Access Control Vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1: Unauthorized Actions via Crafted HTTP Requests Path Traversal Vulnerability in FortiAnalyzer and FortiManager Management Interface OS Command Injection Vulnerability in Fortinet Products Incomplete Filtering of Special Elements Vulnerability in FortiAP-W2, FortiAP-C, FortiAP, and FortiAP-U Server-side Request Forgery (SSRF) Vulnerability in FortiManager and FortiAnalyzer GUI Unauthenticated Modification of Galleries in Gallery Metabox Plugin for WordPress CSV Formula Injection Vulnerability in Fortinet FortiAnalyzer LDAP Injection Vulnerability in Apache Kerby LdapIdentityBackend Unauthenticated Code Injection Vulnerability in SAP NetWeaver AS ABAP (BSP Framework) SAP ABAP Input Sanitization Vulnerability SAP Business Objects Business Intelligence Platform (CMC) Code Injection Vulnerability Remote Command Execution Vulnerability in SAP Business Object (Adaptive Job Server) Denial of Service Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Modbus TCP Denial of Service Vulnerability Unauthenticated Access Vulnerability in Gallery Metabox for WordPress Denial of Service Vulnerability in Controller due to Improper Check for Unusual or Exceptional Conditions Privilege Escalation through i18n Dictionary Manipulation in Apache Sling Cross-Site Request Forgery Vulnerability in WordPress Contact Forms by Cimatti Plugin Vulnerability: Bypassing Browser Unlock Function in Android Mobile Whale Browser App via 'Open in Whale' Feature OS Command Injection in scanservjs prior to v2.27.0 Buffer Overflow Vulnerability in ZTE Mobile Internet Products Command Injection Vulnerability in ZTE Mobile Internet Products Insufficient Validation of Web Interface Parameter in ZTE Mobile Internet Products: Denial of Service Vulnerability ZTE AndroidTV STBs Vulnerability: Unauthorized Access and Data Loss Risk Improper Access Control in ZTE Mobile Phones Allows Unauthorized Monitoring of Touch Events ZTE ZXCLOUD iRAI Weak Folder Permission Vulnerability Allows Privilege Escalation Command Injection Vulnerability in ZTE Mobile Internet Product Cross-Site Scripting (XSS) Vulnerability in SourceCodester Multi Language Hotel Management Software 1.0 Arbitrary File Download Vulnerability in ZXCLOUD iRAI SQL Injection Vulnerability in ZTE Mobile Internet Products Allows for Information Leak Git apply --reject Path Traversal Vulnerability Denial-of-Service (DoS) vulnerability in ECC operations in node-jose prior to version 2.2.0 Remote Code Execution (RCE) Vulnerability in baserCMS Management System File Upload Vulnerability in baserCMS Prior to Version 4.7.5 Excessive Memory Usage Vulnerability in notation-go Remote Code Execution Vulnerability in Nautobot Versions Earlier than 1.5.7 Out of Bounds Read Vulnerability in TensorFlow's GRUBlockCellGrad Stack Out-of-Bounds Read Vulnerability in TensorFlow's DynamicStitch Function Stored Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.1 Null Pointer Dereference in TensorFlow's Print Function Denial of Service Vulnerability in TensorFlow's Convolution3DTranspose Layer Integer Overflow Vulnerability in TensorFlow's EditDistance Null Pointer Dereference Vulnerability in TensorFlow Versions 2.12.0 and 2.11.1 Heap Buffer Overflow in TAvgPoolGrad in TensorFlow versions prior to 2.12.0 and 2.11.1 Null Pointer Error in TensorFlow's SparseSparseMaximum with Invalid Sparse Tensors Inputs Floating Point Exception in AudioSpectrogram: Vulnerability in TensorFlow Versions 2.12.0 and 2.11.1 Integer Overflow Vulnerability in TensorFlow Versions 2.12.0 and 2.11.1 Heap Memory Access Vulnerability in TensorFlow Versions Prior to 2.12.0 and 2.11.1 Floating Point Exception in TensorFlow's AvgPoolGrad Function SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Arbitrary SQL Query Execution Null Point Error in QuantizedMatMulWithBiasAndDequantize with MKL Enabled in TensorFlow Versions Prior to 2.12.0 and 2.11.1 Out-of-Bounds Access Vulnerability in TensorFlow 2.12.0 and 2.11.1 Vulnerability: NPE in tf.raw_ops.LookupTableImportV2 when handling scalars in the values parameter Floating Point Exception in TensorListSplit with XLA in TensorFlow versions prior to 2.12.0 and 2.11.1 Null Pointer Error in RandomShuffle with XLA Enabled in TensorFlow Versions Prior to 2.12.0 and 2.11.1 Segfault vulnerability in TensorFlow's `tf.raw_ops.Bincount` with XLA Null Pointer Dereference Vulnerability in TensorFlow's `tf.raw_ops.ParallelConcat` Reflected Cross-Site Scripting Vulnerability in Photo Gallery by Ays WordPress Plugin Insufficient Credential Protection in IBM Robotic Process Automation 21.0.1 through 21.0.5 CVE-2023-25681 Local Information Disclosure Vulnerability in IBM Sterling B2B Integrator Information Disclosure Vulnerability in IBM PowerVM Hypervisor SQL Injection Vulnerability in IBM Security Guardium Key Lifecycle Manager Clear Text Storage of User Credentials in IBM Security Guardium Key Lifecycle Manager Information Disclosure Vulnerability in IBM Security Guardium Key Lifecycle Manager Directory Traversal Vulnerability in IBM Security Guardium Key Lifecycle Manager Directory Traversal Vulnerability in IBM Security Guardium Key Lifecycle Manager CWE-787: Out-of-Bounds Write Vulnerability in Foxboro.sys Driver HTTP Request Smuggling Vulnerability in Apache HTTP Server versions 2.4.0 through 2.4.55 Unvalidated Input vulnerability in Apache Airflow Google Provider Unvalidated Input vulnerability in Apache Airflow Google Provider Unvalidated Input Vulnerability in Apache Airflow Sqoop Provider Sensitive Information Disclosure in Apache Airflow Unvalidated Input vulnerability in Apache Airflow Hive Provider CSRF Vulnerability in Studio Wombat Shoppable Images Plugin CVE-2023-25699 CWE-129: Improper Validation of Array Index in Foxboro.sys Driver SQL Injection Vulnerability in Themeum Tutor LMS Stored XSS Vulnerability in Fullworks Quick Paypal Payments Plugin Stored XSS Vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Go Prayer WP Prayer Plugin <= 1.9.6 CSRF Vulnerability in Pagup WordPress Robots.Txt Optimization Plugin CSRF Vulnerability in VikBooking Hotel Booking Engine & PMS Plugin CSRF Vulnerability in Rextheme WP VR Plugin CSRF Vulnerability in Plainware Locatoraid Store Locator Plugin Reflected Cross-Site Scripting Vulnerability in Quiz Maker WordPress Plugin Stored XSS Vulnerability in DIGITALBLUE Click to Call or Chat Buttons Plugin <= 1.4.0 Unauthenticated Reflected XSS Vulnerability in WPGlobus Translate Options Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WP-Buddy Google Analytics Opt-Out Plugin <= 2.3.4 Unauthenticated Stored XSS Vulnerability in Fullworks Quick Paypal Payments Plugin (<= 5.7.25) Missing Authorization vulnerability in GamiPress plugin Stored Cross-Site Scripting (XSS) Vulnerability in gqevu6bsiz Announce from the Dashboard Plugin <= 1.5.1 Ruckus Wireless Admin Remote Code Execution Vulnerability Executable File Tampering Vulnerability in ConnectWise Control Reflected Data and Code Injection Vulnerability in ConnectWise Control Reflected Cross-Site Scripting Vulnerability in Survey Maker WordPress Plugin (<= 3.4.7) Proxy Credential Exposure in Veracode Scan Jenkins Plugin Credential-leak vulnerability in Veracode products before 2023-03-27 HTTP Request Smuggling Vulnerability in HAProxy XSS Vulnerability in phpMyAdmin Drag-and-Drop Interface Child iframe URI leakage vulnerability in Firefox, Thunderbird, and Firefox ESR Insecure Permission Prompts for External Schemes in Firefox and Thunderbird Command Injection Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices Infinite Fullscreen Mode Vulnerability URL Query Parameter Overwrite in Firefox < 110 Out-of-Bounds Memory Write Vulnerability in XPCOM Encoding Null Pointer Dereference Vulnerability in gfx::SourceSurfaceSkia::Map() in Firefox < 110 Windows URL Shortcut Remote Path Vulnerability Use-after-free vulnerability in Cross-Compartment Wrappers in Firefox, Thunderbird, and Firefox ESR Invalid Downcast Vulnerability in Firefox < 110 Invalid Downcast Vulnerability in Firefox, Thunderbird, and Firefox ESR Printer Device Driver Validation Bypass in Firefox on Windows Use-after-free vulnerability in ScriptLoadContext Command Injection Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices Remote Path Disclosure and NTLM Credential Leakage in Firefox for Windows (Version < 110) Cross-Origin Image Size Leakage in Firefox < 110 SPKI RSA Public Key Import Vulnerability Firefox Focus Vulnerability: Fullscreen Mode Spoofing via Missing In-App Notification Critical Memory Safety Vulnerabilities in Firefox 109 and Firefox ESR 102.7 Memory Corruption Vulnerability in Firefox < 110: Potential Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Firefox ESR and Thunderbird Use-after-free vulnerability in libaudio fixed in Firefox for Android < 110.1.0 Firefox for Android Long Description Prompt Spoofing Vulnerability Unpatched Vulnerability in Firefox for Android Allows Unauthorized App Launch Stack-based Buffer Overflow Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices ServiceWorker Offline Cache Leakage in Firefox < 111 JIT Code Overwrite Vulnerability in Firefox and Thunderbird Out-of-Bounds Byte Count Vulnerability in Firefox and Thunderbird SSRF Vulnerability in Apache ShenYu 2.5.1 at /sandbox/proxyGateway Endpoint Privilege Context Switching Error in Apache Airflow Memory Buffer Overflow Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01A and Earlier BIOS Firmware Vulnerability in Intel Processors Enables Privilege Escalation via Adjacent Access Privilege Escalation Vulnerability in Intel(R) Unison(TM) Software Vulnerability: Man-in-the-Middle Attack on Onekey Touch and Onekey Mini Devices TripleData Reporting Engine OS Command Injection Vulnerability Vulnerability: Unauthorized Removal of CODEOWNERS Rules and Merging to Protected Branch in GitLab Vulnerability: Unauthorized Password Modification in Tripleplay Platform Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins JUnit Plugin Jenkins Pipeline: Build Step Plugin XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Email Extension Plugin 2.93 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Email Extension Plugin Arbitrary Code Execution Vulnerability in Jenkins Email Extension Plugin Jenkins Azure Credentials Plugin: Enumeration of Credentials IDs Vulnerability Jenkins Azure Credentials Plugin CSRF Vulnerability: Unauthorized Server Connection Unauthenticated Remote Code Execution in Jenkins Azure Credentials Plugin Uncontrolled Resource Consumption in Intel Thunderbolt DCH Drivers: Potential Denial of Service Vulnerability Buffer Overflow Vulnerability in Controller Leads to Denial of Service (DoS) Improper Access Control in Intel(R) NUC BIOS Firmware: Potential Denial of Service via Local Access Denial of Service Vulnerability in Intel(R) Retail Edge Mobile Android Application Privilege Escalation Vulnerability in Intel(R) Unite(R) Hub Software Installer SoftEther VPN 5.02 Denial-of-Service Vulnerability in vpnserver ConnectionAccept() Functionality Improper Access Control in Intel Ethernet Controller RDMA Driver for Linux: Potential Privilege Escalation via Network Access Information Disclosure Vulnerability in Intel(R) Server Board BMC Firmware Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Potential Privilege Escalation via Local Access Uncontrolled Search Path Element Vulnerability in Intel Thunderbolt DCH Drivers for Windows Stored Cross-Site Scripting Vulnerability in Buy Me a Coffee WordPress Plugin Insufficient Authentication Vulnerability in Status PowerBPM Allows Unauthorized User Substitution Sebastian Krysmanski Upload File Type Settings Plugin <= 1.1 Stored XSS Vulnerability Authentication Bypass Vulnerability in Second2none Service Area Postcode Checker Plugin <= 2.0.8 Stored Cross-Site Scripting (XSS) Vulnerability in Alex Moss FireCask Like & Share Button Plugin <= 1.1.5 Stored Cross-Site Scripting (XSS) Vulnerability in Bon Plan Gratos Sticky Ad Bar Plugin CVE-2023-25785 Stored Cross-Site Scripting (XSS) Vulnerability in Thom Stark Eyes Only: User Access Shortcode Plugin <= 1.8.2 Stored Cross-Site Scripting (XSS) Vulnerability in Wbolt team WP资源下载管理 Plugin <= 1.3.9 CSRF Vulnerability in Saphali Saphali Woocommerce Lite Plugin <= 1.8.13 Stored Cross-Site Scripting (XSS) Vulnerability in Tapfiliate Plugin <= 3.0.12 Stored Cross-Site Scripting Vulnerability in InventoryPress WordPress Plugin CVE-2023-25790 XiaoMac WP Open Social Plugin <= 5.0 Authenticated Stored XSS Vulnerability Stored XSS Vulnerability in George Pattihis Link Juice Keeper Plugin <= 2.0.2 Cross-Site Scripting (XSS) Vulnerability in Mighty Digital Nooz Plugin <= 1.6.0 Cross-Site Scripting (XSS) Vulnerability in WP-master.Ir Feed Changer & Remover Plugin <= 0.2 Stored Cross-Site Scripting (XSS) Vulnerability in Include WP BaiDu Submit Plugin <= 1.2.1 Stored XSS Vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Olevmedia Shortcodes Plugin Stored Cross-Site Scripting Vulnerability in AI Engine WordPress Plugin SQL Injection Vulnerability in Themeum Tutor LMS Vulnerability: Improper Parameter Validation in TensorFlow's Fractional Pooling Operations Directory Traversal Vulnerability in Roxy-WI 6.3.6.0 and earlier Directory Traversal Vulnerability in Roxy-WI (Versions prior to 6.3.5.0) Path Traversal Vulnerability in Roxy-WI (Versions prior to 6.3.5.0) Command Injection Vulnerability in versionn Software (CVE-2021-XXXX) Authentication Response Time Discrepancy in OpenSearch Security Plugin DataEase Dashboard Code Execution Vulnerability Vulnerability: Privilege Escalation in rootless runc Persistent XSS Vulnerability in Uptime Kuma Status Page (Versions prior to 1.20.0) Persistent XSS Vulnerability in Uptime Kuma Prior to 1.20.0 Minio Vulnerability: Bypass Governance Retention Allows Incorrect Deletion SQL Injection Vulnerability in Sequelize ORM (Versions prior to 6.19.1) Arbitrary File Read Vulnerability in Metersphere 2.7.0 and earlier Vulnerability: Unauthorized Localization Message Injection in Git for Windows Uncontrolled Resource Consumption in Nextcloud Versions 25.0.0 - 25.0.2 Privilege Escalation Vulnerability in Nextcloud Server Versions 24.0.0 - 24.0.9 Password Reset Token Brute Force Vulnerability in Nextcloud Server Metadata Leakage Vulnerability in Discourse Prototype Pollution XSS Vulnerability in Strikingly CMS Brute Force Password Vulnerability in Nextcloud Server and Nextcloud Enterprise Server Improper Access Control in Nextcloud Versions 24.0.4 and 25.0.0 Unstable Database and Reporting in ReportPortal Due to Exceeded ltree Field Type Indexing Limit Use of Hard-coded Credentials in Gradio's Share Links Denial of Service Vulnerability in Mod_gnutls TLS Module Cross-site Scripting Vulnerability in ZoneMinder Command Injection Vulnerability in OpenTSDB's Legacy HTTP Query API Reflected XSS Vulnerability in OpenTSDB's Legacy HTTP Query API and Logging Endpoint Authenticated Remote Code Execution (RCE) Vulnerability in Pluck CMS Albums Module Unvalidated Redirect Vulnerability in Esri Portal for ArcGIS: Facilitating Phishing Attacks Code Injection Vulnerability in jsreport/jsreport (prior to 3.11.3) Reflected XSS Vulnerability in Esri Portal for ArcGIS Versions 10.9.1, 10.8.1, and 10.7.1 Reflected XSS Vulnerability in Esri Portal for ArcGIS Versions 10.9.1, 10.8.1, and 10.7.1 Cross-Site Request Forgery Vulnerability in Esri Portal for ArcGIS Versions 11.0 and Below HTML Injection Vulnerability in Esri Portal for ArcGIS Versions 11.0 and Below Incomplete User Permission Changes in Portal for ArcGIS 10.9.1 and Below: Potential Unauthorized Content Access Stored Cross-site Scripting Vulnerability in Esri Portal for ArcGIS Enterprise Sites Cross-site Scripting Vulnerability in Esri Portal Sites (Versions 10.8.1 – 10.9) High-Privilege Cross-Site Scripting Vulnerability in Esri ArcGIS Enterprise Sites SQL Injection Vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise SQL Injection Vulnerability in Esri ArcGIS Insights Desktop 2022.1 Stored Cross-Site Scripting Vulnerability in PixelYourSite WordPress Plugin High-Privilege Cross-Site Scripting Vulnerability in ArcGIS Server 10.8.1 – 11.1 Stored Cross-site Scripting Vulnerability in Esri ArcGIS Server Versions 10.8.1 – 11.0 Information Disclosure Vulnerability in ArcGIS Enterprise Server 11.0 and Below Device Authorization Grant Vulnerability in Keycloak Arbitrary Code Execution via Improper Input Validation in Adobe Illustrator Unauthenticated Device Registration Vulnerability in Teltonika Remote Management System Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Arbitrary Code Execution via Improper Input Validation in Adobe Substance 3D Stager Out-of-Bounds Write Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Arbitrary Code Execution via Improper Input Validation in Adobe Substance 3D Stager Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Code Execution Cross-Site Scripting (XSS) Vulnerability in Teltonika Remote Management System Out-of-Bounds Write Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Arbitrary Code Execution Vulnerability in Adobe Dimension 3.4.7 and Earlier Remote Code Execution via Teltonika Remote Management System Cloud Proxy Arbitrary Code Execution Vulnerability in Adobe Dimension Versions 3.4.7 and Earlier Arbitrary Code Execution Vulnerability in Adobe Dimension 3.4.7 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Adobe Dimension Out-of-Bounds Read Vulnerability Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability GitLab EE Vulnerability: Bypassing IP Restrictions on Cloned Repositories Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution GitHub Repository answerdev/answer Prior to Version 1.0.9: Missing Authorization Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Arbitrary Code Execution Vulnerability in Adobe Dimension 3.4.7 and Earlier Adobe Dimension Out-of-Bounds Read Vulnerability Integer Overflow or Wraparound Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Adobe Dimension Out-of-Bounds Read Vulnerability Arbitrary Code Execution Vulnerability in Adobe Dimension Versions 3.4.7 and Earlier Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Arbitrary File Upload Vulnerability in HGiga OAKlouds File Uploading Function Cross-site Scripting (XSS) Vulnerability in GitHub Repository nilsteampassnet/teampass prior to 3.0.7 Remote Code Execution Vulnerability in SIMATIC PCS 7, S7-PM, and STEP 7 V5 OS Command Injection Vulnerability in Danfoss AK-EM100 Web Applications Danfoss AK-EM100 Web Report Generation Vulnerability Exposes Sensitive Information Authentication Flaw Exposes Sensitive Information: Internal IP Addresses, Usernames, and More XML Interface File Retrieval Vulnerability Arbitrary Command Execution Vulnerability SQL Injection Vulnerability in FormCraft WordPress Plugin CVE-2023-25921 CVE-2023-25922 Incorrect Authorization Vulnerability in IBM Security Guardium Key Lifecycle Manager Improper Authorization in IBM Security Guardium Key Lifecycle Manager CVE-2023-25925 CVE-2023-25926 Webseald Process Crash Vulnerability in IBM Security Verify Access 10.0.0 - 10.0.5 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.1 and 11.2 Db2 Server Denial of Service Vulnerability Password Vulnerability in Medtronic's Pelvic Health Clinician Apps on Smart Programmer Device Type Confusion Vulnerability in TypedArray Allows Arbitrary Code Execution in Hermes Improper Verification of Cryptographic Signature in DELL ECS Prior to 3.8.0.2 Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Critical SQL Injection Vulnerability in SourceCodester Food Ordering Management System 1.0 Improper Link Resolution Vulnerability in Dell PowerScale OneFS 9.5.0.0 Elevation of Privilege Vulnerability in Dell PowerScale OneFS Versions 8.2.x-9.5.0.x Uncontrolled Resource Consumption Vulnerability in Dell PowerScale OneFS Versions 8.2.x-9.4.x Uncontrolled Search Path Vulnerability in Intel(R) VCUST Tool Software Vulnerability in Intel(R) OFU Software Allows Privilege Escalation via Local Access Qrio Lock (Q-SL2) Firmware Authentication Bypass Vulnerability Null Pointer Reference Vulnerability in OpenHarmony-v3.1.4 and Prior Versions: Exploiting DoS Attack via Malicious HAP Package Installation Server Configuration Data Exposure Vulnerability Denial of Service Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools Critical SQL Injection Vulnerability in SourceCodester Billing Management System 1.0 (VDB-228397) HTTP Request/Response Smuggling Vulnerability in HAProxy 2.7.0 and 2.6.1-2.6.7: Remote Request Alteration and Potential DoS Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software Denial of Service Vulnerability in Intel(R) Arc(TM) & Iris(R) Xe Graphics Drivers Drive Explorer for macOS: Code Injection Vulnerability Improper Intent Handling in KYOCERA, UTAX/TA, and Olivetti Mobile Print Apps XML External Entity (XXE) Vulnerability in National Land Numerical Information Data Conversion Tool Sensitive Information Disclosure in Error Messages Mendix SAML Authentication Bypass Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Justin Saad Simple Tooltips Plugin <= 2.1.4 Critical SQL Injection Vulnerability in SourceCodester Online Reviewer System 1.0 (CVE-2021-XXXX) SQL Injection Vulnerability in Zendrop – Global Dropshipping Unauthenticated Reflected XSS Vulnerability in Catch Themes Darcie Theme <= 1.1.5 Biplob Adhikari Accordion Plugin <= 2.3.0 - Stored XSS Vulnerability Stored XSS Vulnerability in JoomSky JS Job Manager Plugin <= 2.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in Design Extreme We’re Open! Plugin <= 1.46 CVE-2023-25965 CSRF Vulnerability in PeepSo Community Plugin CSRF Vulnerability in Cozmoslabs Client Portal Plugin Buffer Overflow Vulnerability in Eclipse Openj9 Unrestricted File Upload Vulnerability in Zendrop Zendrop – Global Dropshipping FixBD Educare Plugin <= 1.4.1 - Cross-Site Request Forgery (CSRF) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in IKSWEB WordPress Старт Plugin <= 3.7 CSRF Vulnerability in Lucian Apostol Auto Affiliate Links Plugin Stored XSS Vulnerability in Psicosi448 WP2Syslog Plugin <= 1.0.5 CSRF Vulnerability in Frédéric Sheedy Etsy Shop Plugin <= 3.0.3 CSRF Vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin Plugin Stored XSS Vulnerability in 9seeds.Com CPT – Speakers Plugin <= 1.1 Stored Cross-Site Scripting (XSS) Vulnerability in Nate Reist Protected Posts Logout Button Plugin <= 1.4.5 Stored Cross-Site Scripting (XSS) Vulnerability in Video Gallery by Total-Soft Video Gallery Plugin <= 1.7.6 Linux Kernel Local Privilege Escalation via io_uring Buffer Registration Flaw CSRF Vulnerability in CAGE Web Design Plugin Stored Cross-Site Scripting (XSS) Vulnerability in ThemeKraft Post Form Plugin <= 2.8.1 Stored Cross-Site Scripting (XSS) Vulnerability in Eirudo Simple YouTube Responsive Plugin <= 2.5 CSV Injection vulnerability in WPOmnia KB Support Stored Cross-Site Scripting (XSS) Vulnerability in Rigorous & Factory Pattern Dovetail Plugin <= 1.2.13 CSRF Vulnerability in WordPress Tooltips Plugin CSRF Vulnerability in WattIsIt PayGreen Plugin CSRF Vulnerability in Aleksandar Urošević's YouTube Channel Plugin CSRF Vulnerability in Multiple Meks Plugins Allowing Popup Dismissal Active Directory Integration Plugin for WordPress: Cross-Site Request Forgery and Time-Based SQL Injection Vulnerability SQL Injection Vulnerability in Themeum Tutor LMS RegistrationMagic Plugin CSRF Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in CreativeMindsSolutions CM Answers Plugin <= 3.1.9 CSRF Vulnerability in Alex Benfica Publish to Schedule Plugin <= 4.4.2 Stored Cross-Site Scripting Vulnerability in Custom Base Terms WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ajay D'Souza Top 10 – Popular Posts Plugin for WordPress Plugin <= 3.2.4 SQL Injection Vulnerability in wpbrutalai WordPress Plugin Stored XSS Vulnerability in WPMobile.App Plugin <= 11.18 Versions CSRF Vulnerability in Tim Eckel Read More Excerpt Link Plugin <= 1.6 Stored XSS Vulnerability in Denzel Chia | Phire Design Custom Login Page Plugin <= 2.0 Stored Cross-Site Scripting (XSS) Vulnerability in WPChill Strong Testimonials Plugin <= 3.0.2 CSRF Vulnerability in Tim Eckel Minify HTML Plugin <= 2.1.7 SQL Injection Vulnerability in MapPress Maps for WordPress Stored XSS Vulnerability in Tauhidul Alam Simple Portfolio Gallery Plugin <= 0.1 BlueGlass Jobs for WordPress Plugin <= 2.5.10.2 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Memory Exhaustion Vulnerability in libcap's pthread_create() Function SQL Injection Vulnerability in Crafter Studio Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Sensitive Information Exposure in Planning Analytics Cartridge for Cloud Pak for Data 4.0 Logs Insecure Network Communication Vulnerability in IBM Planning Analytics on Cloud Pak for Data 4.0 Sensitive Information Exposure in Planning Analytics Cartridge for Cloud Pak for Data 4.0 Logs Integer Overflow Vulnerability in libcap_strdup() Function Vulnerability: Privilege Escalation in Apache Hadoop Container-Executor Binary SQL Injection via Malicious JWT Token in ZoneMinder SQL Injection Vulnerability in Gentoo Soko Leads to Denial of Service SQL Injection vulnerability in ZoneMinder allows for unauthorized data access and remote code execution Unauthenticated Remote Code Execution via Missing Authorization in ZoneMinder Local File Inclusion (Untrusted Search Path) Vulnerability in ZoneMinder SQL Injection Vulnerability in ZoneMinder Local File Inclusion (Untrusted Search Path) Vulnerability in ZoneMinder OS Command Injection in ZoneMinder versions prior to 1.36.33 and 1.37.33 via daemonControl() Reflected Cross-Site Scripting Vulnerability in Team Circle Image Slider With Lightbox WordPress Plugin (Versions up to 1.0.17) Cross-Site Scripting Vulnerability in Discourse 3.1.0.beta2 - 3.1.0.beta3 Unexpired Messages Disclosure Vulnerability in Nextcloud Talk Arbitrary HTML Injection Vulnerability in Part-DB XML External Entity (XXE) Injection in GeoNode's Style Upload Functionality Allows Arbitrary File Read DoS vulnerability in ReactPHP's HTTP server component Arbitrary Code Execution via Path Traversal in NodeBB teler-waf HTML Entities Bypass Vulnerability teler-waf v0.2.0 Bypass Attack Vulnerability Jetty Multipart Request OutOfMemoryError Vulnerability Jetty Nonstandard Cookie Parsing Vulnerability Reflected Cross-Site Scripting Vulnerability in wpbrutalai WordPress Plugin Sensitive Information Exposure in Saleor GraphQL API Unauthenticated API Error Message Disclosure in Saleor Vulnerability: Collision Attack on Long IDs for PGP Keys in Gradle Dependency Verification Credentials Leakage in BuildKit when Building from Git URLs Code Injection Vulnerability in XWiki Commons User Impersonation Vulnerability in XWiki Platform XXE Vulnerability in Nokia NetAct Configuration Dashboard XXE Vulnerability in Nokia NetAct Performance Manager Stored XSS Vulnerability in Nokia NetAct Site Configuration Tool Stored Cross-Site Scripting Vulnerability in WP Brutal AI WordPress Plugin Client-side Template Injection Vulnerability in Nokia NetAct Cross-Site Scripting (XSS) Vulnerability in Nokia NetAct Nokia Web Element Manager Vulnerability: Unauthorized Administrative Access from Internal BTS Management Network Incompatible Type Vulnerability in Lexmark Devices Lexmark Devices: Out-of-bounds Write Vulnerability Lexmark Devices Integer Overflow Vulnerability Lexmark Devices Vulnerability: Improper Validation of Array Index Input Validation Vulnerability in Lexmark Devices Lexmark Devices Input Validation Vulnerability Lexmark Devices Input Validation Vulnerability Time-Based SQL Injection Vulnerability in Multiple Page Generator Plugin for WordPress Lexmark Devices Input Validation Vulnerability Observable Response Discrepancy Vulnerability in MCUBO ICT 10.12.4 Heap-based Buffer Overflow in 5G MM Message Codec: Emergency Number List Decoding Vulnerability Heap-based Buffer Overflow in 5G MM Message Codec: Insufficient Parameter Validation in Decoding Extended Emergency Number List Heap-based Buffer Overflow in 5G MM Message Codec Intra-Object Overflow in 5G MM Message Codec: Insufficient Parameter Validation in Service Area List Decoding Intra-Object Overflow in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos: Insufficient Parameter Validation in 5G SM Message Codec Insecure Permissions Vulnerability in Atera Agent on Windows Atera Agent 1.8.4.4 and Prior Privilege Escalation Vulnerability Multiple Page Generator Plugin for WordPress: Cross-Site Request Forgery and Time-Based SQL Injection Vulnerability Autofill Vulnerability in Epiphany (GNOME Web) Allows Password Exfiltration GPU Kernel Driver Memory Leak Vulnerability Improper Initialization in armv8_dec_aes_gcm_full() API Leads to Man-in-the-Middle Attack Improper Length Check in Arm NN Android-NN-Driver: Out-of-Bounds Read and Write Vulnerability Arbitrary File Deletion and Privilege Escalation Vulnerability in Malwarebytes (before 4.5.23) Authentication Bypass in European Chemicals Agency IUCLID 6.x NULL Pointer Dereference Vulnerability in vim/vim Cross-Site Scripting (XSS) Vulnerability in TYPO3 frp_form_answers Extension Server-side Template Injection in Liima before 1.17.28 HQL Injection Vulnerability in Liima before 1.17.28 Crash Vulnerability in ASQ Analysis of Crafted SIP Packets in Stormshield Network Security (SNS) Unrestricted Unauthorized Actions Vulnerability in Telindus Apsal 3.14.2022.235 b Arbitrary Code Execution Vulnerability in Telindus Apsal 3.14.2022.235 b Open Document Feature Insecure Consultation Permission in Telindus Apsal 3.14.2022.235 b Integer Overflow or Wraparound in Vim prior to 9.0.1532 Reflected XSS Vulnerability in Flowmon before 12.2.0 Flowmon Packet Investigator Path Traversal Vulnerability Prototype Pollution in rangy-core.js extend() function Regular Expression Denial of Service (ReDoS) in deno before 1.31.0 Denial of Service (DoS) Vulnerability in lite-web-server Package Prototype Pollution via the _mix function in all versions of the package utilities Prototype Pollution in dot-lens package via set() function in index.js Arbitrary Code Injection Vulnerability in sketchsvg Package Information Exposure via StreamableFile Pipe Buffer Overflow Vulnerability in node-bluetooth-serial-port Package's findSerialPortChannel Method Hidden Root-Level User with Unchangeable Password in Advantech R-SeeNet 2.4.22 Buffer Overflow Vulnerability in node-bluetooth's findSerialPortChannel Method Directory Traversal Vulnerability in @nubosoftware/node-static Vulnerability: Regular Expression Denial of Service (ReDoS) in configobj package's validate function Prototype Pollution in Collection.js before 6.8.1 via extend function in extend.js Missing Origin Validation in WebSockets Handshakes in code-server Regular Expression Denial of Service (ReDoS) vulnerability in word-wrap package Regular Expression Denial of Service (ReDoS) in angular.copy() Utility Function Angular $resource Service Regular Expression Denial of Service (ReDoS) Vulnerability Angular 1.4.9: Regular Expression Denial of Service (ReDoS) Vulnerability in <input type=url> Element Remote Code Execution (RCE) Vulnerability in net.sourceforge.htmlunit:htmlunit Versions 0 to 3.0.0 via XSTL Race Condition in Shiftfs File System Leads to Kernel Deadlock HTML Injection Vulnerability in com.xuxueli:xxl-job Prototype Pollution in safe-eval's safeEval Function Sandbox Bypass and Remote Code Execution Vulnerability in safe-eval Package Cross-site Scripting (XSS) vulnerability in raysan5/raylib before 4.5.0 when compiled for PLATFORM_WEB Improper Input Validation in github.com/gin-gonic/gin before 1.9.0 allows cache poisoning via X-Forwarded-Prefix header Directory Traversal Vulnerability in m.static Package Command Injection Vulnerability in n158 Package Command Injection Vulnerability in keep-module-latest Package Command Injection Vulnerability in bwm-ng Package CRLF Injection in yhirose/cpp-httplib before 0.12.4 Cross-site Scripting (XSS) Vulnerability in Algernon Engine and Themes Prototype Pollution in dottie package (versions before 2.0.4) via set() function and current variable in dottie.js Prototype Pollution in progressbar.js via extend() function in utils.js Command Injection in git-commit-info Package Prototype Pollution in flatnest's nest() function Prototype Pollution in tough-cookie package before 4.1.3 due to improper handling of Cookies in rejectPublicSuffixes=false mode HTTP Response Splitting Vulnerability in drogonframework/drogon CRLF Injection Vulnerability in drogonframework/drogon Package Prototype Pollution in underscore-keypath's setProperty() function via name argument DOM-based Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Cross-site Scripting (XSS) Vulnerability in @excalidraw/excalidraw Package Denial of Service (DoS) Vulnerability in sidekiq Versions before 7.1.3 HTTP Response Splitting Vulnerability in crow Package Arbitrary Argument Injection in blamer's blameByFile() API GraphQL Package Denial of Service (DoS) Vulnerability in OverlappingFieldsCanBeMergedRule.ts Command Injection Vulnerability in pydash.objects.invoke() Cross-site Scripting (XSS) Vulnerability in ithewei/libhv HTTP Response Splitting Vulnerability in ithewei/libhv CRLF Injection Vulnerability in ithewei/libhv Package Cross-site Scripting (XSS) vulnerability in quill-mention before 4.0.0 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Improper Authentication in asyncua Package Versions Before 0.9.96 Denial of Service (DoS) Vulnerability in asyncua Package Versions before 0.9.96 Directory Traversal Vulnerability in static-server Package Command Injection Vulnerability in geokit-rails before 2.5.0 Insufficient Entropy in AES-256-CBC Key Generation Command Injection Vulnerability in node-qpdf Package Command Injection Vulnerability in chromedriver Out-of-Bounds Read Vulnerability in libredwg before 0.12.5.6384 Vulnerability: Prototype Pollution in mockjs package via Util.extend function Improper Input Validation in follow-redirects Package Allows for URL Manipulation and Redirection Cross-site Scripting (XSS) Vulnerability in pimcore/pimcore GitHub Repository Null Pointer Dereference in OpenCV wechat_qrcode Module (CVE-2021-XXXX) OpenCV wechat_qrcode Module Memory Leak Vulnerability Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Webhook URL Manipulation Vulnerability in GitLab CE/EE Hard-coded Credentials Vulnerability in FortiNAC-F and FortiNAC Versions Plaintext Password Storage Vulnerability in FortiSIEM Privilege Escalation Vulnerability in FortiADC Automation Feature Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiNAC Sensitive Information Exposure via Log Files in Fortinet FortiOS and FortiProxy Excessive Authentication Attempts Vulnerability in Fortinet FortiAuthenticator 6.4.x and Earlier Excessive Authentication Attempts Vulnerability in Fortinet FortiDeceptor 3.1.x and Earlier Arbitrary File Write Vulnerability in McFeeder Server OS Command Injection in Fortinet FortiADCManager and FortiADC OS Command Injection Vulnerability in Barracuda CloudGen WAN Private Edge Gateway Devices Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO BusinessConnect UI Component TIBCO EBX Add-ons Server Component File Read Vulnerability File Upload Vulnerability in TIBCO EBX Add-ons Server Component Arbitrary SQL Execution Vulnerability in TIBCO EBX Add-ons TIBCO Nimbus Web Client Reflected XSS Vulnerability Hawk Console and Agent Log Credential Disclosure Vulnerability Unauthorized File Access via InspectSetup RPC Endpoint Stored Cross Site Scripting (XSS) Vulnerability in Spotfire Library Component Spotfire Connectors Component Vulnerability: Crafted Analyst File Exploit Stored XSS Vulnerability in TIBCO EBX and TIBCO Product and Service Catalog Information Disclosure Vulnerability in KiviCare WordPress Plugin Deserialization Vulnerability in JD-GUI 1.6.6 via UIMainWindowPreferencesProvider.singleInstance Cross-Site Scripting (XSS) Vulnerability in JD-GUI 1.6.6 via InterProcessCommunicationUtil.java Local Privilege Escalation Vulnerability in WatchGuard EPDR 8.0.21.0002 Bypassing Defensive Capabilities in WatchGuard EPDR 8.0.21.0002 via Registry Key Addition Vulnerability: Unauthorized Control of Defensive Capabilities in WatchGuard EPDR 8.0.21.0002 Weak Password Check Vulnerability in WatchGuard EPDR 8.0.21.0002 Reflected Cross-Site Scripting Vulnerability in KiviCare WordPress Plugin Integer Overflow in afu_mmio_region_get_by_offset Information Leak in Hyundai Gen5W_L In-Vehicle Infotainment System Allows Unauthorized Firmware Modification and Remote Control Vulnerability: Digital Signature Bypass in Hyundai Gen5W_L Infotainment System Vulnerability: Unauthorized Firmware Installation in Hyundai Gen5W_L In-Vehicle Infotainment System Vulnerability: Digital Signature Bypass in Hyundai Gen5W_L In-Vehicle Infotainment System Amplification and Denial of Service Vulnerability in Knot Resolver before 5.6.0 Command Injection Vulnerability in CoreTec 4 Web User Interface Gluster GlusterFS 11.0: Stack-Based Buffer Over-read in fuse-bridge.c Unauthenticated Path Traversal Vulnerability in STAGIL Navigation for Jira - Menu & Themes Plugin Unauthenticated Path Traversal Vulnerability in STAGIL Navigation for Jira - Menu & Themes Plugin Memory Leak in dlt-daemon through 2.18.8 Authentication Bypass Vulnerability in Arcserve UDP 9.0.6034 OpenThread Border Router Authentication Bypass Vulnerability Session Hijacking Vulnerability in OXID eShop 6.2.x and 6.5.x Blind XPath Injection Vulnerability in UBIKA WAAP Gateway/Cloud 6.10 Unrestricted Language File Upload Vulnerability in Sitecore XP/XM 10.3 XML External Entity (XXE) Vulnerability in Talend Data Catalog XML External Entity (XXE) Vulnerability in Talend Data Catalog Insufficient Sanitization of Path Arguments in Borg Theme for Backdrop CMS CmpLog Component Code Execution Vulnerability in AFL++ 4.05c Arbitrary File Read Vulnerability in php-saml-sp Shared Mutable Environment Vulnerability in Apache CouchDB Design Documents Unauthenticated JMX Management Service in Apache James Server 3.7.3 and Earlier Arbitrary User Addition and Settings Manipulation in KiviCare WordPress Plugin Arbitrary Code Execution via Angular Template Injection in IBM Guardium Cloud Key Manager (GCKM) 1.10.3 Inadequate Account Lockout Setting in IBM Guardium Cloud Key Manager (GCKM) 1.10.3 Sensitive Information Disclosure in IBM Guardium Cloud Key Manager (GCKM) 1.10.3 Hazardous Input Validation Vulnerability in IBM QRadar SIEM 7.5.0 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.5.0 Weak Cryptographic Algorithms in IBM QRadar SIEM 7.5.0: A Potential Threat to Sensitive Data Privilege Escalation Vulnerability in IBM QRadar WinCollect Agent 10.0 - 10.1.3 Elevation of Privileges Vulnerability in IBM QRadar WinCollect Agent 10.0 through 10.1.3 Improper Encoding Vulnerability in IBM QRadar WinCollect Agent 10.0 through 10.1.7 CSRF Vulnerability in KiviCare WordPress Plugin Allows Unauthorized Actions Denial of Service Vulnerability in IBM HTTP Server 8.5 CVE-2023-26282 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 9.0 Improper Access Controls in IBM MQ Certified Container 9.3.0.1-9.3.0.3 and 9.3.1.0-9.3.1.1 IBM MQ 9.2 and 9.3 Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in IBM AIX Runtime Services Library CSV Injection Vulnerability in pimcore/customer-data-framework prior to 3.3.9 Cross-site Scripting (XSS) Vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal and Web Security Portal Cross-site Scripting (XSS) Vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal and Web Security Portal Cross-site Scripting (XSS) Vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal and Web Security Portal Arbitrary Code Execution via Path Traversal in TIA Portal HP Device Manager Command Injection and Privilege Escalation Vulnerability HP Device Manager Command Injection and Privilege Escalation Vulnerability HP Device Manager Command Injection and Privilege Escalation Vulnerability HP Device Manager Command Injection and Privilege Escalation Vulnerability HP Device Manager Command Injection and Privilege Escalation Vulnerability TOCTOU Vulnerability in HP PC Products with AMI UEFI Firmware: Arbitrary Code Execution Risk Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 HP PC BIOS Vulnerability: Privilege Escalation Risk HP LaserJet Pro Print Products Vulnerable to Elevation of Privilege and Information Disclosure Command Line Interface Denial of Service Vulnerability in markdown-it-py (before v2.2.0) Null Assertion Denial of Service Vulnerability in markdown-it-py (before v2.2.0) Critical Remote Code Execution Vulnerability in OnePlus Store App's WebView Component Unauthenticated Remote URL Connection Vulnerability in Jenkins Code Dx Plugin Command Injection Vulnerability in Outdated Mobile Phone Backup App OPPO Store App: Critical Remote Code Execution Vulnerability in Webview Component Arbitrary Code Execution Vulnerability in Mono Package Xiaomi Cloud Service Application XSS Vulnerability Xiaomi Router Command Injection Vulnerability: Remote Code Execution and Device Compromise Classic Buffer Overflow Vulnerability in Xiaomi Router Allows Overflow Buffers Command Injection Vulnerability in Xiaomi Xiaomi Router Unencrypted Storage of Code Dx Server API Keys in Jenkins Code Dx Plugin Command Injection Vulnerability in Xiaomi Xiaomi Router Authenticated SQL Injection Vulnerability in ReviewX WordPress Plugin's 'rx_export_review' Action Unauthenticated Insecure Deserialization Vulnerability in BuddyForms WordPress Plugin Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Arbitrary Code Execution Vulnerability in Adobe Dimension Versions 3.4.7 and Earlier Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Code Dx Plugin for Jenkins Exposes API Keys on Configuration Form Arbitrary Code Execution Vulnerability in Adobe Dimension Versions 3.4.7 and Earlier Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Access of Uninitialized Pointer Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Stack-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Stored Cross-Site Scripting Vulnerability in Get your number WordPress Plugin Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Dimension Access of Uninitialized Pointer Vulnerability Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Improper Access Control Vulnerability in Adobe ColdFusion Allows Unauthenticated Administration Endpoint Access Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Use After Free Vulnerability in Adobe Dimension Allows Memory Disclosure Stored Cross-Site Scripting Vulnerability in Call Now Accessibility Button WordPress Plugin Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Untrusted Search Path Vulnerability in Adobe Creative Cloud 5.9.1 and Earlier Deserialization of Untrusted Data Vulnerability in Adobe ColdFusion: Arbitrary Code Execution SQL Injection Vulnerability in AN_GradeBook WordPress Plugin Arbitrary Code Execution Vulnerability in Adobe ColdFusion Versions 2018 Update 15 and 2021 Update 5 Adobe ColdFusion Path Traversal Vulnerability Allows Arbitrary File System Read Improper Input Validation Vulnerability in @adobe/css-tools (<=4.3.0) Allows for Denial of Service Arbitrary File System Read Vulnerability in Adobe Commerce Arbitrary File System Read Vulnerability in Adobe Commerce Out-of-Bounds Read Vulnerability in Adobe InCopy: Remote Code Execution Out-of-Bounds Write Vulnerability in Acrobat Reader Versions 23.003.20284 and Earlier Privilege Escalation via Hard-Coded Cryptographic Key in Rockwell Automation's FactoryTalk System Services Adobe Photoshop Uninitialized Pointer Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Write Vulnerability in Adobe Dimension 3.4.8 and Earlier Out-of-Bounds Write Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability FactoryTalk System Services Vulnerability: Unauthorized Loading of Malicious Backup Archives Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Stack-based Buffer Overflow in Adobe Substance 3D Stager v2.0.1 and earlier Use After Free Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Access of Uninitialized Pointer Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Access of Uninitialized Pointer Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Arbitrary Code Execution via Improper Input Validation in Adobe Substance 3D Stager Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Unauthenticated Remote Access to FactoryTalk Policy Manager in Rockwell Automation's FactoryTalk System Services Stack-based Buffer Overflow in Adobe Substance 3D Stager v2.0.1 and Earlier Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Use After Free Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager v2.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Adobe Acrobat Reader Privilege Escalation via Creation of Temporary File Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Designer Privileged Extended Attributes Vulnerability in Ubuntu Kernels Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Adobe Dimension Out-of-Bounds Read Vulnerability Arbitrary Code Execution via Improper Input Validation in Adobe Acrobat Reader Arbitrary Code Execution via Improper Access Control in Adobe Acrobat Reader Arbitrary Code Execution via Improper Input Validation in Adobe Acrobat Reader Arbitrary Code Execution via Improper Access Control in Adobe Acrobat Reader Out-of-Bounds Read Vulnerability in Adobe Substance 3D Designer 12.4.0 and Earlier SQL Injection Vulnerability in SourceCodester Online Internship Management System 1.0 Use After Free Vulnerability in Adobe Substance 3D Designer Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Designer 12.4.0 and Earlier Stack-based Buffer Overflow Vulnerability in Adobe Substance 3D Designer v12.4.0 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Designer v12.4.0 and Earlier Use After Free Vulnerability in Adobe Substance 3D Designer Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Substance 3D Designer Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Designer v12.4.0 and Earlier Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Critical SQL Injection Vulnerability in SourceCodester Online Exam System 1.0 Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Integer Underflow or Wraparound vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Insecure Default Permissions in noreply.properties File Arbitrary Snippet ID Request Vulnerability Control Character Injection in User Feedback Export Critical SQL Injection Vulnerability in SourceCodester File Tracker Manager System 1.0 Arbitrary Control Character Injection in SIEVE Mail-Filter Rules Bypassing Deny-list Functionality via IPv4-mapped IPv6 Addresses SMTP Response Length/Size Limitation Vulnerability IMAP Server Response Length/Size Limitation Vulnerability POP3 Response Length/Size Limitation Vulnerability Local File Inclusion and Network Discovery Vulnerability in LibreOffice Deserialization Vulnerability in documentconverterws API PowerDNS Recursor Denial of Service Vulnerability: Authoritative Servers Marked Unavailable TOCTOU Vulnerability in JDK DNS Cache Allows Bypassing Network Deny-lists SQL Injection Vulnerability in Cacheservice API Unquoted Search Path Vulnerability in DigitalPersona FPSensor 1.0.0.1 SQL Injection Vulnerability in Cacheservice API Path Traversal Vulnerability in Cacheservice Allows Unauthorized Access to Local File System Resources Server-side Request Forgery Vulnerability in Cacheservice with sproxyd Object-Storage Backend SQL Injection via Full-Text Autocomplete Search User-controllable jslob settings in frontend themes can lead to session hijacking and unwanted actions via the web interface and API Unsanitized ClientID Parameter Allows for DOM-Based Script Injection Unsanitized User-Controllable jslob in Upsell Widget Allows for Execution of Malicious Script Code Unsanitized Custom Log-in and Log-out Locations Vulnerability Unspecified Media-Type Vulnerability in OX Chat Web Service Hard-coded Password Vulnerability in USR-G806 1.0.41 Web Management Page Unspecified Media-Type Vulnerability in OX Count Web Service Insufficient Randomness in oAuth Authorization Tokens ImageConverter Service SQL Injection Vulnerability ImageCache SQL Injection Vulnerability SQL Injection Vulnerability in Image Metadata Fetching Unauthenticated RMI Access to Modify Calendar Items Arbitrary Product Name Cross-Site Scripting Vulnerability in OX Guard SAP Content Server 7.53 XSS Vulnerability Privilege Escalation and Information Disclosure Vulnerability in SAP Landscape Management Improper Input Controls in SAP NetWeaver AS for ABAP and ABAP Platform: Low Impact Information Disclosure Vulnerability Local Denial of Service Vulnerability in TP-Link Archer C7v2 v2_en_us_180114 Unauthenticated Access to Functionality in SAP NetWeaver Application Server for Java - version 7.50 XML Parser Access Vulnerability in SAP NetWeaver (SAP Enterprise Portal) - Version 7.50 Insecure Storage of Hard-Coded Service Credentials in ThingsBoard 3.4.1 Remote Code Execution Vulnerability in strongSwan 5.9.8 and 5.9.9 Log4j Denial of Service Vulnerability XSS Vulnerability in Pega Platform Versions 7.2 to 8.8.1 Unauthorized Server URL Modification Vulnerability Compromised Configuration Enables Man-in-the-Middle Attack Insecure API Key Creation in Cerebrate 1.12 Path Traversal Vulnerability in Jorani 1.0.0 Allows Unauthorized File Access and Code Execution Critical Command Injection Vulnerability in Weaver E-Office 9.5 Denial of Service Vulnerability in XWiki Platform XWiki Platform Async Macro Execution Vulnerability Arbitrary Code Execution via IconThemeSheet in XWiki Platform Arbitrary Database Access Vulnerability in XWiki Platform Arbitrary Code Execution Vulnerability in XWiki Platform Unrestricted Execution of Content in XWiki Platform Annotation Displayer (CVE-2021-40847) Information Disclosure Vulnerability in XWiki Platform Arbitrary Wiki Syntax Injection Vulnerability in XWiki Platform Insecure Exposure of XWikiAttachment Class in XWiki Platform Stack Overflow Vulnerability in XWiki Platform Critical Unrestricted Upload Vulnerability in Weaver E-Office 9.5 Stored Cross-Site Scripting Vulnerability in XWiki Platform 12.10 Insufficient Access Check in Authentik Identity Provider Allows Arbitrary User Password Reset Unrestricted Workflow Execution in Nextcloud Server Denial of Service Vulnerability in gosaml2 Library Privilege Escalation via virt-handler Service Account in KubeVirt Polynomial Time Complexity Issue in cmark-gfm Leading to Denial of Service Arbitrary JavaScript Execution via Vega Scale Expression Function Unsanitized Input in `lassoAppend` Function Allows for XSS Attacks Vulnerability: Batch Minting Overflow in ERC721Consecutive Contract Address Calculation Bug in Wasmtime's Cranelift Code Generator: Potential Unauthorized Memory Access Critical Command Injection Vulnerability in Tenda AC23 16.03.07.45_cn Shell command injection vulnerability in mailcow's Sync Job feature XSS Vulnerability in RSSHub's URL Parameter Handling Server-Side Request Forgery (SSRF) Vulnerability in Directus Command Injection Vulnerability in Cocos Engine's web-interface-check.yml Open Redirect Vulnerability in LoRaWAN-Stack Server Login Page Arbitrary Code Execution via Object Reuse in Open Design Alliance Drawings SDK Memory Corruption Vulnerability in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124 Memory Corruption Vulnerability in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125 Memory Corruption Vulnerability in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126 Denial of Service Vulnerability in OpenSSL's ASN.1 Object Identifier Processing Remote Denial of Service Vulnerability in AnyDesk 7.0.8 Authorization Bypass in Ghost 5.35.0: Contributors Can View Other Users' Draft Posts Hard Coded Admin Credentials Vulnerability in Propius MachineSelector 6.6.0 and 6.6.1 Deserialization Vulnerability in Apache EventMesh (incubating) RabbitMQ Connector Plugin Excessive Iteration Vulnerability in Apache Sling Resource Merger CSRF Vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ko Takagi Simple Slug Translate Plugin <= 2.7.2 CSRF Vulnerability in WPIndeed Debug Assistant Plugin <= 1.4 Stored XSS Vulnerability in Jeff Starr Dashboard Widgets Suite Plugin CSRF Vulnerability in AccessPress Themes WP TFeed Plugin <= 1.6.9 Stored Cross-Site Scripting (XSS) Vulnerability in Alex Benfica Publish to Schedule Plugin <= 4.5.4 Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 CSRF Vulnerability in ExpressTech Quiz And Survey Master Plugin SQL Injection Vulnerability in Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy Stored Cross-Site Scripting (XSS) Vulnerability in WPIndeed Debug Assistant Plugin <= 1.4 Stored XSS Vulnerability in Shipyaari Shipping Management Plugin Stored Cross-Site Scripting (XSS) Vulnerability in DupeOff.Com DupeOff Plugin <= 1.6 Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 (VDB-228781) Unauthenticated Reflected XSS Vulnerability in Paul Kehrer Updraft Plugin <= 0.6.1 CSRF Vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? Plugin <= 4.2.7 Versions CSRF Vulnerability in AccessPress Themes Social Auto Poster Plugin Unauthorized Access to Sensitive Data in Gesundheit Bewegt GmbH Zippy Stored XSS Vulnerability in OneWebsite WP Repost Plugin <= 0.1 CSRF Vulnerability in WPPOOL Sheets To WP Table Live Sync Plugin Cross-Site Scripting (XSS) Vulnerability in Jonk @ Follow me Darling Spotify Play Button for WordPress Plugin <= 2.05 Stored Cross-Site Scripting (XSS) Vulnerability in nicolly WP No External Links Plugin <= 1.0.2 Stored XSS Vulnerability in Kamyabsoft Chat Bee Plugin <= 1.1.0 Max Chirkov Advanced Text Widget Plugin <= 2.1.2 - Authenticated Stored XSS Vulnerability Reflected Cross-Site Scripting Vulnerability in Conditional Menus WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Alexander Suess asMember Plugin <= 1.5.4 CSRF Vulnerability in Exeebit phpinfo() WP Plugin <= 4.0 CSRF Vulnerability in WP Meteor Website Speed Optimization Addon Plugin Use-after-free vulnerability in run_unpack in Linux kernel 6.0.8 Double Free Vulnerability in Linux Kernel's af_mpls.c Server Side Template Injection (SSTI) Vulnerability in European Chemicals Agency IUCLID before 6.27.6 Serialization/Deserialization Mismatch Vulnerability in InputMethod Module: Potential Privilege Escalation Serialization/Deserialization Vulnerability in pgmng Module: Impact on Availability SystemUI Module Vulnerability: Repeated App Restart and Confidentiality Impact SQL Injection Vulnerability in Contact Form by WD WordPress Plugin SQL Injection Vulnerability in BMC Control-M (Version < 9.0.20.214) Allows Arbitrary SQL Command Execution Out-of-Bounds Write Vulnerability in libntp/mstolfp.c in NTP 4.2.8p15 Out-of-Bounds Write Vulnerability in libntp/mstolfp.c in NTP 4.2.8p15 Out-of-Bounds Write Vulnerability in libntp/mstolfp.c in NTP 4.2.8p15 Out-of-Bounds Write Vulnerability in libntp/mstolfp.c in NTP 4.2.8p15 Out-of-Bounds Write Vulnerability in NTP's praecis_parse Function Timing Side-Channel Vulnerability in io.finnet tss-lib and Related Libraries Timing Side-Channel Vulnerability in io.finnet tss-lib and Related Libraries Directory Traversal Vulnerability in Oxygen XML Web Author and Oxygen Content Fusion Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Arbitrary File Read and Credential Discovery Vulnerability in Northern.tech CFEngine Enterprise Account Hijacking Vulnerability in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 Syncfusion EJ2 Node File Provider 0102271 - Filesystem-Server.js Directory Traversal Vulnerability Directory Traversal Vulnerability in Syncfusion EJ2 ASPCore File Provider Clear-text Exposure of Authentication Credentials in Sangoma FreePBX Unauthenticated SQL Injection in GetStudentGroupStudents Method in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated SQL Injection in IDAttend's IDWeb Application 3.1.052 and Earlier: Unauthorized Data Extraction and Modification Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Unauthenticated Extraction of Sensitive Student Data in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Modification of Student Data in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated SQL Injection Vulnerability in IDAttend's IDWeb Application 3.1.052 and Earlier Authentication Bypass Vulnerability in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Extraction of Sensitive Student Data in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Extraction of Sensitive Student and Teacher Data in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Extraction of Sensitive Student Data in IDAttend's IDWeb Application 3.1.052 and Earlier Stored Cross-Site Scripting Vulnerability in IDAttend's IDWeb Application 3.1.052 and Earlier Arbitrary File Upload Vulnerability in IDAttend's IDWeb Application 3.1.013 Unauthenticated Deletion of Staff Information in IDAttend's IDWeb Application 3.1.013 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-228800) Unauthenticated Arbitrary File Read Vulnerability in IDAttend's IDWeb Application 3.1.013 Unauthenticated SQL Injection in IDAttend's IDWeb Application 3.1.052 and Earlier: Unauthorized Data Extraction and Modification Unauthenticated SQL Injection in GetExcursionDetails Method in IDWeb Application 3.1.052 and Earlier Unauthenticated SQL Injection Vulnerability in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated SQL Injection in IDAttend's IDWeb Application 3.1.052 and Earlier Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Local Denial of Service Vulnerability Unauthenticated Denial of Service Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software Privilege Escalation Vulnerability in Intel(R) Easy Streaming Wizard Software Hard-coded Credentials Vulnerability in Buffalo Network Devices Allows Unauthorized Access to Debug Function Use After Free Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-228801) Floating Point Exception Vulnerability in Sox's lsx_aiffstartwrite Function Denial of Service Vulnerability in Intel Thunderbolt DCH Drivers for Windows Denial of Service Vulnerability in Intel Thunderbolt DCH Drivers for Windows Cleartext Storage of Sensitive Information in Yokogawa Electric Corporation's CENTUM Series DoS Vulnerability in Cybozu Garoon 4.10.0 to 5.9.2: Remote Authenticated Attack Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Potential Denial of Service Vulnerability Buffer Overflow Vulnerability in Controller Message Handling XSS Vulnerability in TripleSign: Remote Code Injection in Tripleplay Platform Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-228802) Privilege Escalation via Query Reports in ManageEngine ServiceDesk Plus and Related Products Multiple Zoho Products Denial-of-Service (DoS) Vulnerability Remote Code Execution in ASUS ASMB8 iKVM Firmware through 1.14.51 via SNMP Extension Creation CVE-2023-26603 Local Privilege Escalation Vulnerability in systemd Use-after-free vulnerability in inode_cgwb_move_to_attached in Linux kernel 6.0.8 Use-after-free vulnerability in ntfs_trim_fs in Linux kernel 6.0.8 Out-of-Bounds Read Vulnerability in ntfs_attr_find in Linux Kernel 6.0.8 Stored XSS Vulnerability in SOLDR 1.1.0 Module Editor Arbitrary Code Execution Vulnerability in ABUS TVIP 20000-21150 Devices Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-228803) Buffer Overflow Vulnerability in D-Link DIR-823G Firmware Version 1.02B05 D-Link DIR-823G Firmware 1.02B05 - OS Command Injection Vulnerability D-Link DIR-823G Firmware Version 1.02B05 Password Reset Vulnerability Buffer Overflow Vulnerability in D-Link DIR-823G Firmware Version 1.02B05 Divide-by-Zero Vulnerability in Xpdf 4.04 and Earlier Versions PDF Object Loop Vulnerability in Xpdf 4.04 and Earlier PDF Object Loop Vulnerability in Xpdf 4.04 and Earlier Insecure Storage of Sensitive Data in GitHub Repository Unrestricted Resource Allocation Vulnerability in froxlor/froxlor Repository Cross-Site Scripting (XSS) Vulnerability in SourceCodester Lost and Found Information System 1.0 SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 (VDB-228885) Cross Site Scripting (XSS) Vulnerability in ZCBS, ZPBS, and ZBBS 4.14k Critical Remote Code Execution Vulnerability in SourceCodester Lost and Found Information System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Lost and Found Information System 1.0 Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 UDP Packet Bypass Vulnerability in PHOENIX CONTACT FL/TC MGUARD Family Buffer Overflow Vulnerability in tinyTIFF v3.0: Denial of Service via TinyTiffReader_readNextFrame Function Access Control Bypass in blackbox_exporter v0.23.0 Allows Unauthorized Resource Download and Intranet Port Detection Improper Access Control in GitHub Repository: openemr/openemr (prior to 7.0.1) Excessive Authentication Attempts Vulnerability in GitHub Repository linagora/twake (prior to 2023.Q1.1223) Remote Code Execution via SQL Injection in Yii Framework Revive Adserver v5.4.1 Login Page Brute Force Vulnerability Arbitrary File Download Vulnerability in Sme.UP TOKYO V6R1M220406 OS Command Injection Vulnerability in Sme.UP ERP TOKYO V6R1M220406 via XMService Component Critical Stack-Based Buffer Overflow Vulnerability in H3C R160 V1004004 (VDB-228890) Sme.UP ERP TOKYO V6R1M220406 Information Disclosure Vulnerability via /debug Endpoint Arbitrary File Upload Vulnerability in Sme.UP ERP TOKYO V6R1M220406 Buffer Overflow Vulnerability in Liblouis v.3.24.0: Remote Denial of Service via lou_logFile Function Buffer Overflow Vulnerability in Liblouis v.3.24.0: Remote Denial of Service via compileTranslationTable.c and lou_setDataPath Functions Buffer Overflow Vulnerability in Liblouis Lou_Trace v.3.24.0: Remote Denial of Service via resolveSubtable function Critical SQL Injection Vulnerability in SourceCodester Covid-19 Contact Tracing System 1.0 Cross Site Scripting Vulnerability in Sales Tracker Management System v.1.0 Remote Information Disclosure Vulnerability in Sales Tracker Management System v.1.0 Arbitrary Code Execution via File Upload in Monitorr v.1.7.6 Arbitrary Code Execution via Cross Site Scripting in Monitorr v.1.7.6 Arbitrary Command Execution via Cross Site Scripting in Uptime Kuma v.1.19.6 and earlier Deserialization Vulnerability in CleverStupidDog yf-exam v 1.8.0 Allows Remote Code Execution (RCE) Cross-Site Scripting (XSS) Vulnerability in SourceCodester File Tracker Manager System 1.0 SQL Injection Vulnerability in CleverStupidDog yf-exam v 1.8.0 SQL Injection Vulnerability in MCCMS 2.6: Remote Code Execution via Author Center Denial of Service Vulnerability in mccms 2.6.1 via Cache Security Characters Kirin Fortress Machine v.1.7-2020-0610 SQL Injection Arbitrary Code Execution Vulnerability Veritas Appliance v4.1.0.1 Vulnerability: Host Header Injection Attacks Reflected Cross-site Scripting (XSS) Vulnerability in Veritas NetBackUp OpsCenter Version 9.1.0.1 Privileged User Data Leakage Vulnerability in Snow Software SPE 9.27.0 Adobe Connector CVE-2023-26793 Incomplete Fix for CVE-2021-3750 in qemu-kvm Package for Red Hat Enterprise Linux 9.1 Command Injection Vulnerability in Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 Command Injection Vulnerability in LB-LINK Routers Authentication Bypass and Command Execution Vulnerability in DCN DCBI-Netlog-LAB v1.0 Buffer Overflow Vulnerability in Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) Buffer Overflow Vulnerability in Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 SQL Injection Vulnerability in Jorani Version 1.0.0 Allows Unauthorized Data Extraction Arbitrary SQL Command Execution in DataDictionaryPluginController.java in Wangmarket CMS 4.10 Remote Code Execution (RCE) Vulnerability in codefever before 2023.2.7-commit-b1c2e7f via /controllers/api/user.php Vulnerability: Unauthorized Access to Restricted Files, Microphone, and Video Recording in Telegram 9.3.1 and 9.4.0 Critical Command Injection Vulnerability in Caton Live up to 2023-04-26 (VDB-228911) Path Traversal Vulnerability in SiteProxy v1.0 via index.js Component Command Injection Vulnerability in D-Link Go-RT-AC750 revA_v101b03 Authentication Bypass Vulnerability in Gladinet CentreStack Password Reset Component Bluetooth LE Stack Memory Leak Vulnerability Unrestricted File Upload Vulnerability in Gladinet CentreStack Administrative Portal Branding Component ChurchCRM v4.5.3 Cross-Site Request Forgery (CSRF) Vulnerability: Unauthorized Information Editing Stored Cross-Site Scripting Vulnerability in File Renaming on Upload WordPress Plugin CSRF Vulnerability in ChurchCRM v4.5.3 Allows Unauthorized User Privilege Escalation CSRF Vulnerability in ChurchCRM v4.5.3 Allows Unauthorized Password Changes Stored XSS Vulnerability in ChurchCRM 4.5.3 OptionManager.php Stored XSS Vulnerability in ChurchCRM 4.5.3 NoteEditor.php CSRF Vulnerability in OpenCATS 0.9.7 Stored Cross-Site Scripting (XSS) Vulnerability in OpenCATS v0.9.7 via Crafted Payload in City Parameter Stored XSS Vulnerability in OpenCATS v0.9.7 via Crafted Payload in State Parameter Command Injection Vulnerability in TOTOlink A7100RU(V7.4cu.2313_B20191024) Vulnerability: Unquoted Service Path Privilege Escalation Arbitrary Code Execution via File Upload Vulnerability in Textpattern v4.8.8 and Below Insecure Hashing Algorithm in ChurchCRM v4.5.3 Allows for Password Cracking SQL Injection Vulnerability in Dynamic Transaction Queuing System v1.0 via name parameter at /admin/ajax.php?action=login Arbitrary Code Execution via File Upload in Dynamic Transaction Queuing System v1.0 SQL Injection Vulnerability in PrestaShop FAQs v3.1.6: Remote Privilege Escalation via faqsBudgetModuleFrontController::displayAjaxGenerateBudget Remote Privilege Escalation via SQL Injection in PrestaShop sendinblue v.4.0.15 and earlier through ajaxOrderTracking.php Wi-Fi Commissioning MicriumOS Example in Silicon Labs Gecko SDK v4.2.3 or Earlier: Stack-Based Buffer Overflow Vulnerability SQL Injection Vulnerability in PrestaShop Igbudget v.1.0.3 and Earlier Versions via LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget Component PrestaShop vivawallet v.1.7.10 SQL Injection Privilege Escalation Vulnerability SQL Injection Vulnerability in PrestaShop SmplRedirectionsManager v.1.1.19 and Earlier: Privilege Escalation via SmplTools::getMatchingRedirectionsFromParts Component Remote Privilege Escalation via SQL Injection in PrestaShop Bdroppy v.2.2.12 and earlier Remote Command Injection Vulnerability in GreenPacket OH736's WR-1200 Indoor Unit and OT-235 Buffer Overflow Vulnerability in Silicon Labs Gecko SDK v4.2.1 and Earlier: Overwriting Limited Heap Structures in Platform CLI Component Arbitrary Code Execution via SQL Injection in Piwigo v.13.5.0 and Earlier Path Traversal Vulnerability in WordPress File Upload and WordPress File Upload Pro Plugins Critical SQL Injection Vulnerability in SourceCodester Billing Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Personnel Property Equipment System 1.0 SQL Injection Vulnerability in Alphaware - Simple E-Commerce System v1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Personnel Property Equipment System 1.0 Unquoted Service Path Vulnerability in ASUS SetupAsusServices v1.0.5.1 XSS Vulnerability in xenv S-mall-ssm Allows Arbitrary Code Execution via Evaluate Button Cross Site Scripting (XSS) Vulnerability in EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 via new_movie.php NULL Pointer Dereference in libyang's lys_parse_mem() Function NULL Pointer Dereference in libyang's lysp_stmt_validate_value Function Privilege Escalation via File Replacement in Diasoft File Replication Pro 7.5.0 Sandbox Escape Vulnerability in delight-nashorn-sandbox 0.2.4 and 0.2.5 Cross-Site Scripting (XSS) Vulnerability in SourceCodester ICT Laboratory Management System 1.0 Prototype Pollution in fast-xml-parser before 4.1.2 via __proto__ OS Command Injection Vulnerability in Quectel AG550QCN: Arbitrary Command Execution via ql_atfwd SQL Injection Vulnerability in Varisicte Matrix-GUI v.2 Stack Buffer Overflow Vulnerability in Musescore 3.0 to 4.0.1 when Reading Misconfigured MIDI Files Segmentation Fault Vulnerability in LLVM's mlir::outlineSingleBlockRegion Syslog Information Disclosure Vulnerability in D-LINK DIR-882 1.30 Critical SQL Injection Vulnerability in SourceCodester Online Exam System 1.0 (VDB-228974) Buffer Overflow Vulnerability in XPDF v.4.04: Denial of Service via PDFDoc Malloc in pdftotext.cc Critical SQL Injection Vulnerability in SourceCodester Online Exam System 1.0 (VDB-228975) RFID Tag Cloning Vulnerability in Yale Conexis L1 v1.1.0 RFID Tag Cloning Vulnerability in Yale IA-210 Alarm v1.0 RFID Tag Cloning Vulnerability in Yale Keyless Lock v1.0 Arbitrary File Read Vulnerability in OneKeyAdmin v1.3.9 Arbitrary File Upload Vulnerability in Onekeyadmin v1.3.9 Critical SQL Injection Vulnerability in SourceCodester Online Exam System 1.0 (VDB-228976) Stored XSS Vulnerability in onekeyadmin v1.3.9 via Adding Categories Module Stored XSS Vulnerability in onekeyadmin v1.3.9 via Member List Module Stored XSS Vulnerability in onekeyadmin v1.3.9 via Add Menu Module Stored XSS Vulnerability in OneKeyAdmin v1.3.9 via Add Administrator Module Stored XSS Vulnerability in OneKeyAdmin v1.3.9 User Group Module Stored XSS Vulnerability in OneKeyAdmin v1.3.9 via Admin Group Module Arbitrary File Read Vulnerability in OneKeyAdmin v1.3.9 via /admin1/curd/code Component Arbitrary File Delete Vulnerability in onekeyadmin v1.3.9 Cross Site Scripting (XSS) vulnerability in Phpgurukul Park Ticketing Management System 1.0 via Admin Name parameter SQL Injection Vulnerability in Phpgurukul Park Ticketing Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Exam System 1.0 (VDB-228977) Arbitrary File Upload Vulnerability in Alteryx Server 2022.1.1.42590 Denial of Service (DoS) Vulnerability in Hyper v0.13.7 and h2-0.2.4 Heap-Based Use After Free Vulnerability in LibTIFF's loadImage() Function Buffer Overflow Vulnerability in libtiff 4.5.0: uv_encode() Little-Endian TIFF File Corruption Unauthenticated File Upload Vulnerability in Atrocore 1.5.25's Create Import Feed with glyphicon-glyphicon-paperclip Function Directory Traversal Vulnerability in Atropim 1.5.26 Critical SQL Injection Vulnerability in SourceCodester Online Exam System 1.0 (VDB-228978) JPEG 2000 File Write Access Violation Vulnerability in Irfanview v4.62 Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via ssid Parameter Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Vulnerability in BluetensQ App Allows Man-in-the-Middle Attacks on Bluetens Electrostimulation Device Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 Race Condition Vulnerability in PAX A920 Pro PayDroid 8.1 Allows Bypass of Payment Software Stored Cross-Site Scripting (XSS) Vulnerability in Trudesk v1.2.6 via Create Ticket Function Password Reset Function Vulnerability in Peppermint v0.2.4 Allows Unauthorized Access to Tickets Page Remote Code Execution Vulnerability in China Mobile OA Mailbox PC v2.9.23 Remote Account Manipulation Vulnerability in Konga 0.14.9 Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 Stack-Use-After-Scope Vulnerability in SWFTools v0.9.2 Remote Code Execution Vulnerability in NetScoutnGeniusOne v.6.3.4 via Alert Configuration Page Remote Code Execution and Denial of Service Vulnerability in NetScout nGeniusOne v.6.3.4 Memory Leak Vulnerability in libvirt Arbitrary Code Execution via Cross Site Scripting in NetScoutnGeniusOne v.6.3.4 JWT Payload Tampering Vulnerability in Egerie Risk Manager v4.0.5 Cross-site Scripting (XSS) Vulnerability in ATutor 2.2.1 login.tmpl.php Reflected Cross-Site Scripting Vulnerability in Gravity Forms WordPress Plugin Privilege Escalation Vulnerability in Wondershare Dr.Fone v12.9.6 Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Router Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Router Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn User-Controlled Key Authorization Bypass Vulnerability in Finex Media Competition Management System Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Router Stack Overflow Vulnerability in Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn Firmware Arbitrary File Download Vulnerability in RuoYi v4.7.6 and Below Data Breach Vulnerability in Finex Media Competition Management System SQL Injection Vulnerability in Prestashop AdvancedPopupCreator v1.1.21 to v1.1.24 Code Injection Vulnerability in Prestashop Cdesigner v3.1.3 to v3.1.8 via CdesignerSaverotateModuleFrontController::initContent() Critical SQL Injection Vulnerability Found in PrestaShop jmsblog 2.5.5 Remote Code Execution and Unauthorized Access in Obsidian Canvas 1.1.9 Qibosoft QiboCMS v7 Remote Code Execution (RCE) Vulnerability in Get_Title Function Authentication Bypass Vulnerability in BP Social Connect WordPress Plugin (Versions up to 1.5) Remote Code Execution (RCE) Vulnerability in Simple Image Gallery v1.0 via Username Parameter SQL Injection Vulnerability in School Registration and Fee System v1.0 Buffer Overflow Vulnerability in Tenda AX3 V16.03.12.11 via /goform/SetFirewallCfg Email Address Bypass Vulnerability in Python's Email Module Reflected Cross-Site Scripting (XSS) Vulnerability in gAppointments WordPress Plugin SQL Injection Vulnerability in E-Commerce System v1.0 via id parameter at /admin/delete_user.php Cross-Site Scripting (XSS) Vulnerability in MiroTalk P2P Allows Arbitrary Code Execution Sensitive File Access Vulnerability in Aver Information Inc PTZApp2 v20.01044.48 Cross-Site Scripting (XSS) Vulnerability in ChurchCRM v4.5.3 Edit Group Function Authentication Bypass Vulnerability in OTP Login Woocommerce & Gravity Forms Plugin for WordPress Remote Code Execution Vulnerability in LightCMS v1.3.7 via image:make Function Buffer Overflow Vulnerability in Tenda V15V1.0 V15.11.0.14(1521_3190_1058) via wifiFilterListRemark Parameter Buffer Overflow Vulnerability in Tenda V15V1.0: Exploiting the gotoUrl Parameter for Denial of Service (DoS) Attacks Buffer Overflow Vulnerability in Tenda V15V1.0 V15.11.0.14(1521_3190_1058) via DNSDomainName Parameter Buffer Overflow Vulnerability in Tenda V15V1.0 V15.11.0.14(1521_3190_1058) via formDelDnsForward Function Buffer Overflow Vulnerability in Tenda V15V1.0 V15.11.0.14(1521_3190_1058) Arbitrary File Download Vulnerability in Sitecore Experience Platform 10.2 and Earlier Sitecore Experience Platform Directory Traversal Vulnerability in download.aspx Arbitrary Code Execution Vulnerability in Sitecore Experience Platform through 10.2 via ValidationResult.aspx Stored XSS Vulnerability in TotalJS OpenPlatform Allows Arbitrary Code Execution via Crafted Payload in Account Name Field Stored Cross-Site Scripting Vulnerability in gAppointments WordPress Plugin Stored XSS Vulnerability in TotalJS OpenPlatform (Commit b80b09d) Allows Arbitrary Code Execution CSRF Vulnerability in Online Food Ordering System v1.0 Allows Unauthorized User Account Manipulation SQL Injection Vulnerability in BP Monitoring Management System v1.0 Arbitrary Code Execution via Cross-Site Scripting (XSS) in Microbin v1.2.0 Tenda G103 v.1.0.0.5 Command Injection Vulnerability 360 D901 Stack Overflow Vulnerability Enables Remote DDOS Attack TP-Link MR3020 v.1_150921 Command Injection Vulnerability Tenda G103 v.1.0.05 Command Injection Vulnerability Reflected Cross-Site Scripting Vulnerability in Video Gallery Plugin for WordPress (Versions up to 1.0.10) Arbitrary Code Execution via Cross Site Scripting (XSS) in Pluck CMS 4.7.15 through 4.7.16-dev4 Arbitrary Code Execution Vulnerability in Pluck CMS 4.7.15 through 4.7.16-dev5 Sensitive Information Disclosure Vulnerability in isoftforce Dreamer CMS v.4.0.1 Sensitive Information Disclosure Vulnerability in Xuxueli xxl-job v2.2.0, v2.3.0, and v2.3.1 via pageList Parameter Vertical Authorization Vulnerability in feiqu-opensource IndexController.java Cross Site Scripting (XSS) Vulnerability in Ehuacui BBS Login Parameter Stored Cross-Site Scripting Vulnerability in AN_GradeBook WordPress Plugin TeaCMS Storage Cross Site Scripting Vulnerability: Sensitive Information Leak via Article Title Parameter Privilege Escalation Vulnerability in XiaoBingby TeaCMS 2.3.3 Cross-Site Scripting (XSS) Vulnerability in Jbootfly: Username Parameter Information Disclosure Cross Site Scripting (XSS) Vulnerability in My-Blog's Post Function Enables Denial of Service Attacks Privilege Escalation Vulnerability in OpenGoofy Hippo4j v.1.4.3 Privilege Escalation Vulnerability in OpenGoofy Hippo4j v.1.4.3 Insecure Permissions Vulnerability in OpenGoofy Hippo4j v.1.4.3: Unauthorized Access to Sensitive Information Hardcoded Credentials Vulnerability in TP-Link Tapo APK v2.12.703 Reflected Cross-Site Scripting Vulnerability in WordPress Video Carousel Slider Plugin (Versions up to 1.0.22) Bypassing Brute Force Protection in Netgate pfSense Software Segmentation Violation Vulnerability in Libde265 v1.0.11 Heap Buffer Overflow in Libde265 v1.0.11: derive_collocated_motion_vectors vulnerability Directory Traversal Vulnerability in Shanling M5S and M2X Portable Music Players Improper Access Control Allows Unauthorized Report Generation in MyQ Solution Print Server and Central Server Unauthenticated Call Log Retrieval Vulnerability in KaiOS Communications Application Stored Cross-Site Scripting Vulnerability in Ultimate Product Catalog WordPress Plugin Segmentation Fault Vulnerability in radare2 v5.8.3 via wasm_dis Component Segmentation Fault Vulnerability in WebAssembly v1.0.29 via wabt::cat_compute_size WebAssembly v1.0.29 Vulnerability: Abort in CWriter::MangleType Heap Overflow Vulnerability in WebAssembly v1.0.29 via wabt::Node::operator Segmentation Fault Vulnerability in WebAssembly v1.0.29 via wabt::Decompiler::WrapChild Unrestricted File Upload Vulnerability in Rental Module Allows Command Injection and Web Shell Upload Arbitrary Code Execution via Cross-Site Scripting (XSS) in Pleasant Password Server v7.11.41.0 Vulnerability: Reuse of AES Key-IV Pair in TP-Link TAPO C200 Camera V3 (EU) Firmware 1.1.22 Build 220725 User-Controlled Key Authorization Bypass Vulnerability in Ideasoft's Rental Module Arbitrary Code Execution via Cross Site Scripting in Typecho v.1.2.0 Typecho v.1.2.0 Post Editor Cross Site Scripting Vulnerability Cleartext Password Vulnerability in TSplus Remote Work 16.0.0.0 Weak Permissions for Executable, JavaScript, and HTML Files in TSplus Remote Work 16.0.0.0 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Vulnerability: Unauthorized Modification of Data in Groundhogg WordPress Plugin Stored XSS Vulnerability in Enhancesoft osTicket v1.17.2 Admin Panel Stored XSS Vulnerability in Enhancesoft osTicket v1.17.2 via Crafted Payload in Label Input Parameter Unauthenticated Data Modification and Admin Access Vulnerability in Groundhogg WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in openCRX 5.2.0 via Name Field in Manage Activity Tracker CVE-2023-27151 Authentication Brute-Force Vulnerability in DECISO OPNsense 23.1 Server-Side Request Forgery (SSRF) Vulnerability in Appwrite up to v1.2.1 Unauthenticated File Upload and Data Exposure Vulnerability in Groundhogg WordPress Plugin Server-Side Request Forgery (SSRF) Vulnerability in Forem up to v2022.11.11 via /articles/{id} Component Jellyfin v10.7.7 SSRF Vulnerability: Unauthorized Network Resource Access via /Repositories Component Server-Side Request Forgery (SSRF) in openapi-generator up to v6.4.0 via /api/gen/clients/{language} component Server-Side Request Forgery (SSRF) Vulnerability in Request-Baskets v1.2.1 Arbitrary Code Execution via Crafted .md File Upload in Halo v1.6.1 Suprema BioStar 2 v2.8.16 SQL Injection Vulnerability in /users/absence?search_month=1 Arbitrary Code Execution via File Upload in Xpand IT Write-back Manager v2.3.1 Hardcoded Salt in Xpand IT Write-back Manager v2.3.1 Leads to Predictable Encryption Keys Vulnerability: Cross-Site Request Forgery in Groundhogg WordPress Plugin Directory Traversal Vulnerability in Xpand IT Write-back Manager v2.3.1 Weak Secret Key Vulnerability in Xpand IT Write-back Manager v2.3.1 Arbitrary Code Execution Vulnerability in GDidees CMS 3.9.1 Upload Function Arbitrary File Download Vulnerability in GDidees CMS v3.9.1 and Lower Stored XSS Vulnerability in Contact Form Email WordPress Plugin Source Code Disclosure Vulnerability in GDidees CMS v3.9.1 Backup Feature SQL Injection vulnerability in SupportCandy WordPress Plugin (<= 3.1.7) Denial of Service Vulnerability in DUALSPACE Super Security v.2.3.7 via SharedPreference Files Denial of Service Vulnerability in DUALSPACE Super Security v.2.3.7 Privilege Escalation Vulnerability in DUALSPACE v.1.1.3 Root Access Vulnerability in PAX A930 Device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 Arbitrary Command Execution Vulnerability in PAX A930 with PayDroid_7.1.1_Virgo_V04.5.02_20220722 PAX Technology A930 PayDroid Vulnerability: Authorization Bypass via LD_PRELOAD SQL Injection Vulnerability in Best POS Management System 1.0 SQL Injection Vulnerability in Best POS Management System 1.0 SQL Injection Vulnerability in Best POS Management System 1.0 SQL Injection Vulnerability in Best POS Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Best POS Management System 1.0 SQL Injection Vulnerability in Online Pizza Ordering System 1.0 Arbitrary Code Execution via Cross-Site Scripting (XSS) in Online Pizza Ordering System 1.0 Critical Use After Free Vulnerability in Google Chrome Navigation SQL Injection Vulnerability in Online Pizza Ordering System 1.0 Cross-Site Scripting (XSS) Vulnerability in Online Pizza Ordering System 1.0 Arbitrary Code Execution via Cross-Site Scripting (XSS) in Online Pizza Ordering System 1.0 SQL Injection Vulnerability in Online Student Management System v1.0 SQL Injection Vulnerabilities in Online Student Management System v1.0 Remote Code Execution Vulnerability in D-Link DSL-3782 v.1.03 Stack-based Buffer Overflow in Belkin Smart Outlet V2 F7c063 Firmware_2.00.11420.OWRT.PVT_SNSV2 Use After Free Vulnerability in Autofill UI in Google Chrome on Android Arbitrary Code Execution Vulnerability in NginxProxyManager v.2.9.19 Cross-Site Scripting (XSS) Vulnerability in User Registration & Login and User Management System with Admin Panel v3 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Use After Free Vulnerability in Google Chrome DevTools Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 SQL Injection Vulnerability in Piwigo before 13.6.0 via order[0][dir] Parameter Arbitrary Configuration Changes Vulnerability in Jizhicms v2.4.5 Arbitrary File Upload Vulnerability in Jizhicms v2.4.5 Host Header Injection Vulnerability in LavaLite CMS v9.0.0 Web Cache Poisoning Vulnerability in LavaLite CMS v 9.0.0 Stack Overflow Vulnerability in Tenda AX3 V16.03.12.11 via shareSpeed Parameter Type Confusion Vulnerability in V8 Allows Remote Heap Corruption Tenda AX3 V16.03.12.11 Command Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Water Billing System v1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Loan Management System v1.0 Cleartext Credential Exposure Vulnerability in Makves DCAP v3.0.0.122 Cross-Site Scripting (XSS) Vulnerability in File Management Project 1.0.0 via Crafted Payload in Edit User Name Field Virtual Disk Arbitrary File Upload Vulnerability in MK-Auth 23.01K4.9 Privilege Escalation Vulnerability in Cynet Client Agent v4.6.0.8010 Heap Buffer Overflow in swfdump v0.9.2: Vulnerability in swf_GetPlaceObject at swfobject.c Use After Free Vulnerability in Google Chrome's Guest View SQL Injection Vulnerability in Online Book Store Project v1.0's /bookstore/bookPerPub.php Command Injection Vulnerability in Netgate pfSense v2.7.0's restore_rrddata() Function Unauthenticated SQL Injection Vulnerability in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated SQL Injection Vulnerability in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Access to Sensitive Log Files in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Access to Student Information in IDWeb Application 3.1.052 and Earlier Unauthenticated Access to Student and Teacher Data in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Extraction of Sensitive Data in IDAttend's IDWeb Application 3.1.052 and Earlier Bypassing Install Dialog in Google Chrome WebApp Installs Unauthenticated SQL Injection in IDAttend's IDWeb Application 3.1.052 and Earlier: Unauthorized Data Extraction and Modification Unauthenticated Deletion Vulnerability in IDAttend's IDWeb Application Unauthenticated SQL Injection in IDAttend's IDWeb Application 3.1.052 and Earlier: Unauthorized Data Extraction and Modification Unauthorized Access to Playbooks in Mattermost API Unauthenticated Modification of Mattermost Playbooks via API Information Disclosure Vulnerability in Mattermost's Regenerate Invite Id API Endpoint Information Disclosure Vulnerability in Mattermost API Endpoint /api/v4/users/me/teams SAP Diagnostics Agent OSCommand Bridge Vulnerability Unauthenticated Access to SAP NetWeaver AS Java (Object Analyzing Service) Allows Privilege Escalation Directory Traversal Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Vulnerability: ImagePolicyWebhook Bypass with Ephemeral Containers Denial of Service Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Remote Code Execution in SAP BusinessObjects Business Intelligence Platform CVE-2023-27279 Vulnerability: Bypassing Mountable Secrets Policy with Ephemeral Containers CVE-2023-27283 Buffer Overflow Vulnerability in IBM Aspera Cargo and Connect 4.2.5 Buffer Overflow Vulnerability in IBM Aspera Connect and Cargo 4.2.5 Buffer Overflow Vulnerability in IBM Aspera Cargo and Connect 4.2.5 Insufficiently Random Values in Synology DiskStation Manager User Management Functionality Vulnerability Unauthenticated Access to Docker-based Datastores in IBM Instana CVE-2023-27291 Open Redirect Vulnerability in OpenCATS Allows Template Injection Cross-Site Scripting (XSS) Vulnerability in Questionnaire Submission Cross-Site Scripting (XSS) Vulnerability in Calendar Event Description OpenCATS Vulnerability: Lack of CSRF Token Validation in POST Requests Deserialization of Untrusted Data vulnerability in Apache InLong Uncontrolled Search Path Vulnerability in Intel(R) WULT Software Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.3.3 Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Potential Privilege Escalation via Local Access Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Potential Information Disclosure Vulnerability Operation Restriction Bypass Vulnerability in Cybozu Garoon 4.6.0 to 5.9.2: Remote Data Alteration in Message and Bulletin Privilege Escalation Vulnerability in Intel(R) Arc(TM) & Iris(R) Xe Graphics Drivers Denial of Service Vulnerability in Intel(R) Optane(TM) SSD Firmware Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows Unauthenticated Remote Write Access Vulnerability in RUGGEDCOM CROSSBOW (All versions < V5.2) NULL Pointer Dereference Vulnerability in Libtiff's LZWDecode() Function Privilege Escalation in RUGGEDCOM CROSSBOW (All versions < V5.2) Information Exposure via Directory Listing in NetApp Blue XP Connector versions prior to 3.9.25 Vulnerability in SnapCenter Plugin for VMware vSphere Allows Unauthorized Modification of Email and Snapshot Name Settings Privilege Escalation Vulnerability in SnapCenter Versions 3.x and 4.x Remote Unauthenticated HTTP Service Crash Vulnerability in ONTAP 9 SnapGathers Prior Versions Plagued by Local Authenticated Credential Exposure Vulnerability SnapCenter Server User Privilege Escalation Vulnerability Vulnerability: Unlocked SAS-attached FIPS 140-2 Drives on Reboot or Reinsertion Denial of Service (DoS) Vulnerability in StorageGRID (formerly StorageGRID Webscale) Versions 11.6.0 - 11.6.0.13 Unauthenticated URL Enumeration Vulnerability in ONTAP Mediator Authentication Bypass Vulnerability in MStore API Plugin for WordPress Double Free Vulnerability in Sudo's Per-Command Chroot Feature CVE-2023-27321 CVE-2023-27322 CVE-2023-27323 CVE-2023-27324 CVE-2023-27325 CVE-2023-27326 CVE-2023-27327 CVE-2023-27328 CVE-2023-27329 Authentication Bypass Vulnerability in MStore API Plugin for WordPress (up to version 3.9.0) CVE-2023-27330 CVE-2023-27331 CVE-2023-27332 CVE-2023-27333 CVE-2023-27334 CVE-2023-27335 CVE-2023-27336 CVE-2023-27337 CVE-2023-27338 CVE-2023-27339 Authentication Bypass Vulnerability in MStore API Plugin for WordPress CVE-2023-27340 CVE-2023-27341 CVE-2023-27342 CVE-2023-27343 CVE-2023-27344 CVE-2023-27345 CVE-2023-27346 CVE-2023-27347 CVE-2023-27348 CVE-2023-27349 Stored Cross-Site Scripting Vulnerability in Groundhogg WordPress Plugin Authentication Bypass Vulnerability in PaperCut NG 22.0.5 (Build 63914) Authentication Bypass Vulnerability in PaperCut NG 22.0.5 (Build 63914) Unauthenticated Remote Code Execution in Sonos One Speaker 70.3-35220 Unauthenticated Remote Code Execution Vulnerability in Sonos One Speaker 70.3-35220 Unauthenticated Remote Code Execution in Sonos One Speaker 70.3-35220 Unauthenticated Remote Code Execution in Sonos One Speaker 70.3-35220 CVE-2023-27356 CVE-2023-27357 CVE-2023-27358 CVE-2023-27359 Cross-Site Request Forgery Vulnerability in Groundhogg WordPress Plugin (Versions up to 2.7.9.8) CVE-2023-27360 CVE-2023-27361 CVE-2023-27362 CVE-2023-27363 CVE-2023-27364 CVE-2023-27365 CVE-2023-27366 CVE-2023-27367 CVE-2023-27368 CVE-2023-27369 Improper Log Permissions Vulnerability in SafeNet Authentication Service Version 3.4.0 on Windows CVE-2023-27370 Remote DoS Vulnerability in GNU libmicrohttpd before 0.9.76 Remote Code Execution via Mishandled Serialization in SPIP Insufficient Input Validation in Insyde InsydeH2O EFI Variable Leads to Dynamic BAR Overlapping SMRAM Unauthenticated Extraction of Sensitive Student Data in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Extraction of Sensitive Student Data in IDAttend's IDWeb Application 3.1.052 and Earlier Unauthenticated Extraction of Sensitive Student Data in IDAttend's IDWeb Application 3.1.052 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerabilities in BIG-IP Configuration Utility Use-After-Free Vulnerability in Foxit PDF Reader 12.1.2.15332 Unrestricted Upload Vulnerability in Tongda OA 11.10 (CVE-2021-229149) OS Command Injection Vulnerability in peplink Surf SOHO HW1 v6.3.5 (admin.cgi USSD_send Functionality) Privilege Escalation Vulnerability in Intel(R) NUC P14E Laptop Element Software Privilege Escalation Vulnerability in Intel(R) oneAPI HPC Toolkit and Intel(R) MPI Library MultiReport Data Alteration Vulnerability in Cybozu Garoon 5.15.0 CX-Drive All Models All Versions Heap-Based Buffer Overflow Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) Pathfinder for RISC-V Software Arbitrary Operation Vulnerability in T&D Corporation and ESPEC MIC CORP. Data Logger Products via CSRF Authentication Bypass Vulnerability in T&D Corporation and ESPEC MIC CORP. Data Logger Products Inadequate Encryption Strength Vulnerability in CONPROSYS IoT Gateway Products Cross-Site Scripting (XSS) Vulnerability in Gira HomeServer up to 4.12.0.220829 beta Heap-based Buffer Overflow in Diagon v1.0.139: Arbitrary Code Execution via Crafted Markdown File Privilege Escalation Vulnerability in Intel(R) oneAPI Toolkit and Component Software Installers Default Permissions Vulnerability in Intel(R) Support Android App Unauthenticated OS Command Injection Vulnerability in Osprey Pump Controller Version 1.01 Heap-based Buffer Overflow in SoftEther VPN's vpnserver WpcParsePacket() Functionality Vulnerability in FINS Protocol: Plaintext Communication and No Authentication Arbitrary File Upload and Execution Vulnerability in MicroEngine Mailform Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-20304) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (All versions < V2201.0006) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Guest Management System 1.0 Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-20300) Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation (All versions < V2201.0006) Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-20334) Memory Corruption Vulnerability in Tecnomatix Plant Simulation (All versions < V2201.0006) Allows Code Execution Stack-based Buffer Overflow in Tecnomatix Plant Simulation (All versions < V2201.0006) Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-20432) Stack-based Buffer Overflow in Tecnomatix Plant Simulation (All versions < V2201.0006) Allows Remote Code Execution Command Injection Vulnerability in SCALANCE LPE9403 (All versions < V2.1) Insecure Permissions on SCALANCE LPE9403 Mutex File Path Traversal Vulnerability in SCALANCE LPE9403 (All versions < V2.1) via `deviceinfo` Binary Heap-based Buffer Overflow Vulnerability in SCALANCE LPE9403 (All versions < V2.1) SQL Injection Vulnerability in RUGGEDCOM CROSSBOW (All versions < V5.4) Unauthenticated Reflected XSS Vulnerability in Everest Themes Mocho Blog Theme <= 1.0.4 Stored Cross-Site Scripting (XSS) Vulnerability in Shazzad Hossain Khan W4 Post List Plugin <= 2.4.4 Unauthenticated Reflected XSS Vulnerability in Popup Box Team Popup Box Plugin <= 3.4.4 Stored Cross-Site Scripting (XSS) Vulnerability in Themeqx LetterPress Plugin <= 1.1.2 Stored XSS Vulnerability in Decon Digital Decon WP SMS Plugin <= 1.1 CSRF Vulnerability in Timo Reith Affiliate Super Assistent Plugin <= 1.5.1 CSRF Vulnerability in Wow-Company Side Menu Lite Plugin Unauthenticated Reflected XSS Vulnerability in Everest Themes Viable Blog Theme <= 1.1.4 Cross-Site Scripting (XSS) Vulnerability in AI ChatBot WordPress Plugin Everest Themes Arya Multipurpose Theme Unauthenticated Reflected XSS Vulnerability Everest News Theme Unauthenticated Reflected XSS Vulnerability Stored XSS Vulnerability in NsThemes NS Coupon To Become Customer Plugin CSRF Vulnerability in Ramon Fincken Auto Prune Posts Plugin <= 1.8.0 CSRF Vulnerability in Korol Yuriy aka Shra Inactive User Deleter Plugin <= 1.59 Stored XSS Vulnerability in James Irving-Swift Electric Studio Client Login Plugin <= 0.8.1 Stored XSS Vulnerability in NotifyVisitors Plugin <= 1.0 Stored XSS Vulnerability in NTZApps CRM Memberships Plugin <= 1.6 Stored Cross-Site Scripting (XSS) Vulnerability in Jetpack CRM Plugin <= 5.4.4 Reflected Cross-Site Scripting in ERP WordPress Plugin (CVE-XXXX-XXXX) CSRF Vulnerability in Ramon Fincken Mass Delete Unused Tags Plugin CSRF Vulnerability in ThemeHunk Big Store Theme <= 1.9.3 Unauthenticated Reflected XSS Vulnerability in WpSimpleTools Manage Upload Limit Plugin <= 1.0.4 CSRF Vulnerability in YAS Global Team Make Paths Relative Plugin <= 1.3.0 CSRF Vulnerability in WPGrim Classic Editor and Classic Widgets Plugin CSRF Vulnerability in Sami Ahmed Siddiqui HTTP Auth Plugin <= 0.3.2 CSRF Vulnerability in Louis Reingold Elegant Custom Fonts Plugin CSRF Vulnerability in Evgen Yurchenko WP Translitera Plugin Stored XSS Vulnerability in gl_SPICE New Adman Plugin <= 1.6.8 SQL Injection Vulnerability in ERP WordPress Plugin CVE-2023-27440 CSRF Vulnerability in gl_SPICE New Adman Plugin <= 1.6.8 CSRF Vulnerability in Teplitsa of Social Technologies Leyka Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Grant Kimball Simple Vimeo Shortcode Plugin <= 2.9.1 CSRF Vulnerability in PerfOps One DecaLog Plugin <= 3.7.0 CSRF Vulnerability in Meril Inc. Blog Floating Button Plugin CSRF Vulnerability in Fluenx DeepL API Translation Plugin Sensitive Information Exposure Vulnerability in WP SMS – Messaging & SMS Notification Plugin CSRF Vulnerability in MakeStories Team MakeStories Plugin Directory Traversal Vulnerability in WordPress Core (up to version 6.2) via 'wp_lang' Parameter Unauthenticated Stored XSS Vulnerability in Leyka Plugin <= 3.29.2 Critical SSRF Vulnerability in Darren Cooney Instant Images Plugin Stored XSS Vulnerability in Wow-Company Button Generator Plugin CSRF Vulnerability in LWS Tools Plugin <= 2.3.1 Unauthenticated Reflected XSS Vulnerability in Maui Marketing Update Image Tag Alt Attribute Plugin CSRF Vulnerability in Passionate Brains Add Expires Headers & Optimized Minify Plugin <= 2.7 CSRF Vulnerability in wpstream WpStream Plugin <= 4.4.10 CVE-2023-27459 Vulnerability: Cross Site Request Forgery (CSRF) in Rockwell Automation Enhanced HIM Software Yoohoo Plugins When Last Login Plugin CSRF Vulnerability Unauthorized Data Access Vulnerability in RUGGEDCOM CROSSBOW (All versions < V5.3) SQL Injection Vulnerability in RUGGEDCOM CROSSBOW (All versions < V5.3) Observable Response Discrepancy Vulnerability in Mendix Forgot Password Vulnerability: Unauthorized Access to Debugging Services in SIMOTION Devices Arbitrary File Deletion and Denial of Service Vulnerability in Malwarebytes Anti-Exploit 4.4.0.220 Uninitialized Initialization Vector (IV) Vulnerability TOCTOU Race Condition Vulnerability in N-able Take Control Agent Insecure UEFI Variable Handling in InsydeH2O UEFI Implementations XSS Vulnerability in quickentity-editor-next Allows Arbitrary Code Execution HTML Injection Vulnerability in Directus ZipSlip vulnerability in Goutil prior to version 0.6.0 allows path traversal during unzipping Arbitrary File Read Vulnerability in OWSLib XML Parser Cranelift Bug in Wasmtime's Code Generation for WebAssembly `i8x16.select` Instruction on x86_64 Platforms Vulnerability: Key Data Leakage in libmemcached Arbitrary Code Execution Vulnerability in XWiki Platform XWiki Platform XAR Import File Forgery Vulnerability Vulnerability: Password Hash Extraction via Brute Forcing in Directus Remotely Exploitable Authentication Bypass Vulnerability in Home Assistant Supervisor API Out of Memory Panic Vulnerability in Crossplane-Runtime Arbitrary High Index Memory Exhaustion Vulnerability in crossplane-runtime Insufficient Authorization in thmmniii/fbs-core Allows Querying Other Users' Subresults xCAT Zone Authentication Bypass Vulnerability Envoy Proxy JSON Web Token (JWT) Bypass and Fake Original Path Vulnerability Privilege Escalation and Logging Vulnerability in Envoy Proxy SVG File Upload Vulnerability in Kiwi TCMS File Path Validation Bypass in Download Center on ADM 4.0 and Above Authentication Bypass Vulnerability in `next-auth` OAuth Provider Versions before v4.20.1 HTTP/1 Service Malformed Request Bypass Vulnerability in Envoy Denial of Service Vulnerability in Envoy's Lua Filter Improper Request Header Sanitization in Envoy Proxy Reflected XSS Vulnerability in Streamlit Versions 0.63.0 - 0.80.0 Bypassing CSRF Protection in @fastify/csrf-protection Plugin (CVE-2021-29624) OAuth Redirect Response State Parameter Absence Vulnerability in Envoy Proxy SAP Diagnostics Agent - EventLogServiceCollector Code Execution Vulnerability Memory Corruption Vulnerability in SAP Host Agent (SAPOSCOL) Version 7.22 Reflected Cross-Site Scripting (XSS) Vulnerability in SAP GUI for HTML SQL Injection Vulnerability in Cityboss E-municipality: Before 6.05 Directory Traversal Vulnerability in SAPRSBRO Allows Overwriting of Critical System Files Directory Traversal Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform CVE-2023-27502 Privilege Escalation Vulnerability in Intel(R) Advanced Link Analyzer Standard Edition Software Installers Buffer Overflow Vulnerability in Intel(R) Optimization for Tensorflow Software Arbitrary File Upload and Execution Vulnerability in MicroEngine Mailform Privilege Escalation Vulnerability in Intel(R) ISPC Software Installers Arbitrary Media File Upload Vulnerability in Upload Resume WordPress Plugin JB Inquiry Form Unauthorized Access Vulnerability Hard-coded Credentials Vulnerability in SolarView Compact SV-CPT-MC310 Versions Prior to Ver.8.10 Uncontrolled Search Path Element Vulnerability in Intel(R) Server Information Retrieval Utility Software SolarView Compact SV-CPT-MC310 and SV-CPT-MC310F Download Page OS Command Injection Vulnerability XSS Vulnerability in Intel(R) DSA Software: Potential Privilege Escalation via Network Access Authentication Bypass Vulnerability in SoftEther VPN 4.41-9782-beta and 5.01.9674 Improper Access Control in Intel Optane PMem Software: Local Privilege Escalation Vulnerability Buffer Overflow Vulnerability in SolarView Compact SV-CPT-MC310 and SV-CPT-MC310F Versions Prior to Ver.8.10: Remote Code Execution Privilege Escalation Vulnerability in Intel(R) Optane(TM) SSD Firmware Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.2.0-beta SEIKO EPSON Printers/Web Config Cross-Site Request Forgery (CSRF) Vulnerability Remote Command Execution in SolarView Compact SV-CPT-MC310 and SV-CPT-MC310F Versions Prior to Ver.8.10 HTTP Response Smuggling Vulnerability in Apache HTTP Server via mod_proxy_uwsgi Jinja Templated Query Authorization Vulnerability in Apache Superset Session Validation Bypass in Apache Superset versions up to and including 2.0.1 Unauthorized Access to Metadata Information in Apache Superset 2.0.1 Unauthorized Resource Creation Vulnerability in Apache Superset 2.1.0 XML External Entity (XXE) Vulnerability in Shinseiyo Sogo Soft (7.9A) and Earlier Improper Link Resolution Vulnerability in Wacom Tablet Driver Installer for macOS Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.2.0-beta Rack Multipart MIME Parsing DoS Vulnerability Veeam Backup & Replication Vulnerability: Unauthorized Access to Encrypted Credentials TELNET Protocol Input Validation Vulnerability Curl SFTP Path Traversal Vulnerability FTP Connection Reuse Authentication Bypass Vulnerability Authentication Bypass Vulnerability in libcurl Connection Reuse Feature Double Free Vulnerability in libcurl <8.0.0 when Sharing HSTS Data Across Threads Authentication Bypass Vulnerability in libcurl: Reuse of Inappropriate SSH Connection Vulnerability: DNS Query Leakage in Cloudflare WARP Client for Windows Uncontrolled Resource Allocation Vulnerability in IBM Watson CP4D Data Stores 4.6.0 CVE-2023-27545 XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Denial of Service Vulnerability in IBM Db2 11.5 Denial of Service Vulnerability in IBM Counter Fraud Management for Safer Payments Weak Cryptographic Algorithms in IBM Counter Fraud Management for Safer Payments Privilege Escalation via Unquoted Service Path in IBM Db2 on Windows Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Critical SQL Injection Vulnerability in pimcore/customer-data-framework Prior to 3.3.10 Infinite Loop Vulnerability in Math/PrimeField.php Privilege Escalation Vulnerability in runc 1.1.4 via Incorrect Access Control Directory Traversal Vulnerability in n8n package 0.218.0 for Node.js Privilege Escalation Vulnerability in n8n Package 0.218.0 for Node.js n8n package 0.218.0 for Node.js Information Disclosure Vulnerability Out-of-Bounds Write Vulnerability in Live2D Cubism Editor 4.2.03 Kernel Crash Vulnerability in OpenBSD 7.2 via TCP Packet with Destination Port 0 SQL Injection Vulnerability in Spryker Commerce OS 0.9: Unauthorized Access to Sensitive Data via Customer/Order Search SQL Injection Vulnerability in eo_tags Package for PrestaShop Authorization Bypass and Cross-Site Scripting Vulnerability in Waiting: One-click countdowns plugin for WordPress SQL Injection Vulnerability in eo_tags Package for PrestaShop Unauthenticated Log File Download Vulnerability in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10 Reflected XSS Vulnerability in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10 Code Signing Vulnerability in ShadowsocksX-NG 1.10.0 Allows Injection of com.apple.security.get-task-allow Entitlements Account Takeover Vulnerability in phpList 3.6.14 Path Traversal Vulnerability in Flarum Forum Software (Versions prior to 1.7.0) Insufficient Permission Check in Galaxy Platform Allows Unauthorized Modification and Deletion of Visualizations and Pages FPE Vulnerability in TensorFlow tflite Model Construction with filter_input_channel Parameter Denial of Service Vulnerability in Contec CONPROSYS HMI System Versions 3.5.2 and Prior Insecure Password Storage Vulnerability in CodeIgniter Shield Insecure Parameter Usage in github-slug-action Allows Code Execution and Secret Exfiltration Authentication Bypass Vulnerability in maddy Mail Server (Versions 0.2.0 - 0.6.2) Hard-coded JWT Key Vulnerability in PanIndex Buffer Overflow Vulnerability in PJSIP DNS Resolver (CVE-2022-24793) CairoSVG Prior to Version 2.7.0 Vulnerability: Server-Side Request Forgery and Denial of Service Sensitive Information Disclosure in Error Messages Path Traversal Vulnerability in Hasura GraphQL Engine User Creation Vulnerability in Minio Object Storage Critical Vulnerability in TapHome's Core Platform Allows Unauthorized Password Changes and Device Takeover Stack-based buffer overflow vulnerability in Rizin 0.5.1 and prior versions when converting GDB registers profile files Unauthenticated Retrieval of Prometheus Metrics in Miniflux Arbitrary JavaScript Execution in Miniflux via Crafted RSS Feed Cilium Agent Pod Privilege Escalation Vulnerability Misattribution of Source IP Address in Cilium Routing for IPv6 Traffic Cilium Version 1.13.0 Vulnerability: Disruption of Connections and Network Policy Bypass OpenSIPS Malformed SDP Body Crash Vulnerability OpenSIPS SIP Server Segmentation Fault Vulnerability OpenSIPS Malformed Via Header Denial of Service Vulnerability OpenSIPS Malformed To Header Crash Vulnerability TapHome Core HandleMessageUpdateDevicePropertiesRequest SQL Injection Vulnerability OpenSIPS Denial of Service Vulnerability via Malformed SDP Body OpenSIPS Denial of Service Vulnerability Unrestricted File Upload Vulnerability in Apache Linkis <=1.3.1 Apache Linkis <=1.3.1 Zip Slip RCE Vulnerability Apache Airflow Sqoop Provider Vulnerability: Remote Code Execution via Connection Parameters SQL Injection Vulnerability in WP Reroute Email Plugin CSRF Vulnerability in Sajjad Hossain WP Reroute Email Plugin <= 1.4.6 CVE-2023-27607 CVE-2023-27608 SQL Injection Vulnerability in User Activity Log WordPress Plugin Transbank Webpay REST Plugin <= 1.6.6 - Authenticated SQL Injection Vulnerability CSRF Vulnerability in audrasjb Reusable Blocks Extended Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Paul Ryley Site Reviews Plugin <= 6.5.1 Unauthenticated Reflected XSS Vulnerability in MonitorClick Forms Ada – Form Builder Plugin <= 1.0 Cross-Site Scripting (XSS) Vulnerability in Ian Haycox Motor Racing League Plugin <= 1.9.9 CSRF Vulnerability in WP Super Minify Plugin <= 1.5.1 Unauthenticated Stored XSS Vulnerability in David F. Carr RSVPMaker Plugin (<= 10.6.6) Stored XSS Vulnerability in David F. Carr RSVPMaker Plugin <= 10.6.6 Stored Cross-Site Scripting (XSS) Vulnerability in AGILELOGIX Store Locator WordPress Plugin Macho Themes Regina Lite Theme <= 2.0.7 - Auth (subscriber+) Reflected XSS Vulnerability Use-After-Free Vulnerability in SOLIDWORKS Desktop SLDPRT File Reader Stored Cross-site Scripting (XSS) Vulnerability in RoboSoft Photo Gallery Plugin Stored XSS Vulnerability in MrDemonWolf Livestream Notice Plugin <= 1.2.0 Stored XSS Vulnerability in Abel Ruiz GuruWalk Affiliates Plugin CSRF Vulnerability in Jens Törnell WP Page Numbers Plugin <= 0.5 Marcelotorres Redirect After Login Plugin <= 0.1.9 - Authenticated Stored XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in eggemplo Woocommerce Email Report Plugin <= 2.4 Stored Cross-Site Scripting (XSS) Vulnerability in Webvitaly Sitekit Plugin <= 1.3 Stored Cross-Site Scripting (XSS) Vulnerability in Paul Ryley Site Reviews Plugin <= 6.5.1 Multiple Critical Vulnerabilities in SOLIDWORKS Desktop: DWG and DXF File Processing CVE-2023-27630 Stored Cross-Site Scripting (XSS) Vulnerability in mmrs151 Daily Prayer Time Plugin CSRF Vulnerability in mmrs151 Daily Prayer Time Plugin CSRF Vulnerability in Pixelgrade Customify Plugin Arbitrary File Upload Vulnerability in Shingo Intrepidity Plugin <= 1.5.1 Arbitrary Command Execution via Crafted .deb File in debmany (debian-goodies) 0.88.1 SQL Injection Vulnerability in tshirtecommerce Component for PrestaShop SQL Injection Vulnerability in tshirtecommerce (Custom Product Designer) Component 2.1.4 for PrestaShop Arbitrary File Access Vulnerability in tshirtecommerce Component 2.1.4 for PrestaShop Unauthenticated Modification of Data in Draw Attention WordPress Plugin Arbitrary File Disclosure in tshirtecommerce Component 2.1.4 for PrestaShop XSS Vulnerability in L-Soft LISTSERV 16.5 before 17 via REPORT Parameter in wa.exe Denial of Service Vulnerability in POWERAMP 925-bundle-play and Poweramp 954-uni Privilege Escalation Vulnerability in POWERAMP Audioplayer Local Denial of Service and Information Disclosure Vulnerability in DUALSPACE Lock Master v.2.2.4 T-ME Studios Change Color of Keypad v.1.275.1.277 Directory Traversal Arbitrary Code Execution Vulnerability Denial of Service Vulnerability in Trusted Tools Free Music v2.x.x.x Absolute Path Traversal Vulnerability in Weaver OA up to 9.5 (VDB-229270) Remote Code Execution Vulnerability in APUS Group Launcher v.3.10.73 and v.3.10.88 via FONT_FILE Parameter Privilege Escalation Vulnerability in Ego Studio SuperClean v.1.1.9 and v.1.1.5 Privilege Escalation and Denial of Service Vulnerability in Ego Studio SuperClean v.1.1.9 and v.1.1.5 Denial of Service Vulnerability in WHOv.1.0.28, v.1.0.30, v.1.0.32 via SharedPreference Files Privilege Escalation Vulnerability in WHOv.1.0.28, v.1.0.30, v.1.0.32 via TTMultiProvider Component Remote Code Execution Vulnerability in Weaver OA 9.5 Cross-Site Scripting (XSS) Vulnerability in Auto Dealer Management System v1.0 SQL Injection Vulnerability in Auto Dealer Management System v1.0 Stored Cross-Site Scripting Vulnerability in WordPress File Upload and WordPress File Upload Pro Plugins Cross-Site Scripting (XSS) Vulnerability in Sucms 1.0 (admin_ads.php?action=add) Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Exam System 1.0 Arbitrary File Deletion Vulnerability in MuYuCMS v2.2 Arbitrary File Deletion Vulnerability in MuYuCMS v2.2 Critical Information Leak Vulnerability Found in pikpak v1.29.2 for Android Regular Expression Denial of Service (ReDoS) Vulnerability in Void Tools Everything v1.4.1.1022 and Below Buffer Overflow Vulnerability in APNG_Optimizer v1.4 via /apngopt/ubuntu.png Insecure Storage of Biometric Keys in Bitwarden Windows Desktop Application Arbitrary Code Execution via SQL Injection in DedeCMS v.5.7.106 Arbitrary Code Execution via SQL Injection in DedeCMS v.5.7.106 Critical SQL Injection Vulnerability in SourceCodester Online Exam System 1.0 (VDB-229277) Arbitrary Code Execution via Comment Manager in Typecho v.1.2.0 Privilege Escalation Vulnerability in freakchicken kafkaUI-lite 1.2.11 Stack Overflow Vulnerability in D-Link DIR878 1.30B08: Potential DoS and Code Execution Stack Overflow Vulnerability in D-Link DIR878 1.30B08: Potential DoS and Code Execution Critical SQL Injection Vulnerability in SourceCodester Budget and Expense Tracker System 1.0 Stack Overflow Vulnerability in D-Link DIR878 1.30B08: Potential DoS and Arbitrary Code Execution Segmentation Violation Vulnerability in Nginx NJS v0.7.10 Segmentation Violation Vulnerability in Nginx NJS v0.7.10 Illegal memcpy vulnerability in Nginx NJS v0.7.10 Critical SQL Injection Vulnerability in Bus Dispatch and Information System 1.0 (VDB-229279) Segmentation Violation Vulnerability in Nginx NJS v0.7.10 SQL Injection Vulnerability in DedeCMS v5.7.106 via /dede/sys_sql_query.php Component Denial of Service Vulnerability in Eteran edb-debugger v.1.3.0 XSS Vulnerability in easyXDM 2.5 via xdm_e Parameter Critical SQL Injection Vulnerability in Bus Dispatch and Information System 1.0 (CVE-2021-229280) SQL Injection Vulnerability in IDURAR ERP/CRM v1 via /api/login Component Vertical Privilege Escalation Vulnerability in South River Technologies TitanFTP NextGen Server Privilege Escalation Vulnerability in South River Technologies TitanFTP Before v2.0.1.2102 Weak Default Passphrase in BlackVue DR750-2CH LTE v.1.012_2022.10.26 Unauthenticated Access to Sensitive Information in BlackVue DR750-2CH LTE v.1.012_2022.10.26 Firmware Upload Vulnerability in BlackVue DR750-2CH LTE v.1.012_2022.10.26 Critical SQL Injection Vulnerability in Bus Dispatch and Information System 1.0 (VDB-229281) Stack-Overflow Vulnerability in vox2mesh 1.0's main.cpp Arbitrary File Download Vulnerability in go-bbs v1 via /api/v1/download Component Arbitrary Code Execution via File Upload in PerfreeBlog v3.1.1 Remote Code Execution Vulnerability in Wondershare Edrawmind v.10.0.6 Critical Unrestricted Upload Vulnerability in Simple Photo Gallery 1.0 (VDB-229282) Remote Code Execution Vulnerability in Wondershare Filmora v.12.0.9 Remote Code Execution Vulnerability in Wondershare UniConverter v14.0.0 Arbitrary Command Execution Vulnerability in Wondershare DemoCreator v6.0.0 Arbitrary Command Execution Vulnerability in Wondershare MobileTrans v.4.0.2 Remote Code Execution Vulnerability in Wondershare Repairit v.3.5.4 Remote Code Execution Vulnerability in Wondershare Recoverit v.10.6.3 Remote Code Execution Vulnerability in Wondershare Technology Co.,Ltd Anireel 1.5.4 Remote Code Execution Vulnerability in Wondershare Dr.Fone v.12.4.9 Remote Code Execution Vulnerability in Wondershare PDFelement v9.1.1 Remote Code Execution Vulnerability in Wondershare PDF Reader v.1.0.1 Remote Code Execution Vulnerability in Wondershare Edraw-max v.12.0.4 Remote Code Execution Vulnerability in Wondershare Creative Center v.1.0.8 Segmentation Violation Vulnerability in libiec61850 v1.5.1 Stored HTML Injection Vulnerability in LiveAction LiveSP v21.1.2 Allows Arbitrary Code Execution Stored XSS Vulnerability in Online Jewelry Shop v1.0 Allows Arbitrary Code Execution via Category Name Parameter Arbitrary Script Execution Vulnerability in Online Jewelry Shop v1.0 SQL Injection Vulnerability in AM Presencia v3.7.3 Login Form Denial-of-Service Vulnerability in Rockwell Automation FactoryTalk Transaction Manager Heap Overflow Vulnerability in jpegoptim v1.5.2's Optimize Function Denial of Service Vulnerability in TCPreplay tcprewrite v.4.4.3 Denial of Service Vulnerability in TCPReplay v.4.4.3 via read_hexstring Function Denial of Service Vulnerability in TCPreplay TCPprep v.4.4.3 via parse endpoints function Denial of Service Vulnerability in TCPprep v.4.4.3 via macinstring Function Denial of Service Vulnerability in TCPprep v.4.4.3 via parse_list function at list.c:81 Denial of Service Vulnerability in TCPrewrite v.4.4.3 via ports2PORT Function Denial of Service Vulnerability in TCPprep v.4.4.3 via cidr2cidr Function Reflected Cross-Site Scripting Vulnerability in Social Share, Social Login, and Social Comments WordPress Plugin Insecure PRNG Privilege Escalation Vulnerability in IXP Data Easy Install 6.6.148840 Privilege Escalation Vulnerability in IXP Data Easy Install v.6.6.14884.0 Privilege Escalation Vulnerability in IXP Data Easy Install v.6.6.14884.0 Privilege Escalation Vulnerability in IXP Data Easy Install v.6.6.14884.0 via Static XOR Key Multiple Command Injection Vulnerabilities in RG-EW Series Wireless Routers GitHub Repository Path Traversal Vulnerability in mlflow/mlflow (prior to 2.3.1) Stack Overflow Vulnerability in H3C Magic R100 R100V100R005.bin via DelDNSHnList Interface Stack Overflow Vulnerability in H3C Magic R100 R100V100R005.bin via EditvsList Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005.bin via EdittriggerList Interface Stack Overflow Vulnerability in H3C Magic R100 R100V100R005.bin via DelvsList Interface Stack Overflow Vulnerability in H3C Magic R100 R100V100R005.bin via EditSTList Interface H3C Magic R100 R100V100R005.bin Stack Overflow Vulnerability via ipqos_lanip_dellist Interface Stack Overflow Vulnerability in H3C Magic R100 R100V100R005.bin via Delstlist Interface Stack Overflow Vulnerability in H3C Magic R100 R100V100R005.bin via DeltriggerList Interface Authentication Bypass Vulnerability in User Email Verification for WooCommerce Plugin H3C Magic R100 R100V100R005.bin Stack Overflow Vulnerability via ipqos_lanip_editlist Interface Arbitrary File Deletion Vulnerability in bloofox v0.5.2 Improper Authorization Leads to Sensitive Information Disclosure in Acronis Cyber Infrastructure (ACI) Remote Code Execution (RCE) Vulnerability in Databasir v1.0.7 via mockDataScript Parameter Authentication Bypass Vulnerability in Optoma 1080PSTX C02 Allows Unauthorized Access SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 OS Command Injection Vulnerability Unverified Secret in Mattermost Apps Framework Allows Post Modification Privilege Escalation via File Transfer in TightVNC Command Injection Vulnerability in TP-Link TL-WPA8630P (US)_ V2_ Version 171011 Command Injection Vulnerability in TP-Link TL-WPA8630P (US)_ V2_ Version 171011 Unauthenticated Install Requests in Mattermost Apps Arbitrary Code Execution Vulnerability in eXtplorer File Manager v.2.1.15 SQL Injection Vulnerability in PrestaShop AskForAQuote v.5.4.2 and Earlier: Remote Privilege Escalation via QuotesProduct::deleteProduct PrestaShopleurlrewrite v.1.0 SQL Injection Vulnerability SQL Injection Vulnerability in PrestaShop Lekerawen_OCS (before v.1.4.1) Allows Remote Privilege Escalation SQL Injection Vulnerability in PrestaShop Themevolty v.4.0.8 and Earlier: Remote Privilege Escalation via Multiple Components SQL Injection Vulnerability in PrestaShop XIPBlog v.2.0.1 and Earlier Allows Remote Privilege Escalation Remote Code Execution (RCE) Vulnerability in broccoli-compass v0.2.4 via child_process Function Remote Code Execution (RCE) Vulnerability in rails-routes-to-json v1.0.0 via child_process Function PostgreSQL Error Log Truncation Vulnerability in Mattermost Arbitrary File Access Vulnerability in NETGEAR Nighthawk WiFi6 Router Arbitrary Code Execution Vulnerability in NETGEAR Nighthawk WiFi6 Router (prior to V1.0.10.94) Buffer Overflow Vulnerability in NETGEAR Nighthawk WiFi6 Router (CVE-2021-xxxxx) Format String Vulnerability in NETGEAR Nighthawk WiFi6 Router SOAP Service Memory Buffer Overflow Vulnerability in Arena Simulation Allows Unauthorized Code Execution Path Traversal Vulnerability in Rockwell Automation's ThinManager ThinServer Path Traversal Vulnerability in Rockwell Automation's ThinManager ThinServer Heap-based Buffer Over-read Vulnerability in Rockwell Automation's ThinManager ThinServer Arbitrary Code Execution Vulnerability in Rockwell Automation Arena Simulation Arbitrary Code Execution Vulnerability in IBM Db2 Command Execution Vulnerability in Mattermost Allows Unauthorized Posting in Channels Sensitive Information Disclosure in IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 Cleartext Transmission of Sensitive Information in IBM Maximo Application Suite SMB Credential Exposure in IBM Spectrum Protect Plus Server 10.1.13 HTML Injection Vulnerability in IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 Remote Code Execution via JNDI Injection in IBM Informix JDBC Driver 4.10 and 4.50 JNDI Injection Vulnerability in IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 Arbitrary Code Execution Vulnerability in IBM Db2 JDBC Driver Remote Code Execution Vulnerability in IBM Db2 JDBC Driver Arbitrary Post Access Vulnerability in Mattermost Message Threads API Vulnerability in IBM Spectrum Virtualize 8.5 Allows Disclosure of Sensitive Credential Information IBM Aspera Faspex 4.4.2 SQL Injection Vulnerability IBM Aspera Faspex 4.4.2 XML Input Vulnerability XML External Entity Injection (XXE) Vulnerability in IBM Aspera Faspex 4.4.2 Improper Access Controls in IBM Aspera Faspex 5.0.4 Allow Credential Manipulation XML External Entity Injection (XXE) Vulnerability in IBM TRIRIGA 4.0 Insecure Password Policy in IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 Intel Optane SSD Firmware Vulnerability: Unauthorized Information Disclosure via Physical Access Mattermost Admin Account Deactivation Bypass via OAuth2 Arbitrary File Upload Vulnerability Heap-based Buffer Overflow in Weston Embedded uC-HTTP v3.01.01 HTTP Server Form Boundary Functionality Unauthenticated OS Command Injection Vulnerability in Osprey Pump Controller Version 1.01 BIOS Firmware Vulnerability in Intel(R) NUCs Enables Local Information Disclosure Arbitrary Script Injection Vulnerability in Joruri Gw Ver 3.2.5 and Earlier CSRF Vulnerability in LIQUID SPEECH BALLOON Versions Prior to 1.2 Denial of Service Vulnerability in GNU cflow 1.7 (VDB-229373) XSS Vulnerability in Export User Plugin for MyBB (Unsupported Versions) OAuth Application Authorization Vulnerability in Rami.io Pretix Buffer Overflow and Memory Disclosure Vulnerability in ShapeShift KeepKey Hardware Wallet Firmware Unauthorized Remote Execution Vulnerability in SAP Solution Manager and ABAP Managed Systems Arbitrary CMS Parameter Injection in SAP BusinessObjects Business Intelligence Platform SAP Authenticator for Android - Screen Capture Vulnerability Remote Code Execution Vulnerability in SAP BusinessObjects Business Intelligence Platform Unauthorized Function Execution in SAP CRM Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Plugin Version Error Message Arbitrary Code Execution via Insecure Plugin Upload in Jenkins TOTOLINK N200RE 9.3.5u.6255_B20211224 Telnet Service Password Disclosure Vulnerability Denial of Service Vulnerability in Jenkins 2.393 and Earlier Unrestricted Request Parts in Jenkins LTS Versions Prior to 2.375.3 and Jenkins Versions Prior to 2.393 Jenkins Vulnerability: Unauthorized Access to Job Workspace Contents Jenkins File Upload Vulnerability Information Disclosure Vulnerability in Jenkins Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Update-Center2 3.13 and 3.14 Out-of-Bounds Read Vulnerability in USD File Parsing Leading to Code Execution Out-of-Bounds Write Vulnerability in USD File Parsing Allows Code Execution Boundary Write Vulnerability in Autodesk Installer Allows Privilege Escalation Code Execution and Information Disclosure Vulnerability in Autodesk® FBX® SDK 2020 and Prior Versions Arbitrary Channel Post Editing Vulnerability in Mattermost Playbook API Stack Buffer Overflow Vulnerability in Autodesk® FBX® SDK 2020 or Prior: Exploiting a Malicious FBX File FBX File Heap Buffer Overflow Vulnerability: Code Execution Risk Autodesk AutoCAD 2023 Out-of-Bound Read Vulnerability Autodesk AutoCAD 2023 Integer Overflow Vulnerability Autodesk AutoCAD 2023 Stack Buffer Overflow Vulnerability Autodesk AutoCAD 2023 Memory Corruption Vulnerability Font File Parsing Vulnerability OS Command Injection Vulnerability in CONPROSYS IoT Gateway Products Cross-Site Scripting Vulnerability in Amelia WordPress Plugin (Versions Prior to 1.0.76) NEXT ENGINE Integration Plugin Authentication Bypass Vulnerability Arbitrary Message Content Disclosure in Mattermost via /groupmsg Command System Date/Time Manipulation Vulnerability in SolarView Compact SV-CPT-MC310 Versions Prior to Ver.8.10 Hard-coded Cryptographic Key Vulnerability in JINS MEME CORE Firmware Arbitrary Script Injection Vulnerability in Newsletter Versions Prior to 7.6.9 Arbitrary Script Injection Vulnerability in VK Blocks 1.53.0.1 and Earlier Arbitrary Script Injection Vulnerability in VK Blocks 1.53.0.1 and Earlier Arbitrary Script Injection in VK All in One Expansion Unit 9.88.1.0 and Earlier Cleartext Password Exposure in SMTP Authentication Improved Private Data Redaction for Log Entries in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4: Addressing Privacy Vulnerability Improper Input Validation Leads to Memory Disclosure in macOS Ventura 13.3 and iOS 16.4 Mattermost Link Validation Vulnerability Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Vulnerability Patched: User-Sensitive Data Access in macOS and iOS Same Origin Policy Bypass in macOS Ventura 13.3, Safari 16.4, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4 Privilege Escalation Vulnerability in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4 Memory Initialization Vulnerability in macOS Ventura and macOS Monterey Improper Bounds Checking Leading to Remote Code Execution in macOS Vulnerability: Out-of-Bounds Write Leading to System Termination and Kernel Memory Corruption Integer Overflow Vulnerability in Plist Parsing Leading to Arbitrary Code Execution GarageBand for macOS 10.4.8 MIDI File Parsing Vulnerability Improper Input Validation Leads to Memory Disclosure in macOS Ventura 13.3 CVE-2023-2794 Sandboxed App Network Observation Vulnerability Kernel Memory Disclosure Vulnerability Patched in macOS and iOS Updates Vulnerability Patched: User-Sensitive Data Access by App Improper Quarantine Flag Application in macOS and iOS Sandbox Escape Vulnerability in macOS Improved Entitlements to Prevent System Log Collection in Sandboxed Apps Improper Bounds Checking in macOS and iOS Leads to Arbitrary Code Execution Improper Input Validation Leads to Memory Disclosure in macOS Ventura 13.3 Improper Input Validation Leads to Memory Disclosure in macOS Ventura 13.3 Improper Input Validation Leads to Arbitrary Code Execution in macOS and iOS Stored Cross-Site Scripting Vulnerability in CodeColorer WordPress Plugin Improper Input Validation Leads to Memory Disclosure in macOS Ventura 13.3 Gatekeeper Bypass Vulnerability in macOS Race Condition Vulnerability Fixed in macOS Ventura 13.3 Allowing App Bypass of Gatekeeper Checks Memory Handling Vulnerability in macOS Ventura 13.3, macOS Monterey 12.6.4, and macOS Big Sur 11.7.5 Origin Information Leak Vulnerability Arbitrary File Read Vulnerability in macOS and iOS Memory Disclosure Vulnerability in macOS, iOS, iPadOS, tvOS, and watchOS Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Memory Handling Vulnerability in macOS Ventura 13.3, macOS Monterey 12.6.4, and macOS Big Sur 11.7.5 Memory Handling Vulnerability Allows Arbitrary Code Execution with Kernel Privileges in iOS 16.4 and iPadOS 16.4 Unauthenticated Access to Private and Password Protected Events in EventON WordPress Plugin Elevated Privileges Vulnerability in GarageBand for macOS 10.4.8 Calendar Invitation Exfiltration Vulnerability File System Modification Vulnerability in macOS Shortcut Vulnerability: Unauthorized Access to Sensitive Data AirPods Firmware Update 5E133 Fixes Authentication Vulnerability Memory Corruption Vulnerability in macOS Ventura 13.3 and Studio Display Firmware Update 16.4 macOS Ventura 13.3 Patch: Sandbox Escape Vulnerability Fixed Memory Handling Vulnerability in Xcode 14.3 Allows Arbitrary Code Execution Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Arbitrary Code Execution Vulnerability in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4 Code Leakage Vulnerability in Mattermost: Exploiting Unsanitized Code Permalinks Arbitrary Code Execution Vulnerability in iOS and iPadOS 16.4 HP LaserJet Pro Print Products: Buffer Overflow and Elevation of Privilege Vulnerability HP LaserJet Pro Print Products: Buffer Overflow and Remote Code Execution Vulnerability Heap Overflow and Remote Code Execution Vulnerability in HP LaserJet Pro Print Products Password Auto-fill Vulnerability in Bitwarden EcoStruxure Control Expert: Insufficiently Protected Credentials Vulnerability Remote Code Execution Vulnerability in EcoStruxure Control Expert (V15.1 and above) Insufficient Verification of Data Authenticity in IGSS Data Server: File Deletion Vulnerability Deserialization of Untrusted Data Vulnerability in IGSS Dashboard Module File Renaming Vulnerability in IGSS Data Server Denial of Service Vulnerability in HtmlUnit Missing Authentication for Critical Function Vulnerability in IGSS Data Server TCP Interface Remote Code Execution Vulnerability in Custom Reports Remote Code Execution Vulnerability in IGSS Data Server and Dashboard Missing Authentication for Critical Function in IGSS Data Server TCP Interface: Report Deletion Vulnerability Remote Code Execution Vulnerability in Custom Reports Shell command injection vulnerability in emacsclient-mail.desktop in Emacs 28.1 through 28.2 Emacs 28.1-28.2: Vulnerability in emacsclient-mail.desktop Allows Emacs Lisp Code Injection Default Token Vulnerability in Apache Linkis <=1.3.1 Zyxel NAS326 Firmware Pre-Auth Command Injection Vulnerability Buffer Overflow Vulnerability in Zyxel NR7101 Firmware Allows Remote DoS Attacks Hard-coded Password Vulnerability in cnoa OA up to 5.1.1.5 Stored Cross-Site Scripting (XSS) Vulnerability in Zyxel ATP and USG Series Firmware Post-Authentication Command Injection Vulnerability in Zyxel ATP and USG Series Firmware Pre-Authentication Command Injection Vulnerability in Zyxel NAS326, NAS540, and NAS542 Firmware Arbitrary Directory Deletion Vulnerability in Fortinet FortiADC Arbitrary Code Execution Vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 FortiOS and FortiProxy Heap-Based Buffer Overflow Vulnerability Custom Error Pages Vulnerability in FortiPresence Command Injection Vulnerability in FortiADC 7.2.0 and 7.1.0 through 7.1.1 Insecure Temporary File Vulnerability in huggingface/transformers GitHub Repository Command Injection Vulnerability in FortiADC CLI Insufficient Session Expiration in Fortinet FortiOS REST API FortiOS and FortiProxy Local Privilege Escalation Vulnerability Insufficient Session Expiration in PME Allows Unauthorized Access Ethernet Request Array Index Vulnerability Vulnerability: Bypassing Microsoft Windows Secure Boot in Trend Micro Endpoint Encryption Full Disk Encryption Insecure Cryptographic Algorithm in OSD Bare Metal Server XML External Entity Injection (XXE) Vulnerability in HCL Workload Automation 9.4, 9.5, and 10.1 XML External Entity Injection (XXE) Vulnerability in HCL Workload Automation Vulnerability: Denial of Service (DoS) through Mixed Queries in Grafana Exposure of Domino Server Host Name: A Potential Target for Future Attacks Command Injection Vulnerability in HCL BigFix Mobile Allows Arbitrary Shell Command Execution Reflected Cross Site Scripting (XSS) Vulnerability in HCL Verse Cross-Site Scripting Vulnerability in HCL BigFix Mobile Application User Account Enumeration Vulnerability in HCL Domino AppDev Pack IAM Service Host Header Injection Vulnerability in HCL BigFix OSD Bare Metal Server (Version 311.12 or Lower) Allows Redirect to Attacker-Controlled Domain Cross-Site Scripting (XSS) Vulnerability in HCL Connections HCL Connections Denial of Service Vulnerability SQL Injection Vulnerability in Bigfix WebUI API App Site Version < 14 Stored Cross-Site Scripting Vulnerability in Ultimate Addons for Contact Form 7 WordPress Plugin URL Redirection Vulnerability in HCL BigFix WebUI Login Page Weak Cipher Suites in BigFix WebUI Improper Request Data Handling in HCL Connections Leads to Information Disclosure Vulnerability Server-side File Access Vulnerability in BigFix WebUI Software Distribution Interface Stored XSS Vulnerability: SVG Tag Injection Leading to Cookie Disclosure Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Reflected Cross-Site Scripting Vulnerability in Ultimate Addons for Contact Form 7 WordPress Plugin Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Heap-based Buffer Overflow in libjpeg-turbo's h2v2_merged_upsample_internal() Function Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Information Disclosure Vulnerability in Dell SCG 5.14 Upgrade Path Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Missing Encryption of Sensitive Data in Dell CloudIQ Collector Version 1.10.2 Arbitrary File Deletion Vulnerability in Dell Display Manager Arbitrary Code Execution Vulnerability in Dell Display Manager Arbitrary Folder Deletion Vulnerability in Dell Command | Monitor SQL Injection Vulnerability in SupportCandy WordPress Plugin Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Improper Access Control Vulnerability in Dell Power Manager Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Deprecated Cryptographic Algorithms in Dell NetWorker Virtual Edition SSH Component Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell NetWorker Version 19.7 Improper Authorization Vulnerability Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification XML External Entity (XXE) Reference Vulnerability in Weaver e-cology up to 9.0 Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Improper Access Control Vulnerability in Dell PPDM Versions 19.12, 19.11, and 19.10 Dell BIOS Signed to Unsigned Conversion Error Vulnerability Dell BIOS Out-of-bounds Write Vulnerability: Denial of Service Exploit Insecure Operation on Windows Junction / Mount Point Vulnerability in Dell Command | Update, Dell Update, and Alienware Update Improper Access Control Vulnerability in Dell OS Recovery Tool Improper Folder Permission Vulnerability in Dell Command Monitor Open Redirect Vulnerability in Dell Streaming Data Platform Pandora FMS Password Reset Authentication Bypass Vulnerability Improper Access Control Vulnerability in Alienware Command Center Application Insecure Operation on Windows Junction / Mount Point Vulnerability in Dell Command | Update, Dell Update, and Alienware Update Dell Alienware Command Center Untrusted Data Deserialization Vulnerability Dell BIOS Improper Authentication Vulnerability: Privilege Escalation Exploit Time-of-check Time-of-use Vulnerability in Dell BIOS Allows Arbitrary Code Execution Broken Cryptographic Algorithm Vulnerability in CloudLink 7.1.2 and Prior Versions Dell BSAFE SSL-J Debug Message Disclosure Vulnerability ZeroMQ Vulnerability in Dell OS10 Networking Switches with VLT Configuration Insecure File and Folder Permissions in PowerPath for Windows 7.x Mattermost Link Preview Bypass Vulnerability DLL Hijacking Vulnerabilities in PowerPath for Windows Versions 7.0, 7.1 & 7.2: Privilege Escalation and Arbitrary Code Execution Hermes Bytecode Optimization Bug Allows Use-After-Free and Arbitrary Code Execution Remote Cross-site Scripting Vulnerability in HPE Integrated Lights-Out (iLO) Authentication Token Exposure in HPE OneView and HPE OneView Global Dashboard Appliance Dumps HPE OneView Global Dashboard Appliance Dump Vulnerability HPE OneView Appliance Dump Vulnerability: Exposing Proxy Credential Settings Critical Vulnerability: HPE OneView Appliance Dump Exposes User Accounts HPE OneView Appliance Dump Vulnerability: Exposing SAN Switch Administrative Credentials Vulnerability: Exposed FTP Credentials in HPE OneView Appliance Dump for c7000 Interconnect Modules Plaintext Credential Extraction Vulnerability in Sage 200 Spain 2023.38.001 HPE OneView Appliance SNMPv3 Read Credentials Exposure Vulnerability Information Exposure Vulnerability in HPE OneView Virtual Appliance Physical Access Exploit Vulnerability in HPE ProLiant RL300 Gen11 Server Unsigned Binary Execution Vulnerability Default Credentials Vulnerability in Pega Platform Versions 7.4 through 8.8.x Potential Denial of Service Vulnerability in OpenSIPS Server (Versions prior to 3.1.7 and 3.2.4) Memory Leak in OpenSIPS Prior to Versions 3.1.8 and 3.2.5 OpenSIPS Segmentation Fault Vulnerability OpenSIPS Authorization Header Parsing Vulnerability OpenSIPS SIP Server Crash Vulnerability Flatpak Virtual Console Text Copy Vulnerability Flatpak Vulnerability: Hidden Elevated Permissions in Command-Line Interface Command Injection Vulnerability in discordrb Denial of Service and Object.prototype Modification Vulnerability in matrix-react-sdk Denial of Service Vulnerability in silverstripe/graphql 4.2.2 and 4.1.1 ZipSlip Path Traversal Vulnerability in go-used-util (Versions < 0.0.34) Cross-Site Scripting (XSS) Vulnerability in Pimcore Prior to Version 10.5.19 Multiple Backup Requests Denial of Service Vulnerability in Discourse Improper Quoting in UUID DAO Model in Pimcore Domain Hijacking Vulnerability in Play With Docker Stored Cross-Site Scripting Vulnerability in AI ChatBot WordPress Plugin Koko Unauthorized Access and Command Execution Vulnerability IPv4-mapped IPv6 Address Bypass Vulnerability in Discourse SSRF Vulnerability in Discourse Prior to 3.1.0.beta3 Insecure Diffie-Hellman Key Validation in russh SSH Library (Versions 0.34.0 - 0.36.1) Vulnerability: Privilege Escalation in `cilium-cli` Cluster Mesh Configuration PHAR Deserialization Vulnerability in Snappy PHP Library Out-of-Bounds Write Vulnerability in Contiki-NG BLE L2CAP Module Sensitive Cookie Leakage in Sentry SDK Django Integration Memory Exhaustion and Crash Vulnerability in kaml (prior to version 0.53.0) Unbounded Input Size in crewjam/saml go library (CVE-2021-12345) Stored Cross-Site Scripting Vulnerability in Ultimate Dashboard WordPress Plugin Unauthenticated Remote Code Execution in WooCommerce Payments Plugin Local Privilege Escalation (LPE) Vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) UI Desktop for Windows: VPN Credential Hijacking Vulnerability Symmetric Encryption Vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) Improper Authentication Vulnerability in Avalanche Premise Versions 6.3.x and Below Authentication Bypass Vulnerability in Avalanche Versions 6.3.x and Below Path Traversal Vulnerability in Avalanche 6.3.x and Below: Potential Information Disclosure Unrestricted File Upload Vulnerability in Avalanche Versions 6.3.x and Below Local Privilege Escalation in DSM 2022.2 SU2 and Prior Versions Multiple WordPress Themes Vulnerable to XSS via Search Box Reflection Privilege Escalation Vulnerability in Gaia Portal Hostnames Page Account Takeover and Credential Theft Vulnerability in Expo.io Framework Check Point Endpoint Security Client (E87.30) Local Privilege Escalation via Crafted OpenSSL Configuration File Privilege Escalation Vulnerability in Check Point Harmony Endpoint/ZoneAlarm Extreme Security Cross-Site Scripting (XSS) Vulnerability in SourceCodester Class Scheduling System 1.0 Executable Hijacking Vulnerability in Qualys Cloud Agent for Windows NTFS Junction Vulnerability in Qualys Cloud Agent for Windows Privilege Escalation Vulnerability in Qualys Cloud Agent for Windows Local Privilege Escalation Vulnerability in Qualys Cloud Agent for macOS Privilege Escalation Vulnerability in KDAB Hotspot 1.3.x and 1.4.x Improper GPU Processing Operations Vulnerability in Arm Mali GPU Kernel Driver Critical SQL Injection Vulnerability in SourceCodester Online Jewelry Store 1.0 (VDB-229429) XML External Entity (XXE) Injection in Independentsoft JODF API via Remote DTD in DOCX File XML External Entity (XXE) Injection in Independentsoft JSpreadsheet API via Remote DTD in DOCX File XML External Entity (XXE) Injection in Independentsoft JWord API Vulnerability: Bypassing Parental Control Restrictions via Android Safe Mode Cross-Realm Object Access Vulnerability in Webpack 5 SSRF Bypass via Cross-Protocol Redirect in Outdated Request Package Stored XSS Privilege Escalation: Exploiting File Upload Service for Admin Access Hidden Fullscreen Notification Vulnerability in Firefox for Android Unauthorized Patching of Remote Proxies via Consul and Consul Enterprise Path Leakage Vulnerability in Firefox < 111 Persistent Cross-Origin Camera Access Vulnerability Type Casting Vulnerability in AudioWorklets Implementation Windows Environment Variable Resolution Vulnerability in Firefox Cross-Origin Dragging Vulnerability Unauthenticated Reflected XSS Vulnerability in Aakif Kadiwala Tags Cloud Manager Plugin <= 1.0.0 CSRF Vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA Plugin Stored XSS Vulnerability in CoreFortress Easy Event Calendar Plugin <= 1.0 Post-Authentication Stored Cross-Site Scripting Vulnerability in Craft CMS Versions <= 4.4.11 Unrestricted File Upload Vulnerability in Themely Theme Demo Import Stored Cross-Site Scripting (XSS) Vulnerability in WP Chill Brilliance Theme <= 1.3.1 CSRF Vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS CSRF Vulnerability in Amit Agarwal Google XML Sitemap for Images Plugin Stored Cross-Site Scripting (XSS) Vulnerability in eLightUp eRocket Plugin <= 1.2.4 Bosch VMS SSH Server Improper Authorization Vulnerability Critical Memory Corruption Vulnerability in Firefox and Thunderbird Versions < 111 Critical Memory Corruption Vulnerability in Firefox 110 Privacy Preference Bypass Vulnerability Fixed in Latest Apple Updates Improved Memory Handling in macOS Ventura 13.3: Addressing AppleScript Binary Vulnerability Insecure Filesystem Permission Vulnerability in Windows Insider Threat Management Agent Improved Memory Handling to Prevent Denial-of-Service Vulnerability in macOS Ventura 13.3 Arbitrary Code Execution Vulnerability in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4 Vulnerability: Spoofing of EAP-only VPN Server in Privileged Network Position Integer Overflow Vulnerability Patched in Multiple Apple Operating Systems Denial-of-Service Vulnerability Fixed in macOS Ventura 13.3 Improved Input Validation in macOS Ventura 13.3 Fixes Remote Denial-of-Service Vulnerability Vulnerability Patched: Information Disclosure in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5 Stored Cross-Site Scripting Vulnerability in Proofpoint Threat Response/Threat Response Auto Pull (PTR/TRAP) Sources UI Privacy Vulnerability Patched in macOS Ventura 13.3: App Access to User-Sensitive Data Privacy Bypass Vulnerability Patched in Multiple Apple Operating Systems Sensitive Location Information Exposure Vulnerability Home Screen Bookmark Creation Vulnerability Improved Private Data Redaction for Log Entries in macOS Ventura 13.3: Addressing App's Ability to Access Sensitive Location Information Sandbox Restrictions Patched to Address User Data Access Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS Kernel Memory Disclosure Vulnerability in macOS Ventura 13.3 Information Disclosure Vulnerability in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) Allows Credential Theft Kernel Memory Disclosure Vulnerability Patched in macOS and iOS Updates Improved State Management Vulnerability in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4 Ineffective App Firewall Setting Persistence Vulnerability Contact Access Vulnerability Patched in Apple Music 4.2.0 for Android Out-of-Bounds Read Vulnerability in Apple Devices Use After Free Vulnerability in Apple Safari and iOS Arbitrary Code Execution Vulnerability in macOS and iOS eSIM Logic Issue Allows Texts from Secondary eSIM Despite Primary eSIM Configuration Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Windows ALPC Elevation of Privilege Vulnerability Windows NAT DoS Vulnerability Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in Ellucian Ethos Identity up to 5.10.5 Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Windows Error Reporting Service Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability DNSploit: Exploiting the Windows Domain Name Service for Remote Code Execution Windows PPPoE Remote Code Execution Vulnerability Windows NTLM Privilege Escalation Vulnerability Windows Enroll Engine Security Bypass Vulnerability BlueBleed: Exploiting the Windows Bluetooth Driver for Remote Code Execution Windows Identity Spoofing Vulnerability CNG Key Isolation Service Privilege Escalation Vulnerability Critical SQL Injection Vulnerability in SourceCodester Class Scheduling System 1.0 (CVE-2021-229597) Exploiting the DHCP Server Service for Remote Code Execution Pervasive Windows PPTP Remote Code Execution Vulnerability Windows Secure Channel DoS Vulnerability Windows Secure Channel DoS Vulnerability Lock Screen Bypass Vulnerability in Windows Operating System Windows Kernel Privilege Escalation Vulnerability Windows Kernel Remote Code Execution: A Critical Security Vulnerability IKE Protocol Extensions Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Dental Clinic Appointment Reservation System 1.0 Windows Network Load Balancing RCE Vulnerability Windows SSTP Denial of Service Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Kerberos Privilege Escalation Vulnerability in Windows Windows Registry Privilege Escalation Vulnerability Windows Network File System (NFS) Information Disclosure Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Boot Manager Secure Boot Bypass Vulnerability Path Traversal Vulnerability in GitLab CE/EE 16.0.0 Allows Unauthorized File Access in Public Projects with Nested Groups PGM Remote Code Execution Vulnerability in Windows Windows Driver Revocation List Security Bypass Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Kernel Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Cross-Site Scripting (XSS) Vulnerability in SourceCodester Class Scheduling System 1.0 (search_teacher_result.php) .NET DLL Hijacking: A Gateway to Remote Code Execution Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Exploiting Visual Studio's Elevation of Privilege Vulnerability Visual Studio Code Execution Vulnerability Windows Common Log File System Driver Information Leakage Vulnerability Exposed Remote Desktop Protocol Client Information Vulnerability Netlogon RPC Privilege Escalation Vulnerability Windows Boot Manager Secure Boot Bypass Vulnerability Unvalidated JSON Web Token (JWT) Signature in SAP Plant Connectivity and Production Connector Lock Screen Bypass Vulnerability in Windows Operating System Windows Kernel Memory Leak Vulnerability Windows Kernel Privilege Escalation Vulnerability Clip Service Privilege Escalation Vulnerability in Windows Windows Win32k Privilege Escalation Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Windows Group Policy Security Feature Bypass Vulnerability: A Critical Flaw Exploiting Group Policy Settings Windows DNS Server Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Cache Size Exceeded Vulnerability in BIND 9 Windows LDAP Remote Code Execution Vulnerability Edge (Chromium-based) Security Feature Bypass Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Edge (Chromium-based) Security Feature Bypass Vulnerability Exploiting the Microsoft Publisher Remote Code Execution Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Remote Termination Vulnerability in BIND DNS Server Microsoft Remote Desktop App for Windows: Information Disclosure Vulnerability Raw Image Extension RCE Vulnerability Exploiting the Raw Image Extension for Remote Code Execution Windows Kernel Privilege Escalation Vulnerability Exploiting the Microsoft Publisher Remote Code Execution Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Windows RPCSS Elevation of Privilege Vulnerability Windows Kernel DoS Vulnerability Visual Studio Identity Spoofing Vulnerability CSRF Vulnerability in Trustindex.Io WP Testimonials Plugin Azure Service Connector Security Feature Bypass Vulnerability EdgeTamper: A Critical Vulnerability in Microsoft Edge (Chromium-based) Microsoft Message Queuing DoS Vulnerability Windows Snipping Tool Data Exposure Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC and OLE DB Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Memory-Efficient Markdown String Unescaping Vulnerability in Mattermost Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Azure Machine Learning Information Leakage Vulnerability Unpatched Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 Customer Voice Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) 2FA Bypass Vulnerability in Rocket.Chat Platform Allows Persistent Account Access Timestamp Manipulation Vulnerability in Rocket.Chat Allows Message Order Manipulation Rocket.Chat Message Hiding Vulnerability Use After Free Vulnerability in libcurl's SSH Server Public Key Verification SQL Injection Vulnerability in GitHub Repository unilogies/bumsys prior to 2.2.0 Denial of Service Vulnerability in libcurl's Synchronous Resolver Improper Wildcard Pattern Matching in TLS Server Certificates Curl Information Disclosure Vulnerability in HTTP(S) Transfers EPM 2022 Su3 and Prior Versions: Unauthenticated Deserialization Vulnerability Improper Input Validation Vulnerability in Ivanti Endpoint Manager 2022 and Below: Privilege Escalation and Remote Code Execution Improper Authorization Vulnerability in Rocket.Chat <6.0: Manipulation of rid Parameter Allows Unauthorized Message Editing Privilege Escalation Vulnerability in Apache OpenMeetings UNIX Protocol NULL Pointer Dereference Vulnerability in Linux Kernel NULL Pointer Dereference Vulnerability in az6027 Driver Profile Field Availability Condition Vulnerability Privilege Escalation Vulnerability in ReviewX WordPress Plugin (Versions up to 1.6.13) Arbitrary File Read Vulnerability in Backup Feature: Limited Access to Teachers, Managers, and Admins XSS Vulnerability in Database Auto-Linking Filter Algebra Filter Bypass Vulnerability: XSS Risk Due to Missing Binaries Potential Mustache Injection Vulnerability in Mustache Pix Helper User Enumeration Vulnerability in Learning Plans Page CSRF Vulnerability in Database Activity Template Reset Link Grade Report History Vulnerability: Unauthorized Access to User Names Vulnerability in Netgear Nighthawk RAX30 Router Allows Unauthorized Firmware Upload Netgear Nighthawk Wifi6 Router (RAX30) Denial of Service Vulnerability Privilege Escalation via OpenDoas Terminal Sharing Vulnerability Authentication Bypass Vulnerability in BookIt WordPress Plugin (Versions up to 2.3.7) XXE Vulnerability in Zoho ManageEngine Applications Manager (CVE-2021-XXXX) Stored XSS Vulnerability in Zoho ManageEngine Applications Manager Allows Injection of Malicious JavaScript on Incorrect Login Details Page Denial-of-Service Vulnerability in Zoho ManageEngine ADSelfService Plus Mobile App Authentication API Altenergy Power Control Software C1.2.5 - OS Command Injection via set_timezone Parameter Unauthenticated Access and Falsified Screenshot Submission Vulnerability in Faronics Insight 10.0.19045 Clear-text Password Exposure in Faronics Insight Teacher Console Remote Access to Private API Endpoints in Faronics Insight 10.0.19045 on Windows Remote Code Execution via XSS in Faronics Insight Teacher Console Man-in-the-Middle Attack Vulnerability in Faronics Insight 10.0.19045 Arbitrary File Write and Remote Code Execution Vulnerability in Faronics Insight 10.0.19045 Reflected Cross-Site Scripting Vulnerability in WP Directory Kit Plugin (Versions up to 1.2.3) Cross-Site Scripting (XSS) Vulnerability in Faronics Insight 10.0.19045 Keystroke Logging Vulnerability in Faronics Insight 10.0.19045 on Windows Vulnerability: Teacher Console Attack via Abused Insight UDP Broadcast Discovery System Arbitrary File Upload and Remote Code Execution in Faronics Insight 10.0.19045 CPU-Consuming Hot Loop Vulnerability in Chat Service User Enumeration Vulnerability in Rocket.Chat's /mute Slash Command Rocket.Chat Markdown Parsing Vulnerability: Exploitable Search Messages Feature Allows Malicious Tag Insertion NoSQL Injection Vulnerability in Rocket.Chat's listEmojiCustom Method Stored Cross-Site Scripting Vulnerability in CRM Perks Forms Plugin for WordPress Download Safety Check Omission Vulnerability in Brave Desktop Cross-site WebSocket Hijacking (CSWSH) Vulnerability in UniFi OS 2.5 and Earlier Open Redirect Vulnerability in Brave Browser Android QR Scanner UniFi Application Backup File Vulnerability: Remote Command Execution on Linux Systems Memory Leak Vulnerability in Eclipse Mosquitto MQTT Broker Arbitrary Script Injection Vulnerability in VK All in One Expansion Unit 9.88.1.0 and Earlier Vulnerable SSH Host Key Spoofing in TP-Link L2 Switch T2600G-28SQ Improper Access Control Vulnerability in Brother iPrint&Scan App Stack-based Buffer Overflow in gpac/gpac prior to 2.2.2 Open Redirect Vulnerability in Tornado: Conducting Phishing Attacks via Specially Crafted URLs File Writing Vulnerability in Stellarium through 1.2 Object Lock Availability Vulnerability in FlashBlade Purity (OE) Version 4.1.0 Vulnerability: Data Availability Impact in FlashArray Purity with External Key Manager Configuration Denial of Service Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software Unauthenticated File Disclosure Vulnerability in Osprey Pump Controller version 1.01 Denial of Service Vulnerability in Intel(R) E810 Ethernet Controllers and Adapters Firmware Authentication Bypass Vulnerability in Intel(R) NUC Kit NUC11PH USB Firmware Installation Software Intel(R) QAT Driver for Windows - HW Version 2.0 Improper Authorization Vulnerability Memory Corruption Vulnerability in Weston Embedded uC-HTTP v3.01.01: Remote Code Execution via Crafted Network Packet Out-of-bounds Read Vulnerability in gpac/gpac prior to 2.2.2 Unauthenticated Privilege Escalation via Uncontrolled Search Path in Intel(R) AI Hackathon Software OS Command Injection Vulnerability in peplink Surf SOHO HW1 v6.3.5 (QEMU) ESS REC Agent Server Edition Directory Traversal Vulnerability Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.26.0 and Prior Privilege Escalation Vulnerability in Intel(R) NUC Pro Software Suite for Windows Insecure Firmware Validation in Snap One OvrC Pro Devices Hard-coded Credentials Vulnerability in NewsPicks App Allows Unauthorized Data Analysis and API Key Extraction Uncontrolled Search Path Element Vulnerability in Intel(R) Chipset Device Software CVE-2023-28389 Critical Divide By Zero Vulnerability in gpac/gpac Prior to 2.2.2 Privilege Escalation Vulnerability in SR-7100VN Firmware Ver.1.38(N) and Earlier and SR-7100VN #31 Firmware Ver.1.21 and Earlier Memory Corruption Vulnerability in Weston Embedded uC-HTTP v3.01.01: Remote Code Execution via HTTP Server Header Parsing Arbitrary OS Command Execution Vulnerability in Wi-Fi AP Units Accusoft ImageGear 20.1 Stack-Based Buffer Overflow Vulnerability in tif_processing_dng_channel_count Arbitrary Code Execution and OS Command Injection in Beekeeper Studio Weak Session Token Generation Algorithm in Osprey Pump Controller Version 1.01 Allows Authentication and Authorization Bypass Denial of Service Vulnerability in Intel Thunderbolt Controllers Firmware Privilege Escalation Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools Unauthenticated Account Creation and Authentication Bypass Vulnerability in Osprey Pump Controller Version 1.01 Improper Permission Assignment in CONPROSYS HMI System (CHS) Allows for System Destruction and Malicious Program Execution NULL Pointer Dereference Vulnerability in gpac/gpac prior to 2.2.2 Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.26.0 and Prior Vulnerability: Out-of-bounds Write in Intel(R) Arc(TM) & Iris(R) Xe Graphics Drivers Intel(R) Arc(TM) & Iris(R) Xe Graphics - Local Information Disclosure Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) Distribution of OpenVINO(TM) Toolkit Directory Traversal Vulnerability in BIG-IP Configuration Utility Allows Unauthorized File Access Uncontrolled Search Path Vulnerability in Intel(R) XTU Software MW WP Form Directory Traversal Vulnerability Arbitrary File Upload Vulnerability in MW WP Form v4.4.2 and Earlier Time-Based SQL Injection Vulnerability in Advanced Local Pickup for WooCommerce Plugin Buffer Overflow Vulnerability in Intel i915 Graphics Drivers for Linux Double Free Vulnerability in Intel(R) Server Board BMC Firmware Snap One OvrC Cloud Servers MAC Address Enumeration Vulnerability Snow Monkey Forms v5.0.6 and Earlier: Directory Traversal Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in ApexChat Plugin <= 1.3.1 Stored Cross-Site Scripting (XSS) Vulnerability in XootiX Side Cart Woocommerce (Ajax) Plugin <= 2.2 Yudlee Mediciti Lite Theme <= 1.3.0 - Reflected XSS Vulnerability CSRF Vulnerability in Stranger Studios Force First and Last Name as Display Name Plugin CSRF Vulnerability in WP Inventory Manager WordPress Plugin CSRF Vulnerability in Leo Caseiro Custom Options Plus Plugin Sensitive Information Exposure Vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture Stored XSS Vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce Prism Tech Studios Modern Footnotes Plugin <= 1.4.15 - Authenticated Stored XSS Vulnerability SQL Injection Vulnerability in Gentoo Package Search Handlers Redis Server Process Termination Vulnerability Denial of Service (DoS) Vulnerability in matrix-js-sdk Denial of Service Vulnerability in PDFio Parser (CVE-2023-24809) Unsecured Tooltip Field in Pimcore DataObject Class Allows Cookie Theft and Unauthorized Account Access SQL Injection Vulnerability in MultiParcels Shipping For WooCommerce WordPress Plugin Expression Injection in GitHub Actions Workflow Gas Cost Discrepancy in Frontier's `modexp` Precompile Allows for Denial of Service Attacks Information Disclosure Vulnerability in Minio Object Storage Arbitrary Object Placement Vulnerability in Minio Unrestricted Object Placement Vulnerability in Minio Unauthenticated File Upload Vulnerability in Dataease Privilege Escalation in Tailscale SSH Access Rules on FreeBSD SQL Injection Vulnerability in Dataease Arbitrary SQL Injection Vulnerability in Pimcore Prior to Version 10.5.19 Cross-Site Scripting Vulnerability in CKEditor4 Iframe Dialog and Media Embed Packages User-Controlled Key Authorization Bypass in cloudexplorer-lite v1.1.0 Discourse Administrator Request Timeout Vulnerability Password Exposure in smartCARS 3 Version 0.5.8 and Prior Sensitive Information Disclosure in GeoNode Geoserver REST API Endpoint Improper Redaction of `directus_refresh_token` in Directus Prior to 9.23.3 Allows Unauthorized User Impersonation Insecure Environment Variable Exposure in angular-server-side-configuration Out-of-Bound Read/Write Vulnerability in Deno 1.32.0 Arbitrary Program Name Injection in Deno Runtime (CVE-2021-12345) Arbitrary JavaScript Code Execution in Smarty Template Engine (CVE-XXXX-XXXX) Out of Bounds Memory Access Vulnerability in Versionize Crate Improper Access Control in GitHub Repository: cloudexplorer-dev/cloudexplorer-lite (vulnerability prior to v1.1.0) Vulnerability: Default Maximum EDNS.0 UDP Packet Size Misconfiguration in Dnsmasq Path Traversal Vulnerability in pretalx 2.3.1 Allows Arbitrary File Overwriting Path Traversal Vulnerability in pretalx 2.3.1 Allows Arbitrary File Reading via HTML Export Authentication Bypass by Capture-replay Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series Main Modules Command Injection Vulnerability in Array Networks APV Products Remote Code Execution Vulnerability in Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) JNDI Rebind Vulnerability in Payara Server 4.1.2.191 and newer Use-after-free vulnerability in hci_conn_cleanup in Linux kernel through 6.2.9 allows privilege escalation Arbitrary File Copy Vulnerability in HL7 FHIR Core Libraries Race condition vulnerability in do_tls_getsockopt in Linux kernel through 6.2.6 XSS Vulnerability in MyBB User CP Module via User Email Field SMM Module SMI Handler Vulnerability in InsydeH2O Improper GPU Processing Operations Vulnerability in Arm Mali GPU Kernel Driver Local Privilege Escalation Vulnerability in ESET Products Unauthenticated Access to nsstats Endpoint in Couchbase Server 5-7 before 7.1.4 Stored XSS Vulnerability in Concrete CMS (previously concrete5) 9.0 - 9.1.3 via Container Name Lack of Secure and HTTP Only Attributes in ccmPoll Cookies in Concrete CMS Possible Authentication Bypass Vulnerability in Concrete CMS (previously concrete5) Versions 8.5.12 and below, and 9.0 through 9.1.3 in Jobs Section Stored XSS Vulnerability in Concrete CMS (previously concrete5) 9.0 - 9.1.3 via Saved Presets on Search Reflected XSS Vulnerability in Concrete CMS Reply Form Stored XSS Vulnerability in Concrete CMS (previously concrete5) 9.0 - 9.1.3: Tags on Uploaded Files Stored XSS Vulnerability in Concrete CMS API Integrations via the name parameter Buffer Overflow Vulnerability in TP-Link EC-70 Devices Arbitrary Code Execution and Binary Modification Vulnerability in TigerGraph Enterprise 3.7.0 Cross-Site WebSocket Hijacking Vulnerability in Movim Prior to Version 0.22 Arbitrary Code Execution and RBAC Bypass in TigerGraph Enterprise 3.7.0 Unsecured Write Access to SSH Authorized Keys File in Tigergraph Enterprise 3.7.0 Confidentiality Breach in TigerGraph Enterprise 3.7.0: Unprotected Data Access Arbitrary File Write Vulnerability in TigerGraph Enterprise 3.7.0 NULL Pointer Dereference and Segfault in libxml2's xmlSchemaFixupComplexType Stored XSS Vulnerability in WeKan File Preview Unescaped Control Characters in Sudo Log Messages Unescaped Control Characters in Sudo Replay Output Vulnerability Stack-based Buffer Overflow Vulnerability in ConnMan's gdhcp Command Injection Vulnerability in CP-8031 and CP-8050 Master Modules Unauthenticated Reflected XSS Vulnerability in Estatik Estatik Mortgage Calculator Plugin SQL Injection vulnerability in Tribulant Slideshow Gallery LITE Macho Themes NewsMag Theme <= 2.4.4 Reflected XSS Vulnerability CSRF Vulnerability in MyThemeShop WP Shortcode Plugin SMTP2GO – Email Made Easy Plugin <= 1.4.2 Stored XSS Vulnerability CSRF Vulnerability in Tribulant Slideshow Gallery LITE Plugin <= 1.7.6 CSRF Vulnerability in MotoPress Hotel Booking Lite Plugin Stored Cross-Site Scripting (XSS) Vulnerability in simonpedge Slide Anything Plugin NodeBB Cross-Site WebSocket Hijacking Vulnerability Allows User Information Extraction Java Insecure Deserialization Vulnerability in Adobe LiveCycle ES4 Heap-Based Buffer Overflow in Rocket Software UniData and UniVerse Versions Prior to 8.2.4 Build 3003 and 11.3.5 Build 1001 or 12.2.1 Build 2002 Stack-Based Buffer Overflow in Rocket Software UniData and UniVerse Versions Prior to 8.2.4 Build 3003 and 11.3.5 Build 1001/12.2.1 Build 2002 Authentication Bypass Vulnerability in Rocket Software UniData and UniVerse Stack-Based Buffer Overflow in Rocket Software UniData and UniVerse Versions Prior to 8.2.4 Build 3003 and 11.3.5 Build 1001/12.2.1 Build 2002 Buffer Overflow Vulnerability in Rocket Software UniData and UniVerse API Function Stack-Based Buffer Overflow in Rocket Software UniData and UniVerse Versions Prior to 8.2.4 Build 3003 and 11.3.5 Build 1001 or 12.2.1 Build 2002 Memory-Exhaustion Vulnerability in Rocket Software UniData and UniVerse Heap-Based Overflow Vulnerability in Rocket Software UniData and UniVerse Versions Prior to 8.2.4 Build 3003 and 11.3.5 Build 1001/12.2.1 Build 2002 Weak Encryption Vulnerability in Rocket Software UniData and UniVerse Versions Prior to 8.2.4 Build 3003 and 11.3.5 Build 1001/12.2.1 Build 2002 SQL Injection Vulnerability in AGT Tech Ceppatron Allows Command Line Execution CVE-2023-28512 IBM MQ and MQ Appliance Denial of Service Vulnerability Sensitive Credential Information Disclosure in IBM MQ 8.0, 9.0, and 9.1 CVE-2023-28517 SQL Injection Vulnerability in Softmed SelfPatron (before 2.0) Stored Cross-Site Scripting Vulnerability in IBM Planning Analytics Local 2.0 Unauthorized Access Vulnerability in IBM API Connect V10 Heap Buffer Overflow in IBM Informix Dynamic Server 12.10 and 14.10 onsmsync CVE-2023-28525 Heap Buffer Overflow in IBM Informix Dynamic Server 12.10 and 14.10 Archecker Heap Buffer Overflow in IBM Informix Dynamic Server 12.10 and 14.10 CDR Arbitrary Command Execution Vulnerability in IBM AIX and VIOS Stored Cross-Site Scripting Vulnerability in IBM InfoSphere Information Server 11.7 Reflected XSS Vulnerability in Softmed SelfPatron Version 2.0 and Below Stored Cross-Site Scripting Vulnerability in IBM Cognos Analytics 11.1 and 11.2 Improper Per-Hop Destination Constraints in ssh-add Stored Cross-Site Scripting (XSS) Vulnerability in M Williams Cab Grid Plugin <= 1.5.15 Stored Cross-Site Scripting (XSS) Vulnerability in WP Job Portal Plugin Unauthenticated Reflected XSS Vulnerability in Paytm Paytm Payment Donation Plugin Memory Corruption Vulnerability in COmxApeDec Module in Audio UEFI Region Memory Corruption Vulnerability in WIN Product Multiple WMI Service Available Command Vulnerability in WLAN Host Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 via Crafted Capture File Insecure Authentication in Data Modem's TLS Handshake CFR Data DMA Buffer Release Event Triggers Memory Corruption in Data Modem WLAN HOST Memory Corruption Vulnerability during TX Status Information Retrieval Memory Corruption Vulnerability in SNPE Library via Malformed DLC Loading WLAN Transmit Command Memory Corruption Vulnerability Vulnerability: Memory Corruption in TZ Secure OS during App ELF Loading Memory Corruption Vulnerability in SPS Application: Exporting Public Key in Sorter TA CVE-2023-28547 WLAN HAL Memory Corruption Vulnerability in QDART Tx/Rx Command Processing WLAN HAL Memory Corruption Vulnerability in TLV Payload Parsing Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 via Crafted Capture File DSM Watermark Memory Corruption Vulnerability Arbitrary Address Memory Corruption Vulnerability in UTILS WLAN Host Vulnerability: Information Disclosure via WMI Event Command Processing Qualcomm IPC Information Disclosure Vulnerability Audio Channel Buffer Remapping Vulnerability Critical Cryptographic Vulnerability in HLOS Key Management WLAN HAL Memory Corruption Vulnerability WLAN Handler Vulnerability: Memory Corruption in PhyID Processing WLAN Firmware Vulnerability: Memory Corruption via Untrusted WMI Payload Vulnerability: Denial of Service in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 via Crafted Capture File WLAN HAL Memory Corruption Vulnerability QESL Memory Corruption Vulnerability Remote ESL Payload Memory Corruption Vulnerability IOE Firmware WMI Command Information Disclosure Vulnerability WLAN HAL Memory Corruption via WMI Command Parameters WLAN HAL Memory Corruption Vulnerability WLAN HAL Information Disclosure Vulnerability in WMI State Info Command Handling WLAN HAL Memory Corruption Vulnerability WLAN HAL Information Disclosure Vulnerability WLAN HAL Information Disclosure Vulnerability Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 via Crafted Capture File Audio Effect Memory Corruption Vulnerability WLAN HOST Vulnerability: Information Disclosure during Roaming Scan WLAN HOST Memory Corruption Vulnerability WLAN HAL Memory Corruption Vulnerability Critical Memory Corruption Vulnerability in Core Services via Diag Handler Command Improper Type Handling in cam_get_device_priv Function Race Condition Vulnerability in Kernel Buffer Access Uncontrolled Kernel Address Unmapping Vulnerability CVE-2023-28578 WLAN Host Memory Corruption Vulnerability via Unchecked PMK Deserialization NetScaler File Parser Denial of Service Vulnerability WLAN Host Memory Corruption Vulnerability in PMK Length Setting WLAN Firmware Vulnerability: Memory Corruption in GTK Key Parsing CVE-2023-28582 IPv6 Prefix Timer Object Lifetime Expiry Leads to Memory Corruption Vulnerability Transient Denial of Service (DoS) Vulnerability in WLAN Host during Channel Switch Announcement (CSA) with Invalid Channel ELF Segment Loading Vulnerability in TEE Kernel: Memory Corruption Vulnerability: Information Disclosure via Trusted Application Metadata Symbol Addresses in TEE ELF Loading BT Controller Memory Corruption Vulnerability Bluetooth Host Vulnerability: Transient Denial of Service during RFC Slot Allocation Code Injection in TeamPass GitHub Repository Prior to Version 3.0.9 Local Privilege Escalation Vulnerability in Zoom Client for IT Admin macOS Installers Improper Trust Boundary Implementation Vulnerability in Zoom Clients Prior to 5.13.5 HTML Injection Vulnerability in Zoom for Linux Clients (Prior to 5.13.10) HTML Injection Vulnerability in Zoom Clients: Exploiting Display Name to Redirect Users to Malicious Websites Linux Kernel SR-IPv6 Implementation Out-of-Bounds Read Vulnerability Improper Access Control Vulnerability in Zoom for MacOS Clients Improper Restriction of Operations within Bounds of a Memory Buffer Vulnerability in Zoom for Windows Clients Improper Verification of Cryptographic Signature in Zoom for Windows Clients Improper Access Control Vulnerability in Zoom VDI Client Installer XSS Vulnerability in fluid_components Extension for TYPO3 Cross-Site Scripting (XSS) Vulnerability in MISP event-graph.js Cross-Site Scripting (XSS) Vulnerability in MISP event-graph.js Authentication Mishandling in Ansible Semaphore before 2.8.89 Vulnerability: Escape from 9pfs Tree via Special File Opening Firmware Update Exploit in OMICRON StationGuard and OMICRON StationScout Authorization Bypass Vulnerability in OMICRON StationGuard and StationScout Integer Overflow in IPv4 Fragment Handling in Samsung Exynos Processors OS Command Injection in Freewill iFIS (aka SMART Trade) 20.01.01.04 via Shell Metacharacters on Report Page Cleartext Password Logging Vulnerability in Stormshield Network Security Arbitrary Command Execution in Org Mode through org-babel-execute:latex CSRF Vulnerability in Marios Alexandrou Enhanced Plugin Admin Plugin <= 1.16 Cross-Site Scripting (XSS) Vulnerability in SiteServer CMS up to 7.2.1 (VDB-229818) Stored XSS Vulnerability in Cyberus Labs Cyberus Key Plugin <= 1.0 Cross-site Scripting (XSS) vulnerability in Wishfulthemes Raise Mag and Wishfulthemes Wishful Blog themes allows Reflected XSS Stored Cross-Site Scripting (XSS) Vulnerability in Easy Slider Revolution Plugin Arbitrary Email Account Creation Vulnerability in Zulip NULL pointer dereference vulnerability in mod_auth_openidc Denial-of-Service Vulnerability in Comrak Markdown Parser (GHSL-2023-047) Arbitrary OS Command Execution in pymedusa Prior to 1.0.12 Improper Parsing of Authority in lambdaisland/uri Library (CVE-2021-XXXX) Stored XSS Vulnerability in GoCD Versions before 23.1.0 Cleartext Storage Vulnerability in Simple Design Daily Journal 1.012.GP.B on Android Credentials Leakage in GoCD Server Backups Vulnerability: HTML Formatting Code in Comrak Allows Triggering Bugs with Invalid UTF-8 Data Account Takeover and Email Modification Vulnerability in GLPI Server-side Request Forgery (SSRF) Vulnerability in GLPI RSS Feed Autodiscovery Privilege Escalation Vulnerability in GLPI Versions 0.83 to 9.5.12 and 10.0.6 Improper Resource Identification in Vantage6 Prior to Version 4.0.0 External Link Creation Vulnerability in GLPI Remote Code Execution Vulnerability in AWS Redshift Data Source in DataEase Buffer Overrun Vulnerability in Snappier 1.1.0 Reflected XSS Vulnerability in GLPI Versions 0.85 to 9.5.12 and 10.0.0 to 10.0.6 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Jewelry Store 1.0 (VDB-229820) Apiman API Key Exposure Vulnerability Bypassing AppArmor through symlinked /proc in runc containers Vulnerability: Share Overwrite in Nextcloud Server Inefficient Fetch Operation Vulnerability in Nextcloud Server Bypassing Secure View in Nextcloud Richdocuments App Bypassing Nextcloud Android Pin/Passcode Protection via Third-Party App Nextcloud iOS App Vulnerability: Unauthorized Access to User Files via iOS Files App Integration Cross-Site Scripting (XSS) Vulnerability in Osprey Pump Controller version 1.01 Unvalidated Device Claiming Vulnerability in Snap One OvrC Hub Critical SQL Injection Vulnerability in SourceCodester Theme Park Ticketing System 1.0 (VDB-229821) Unauthenticated Remote Code Execution via Malicious JavaScript Payload Cross-Site Scripting Vulnerability in CONPROSYS HMI System (CHS) Versions Prior to 3.5.3 Authenticated User Image Upload Vulnerability Use-after-free vulnerability in application's project file parser allows for arbitrary code execution Hidden Administrative Account with Hardcoded Password in Osprey Pump Controller Version 1.01 Privilege Escalation Vulnerability NGINX Management Suite Unauthorized Access to Configuration Objects Vulnerability Privilege Escalation Vulnerability in CONPROSYS HMI System (CHS) Insecure Inherited Permissions in Intel(R) oneMKL Software: Potential Privilege Escalation Vulnerability Authenticated SQL Injection Vulnerability in Waiting: One-click Countdowns WordPress Plugin (<= 0.6.2) Remote Code Execution Vulnerability in Advantech WebAccess 8.4.5 Authenticated SQL Injection Vulnerability in Events Made Easy WordPress Plugin (<= 2.3.14) Authenticated SQL Injection Vulnerability in WP Popup Banners WordPress Plugin (<= 1.2.5) Unauthenticated SQL Injection Vulnerability in Gift Cards WordPress Plugin (<= 4.3.1) Authenticated SQL Injection Vulnerability in Formidable PRO2PDF WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Meta Data and Taxonomies Filter WordPress Plugin (Versions < 1.3.1) Reflected Cross-Site Scripting Vulnerability in Woo Bulk Price Update WordPress Plugin Reflected Cross-Site Scripting Vulnerability in InPost Gallery WordPress Plugin (Versions < 2.2.2) Unauthenticated Insecure Deserialization in Lead Generated WordPress Plugin (<= 1.23) Jenkins Role-based Authorization Strategy Plugin: Permissions Persist After Disabling Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins JaCoCo Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Pipeline Aggregator View Plugin CSRF Vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and Earlier Allows Unauthorized Credential Capture Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier: Unauthorized Access to Credentials via Connection Test Endpoint Vulnerability: Credential Enumeration in Jenkins OctoPerf Load Testing Plugin Plugin CSRF Vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and Earlier Allows Unauthorized Access Unauthorized Access to OctoPerf Server via Jenkins Plugin Jenkins Convert To Pipeline Plugin CSRF Vulnerability: Remote Code Execution Risk Jenkins Convert To Pipeline Plugin Vulnerability: Code Injection via Freestyle Project Conversion Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Cppcheck Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Mashup Portlets Plugin Remote Command Injection Vulnerability in Barracuda Email Security Gateway XML External Entity (XXE) Vulnerability in Jenkins Crap4J Plugin 0.9 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Visual Studio Code Metrics Plugin 1.7 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Performance Publisher Plugin XML External Entity (XXE) Vulnerability in Jenkins Phabricator Differential Plugin Jenkins remote-jobs-view-plugin Plugin XML External Entity (XXE) Vulnerability XML External Entity (XXE) Vulnerability in Jenkins AbsInt a³ Plugin 1.1.0 and Earlier Dino Messaging Client: Personal Bookmark Store Modification Vulnerability CVE-2023-28687 Vulnerability: Unauthorized Plugin Settings Update in WP-Members Membership Plugin Stored XSS Vulnerability in WP BrowserUpdate Plugin <= 4.5 Stored XSS Vulnerability in Kevon Adonis WP Abstracts Plugin <= 2.6.3 Unauthenticated Reflected XSS Vulnerability in Balasaheb Bhise Advanced Youtube Channel Pagination Plugin CSRF Vulnerability in Wbcom Designs BuddyPress Activity Social Share Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Drew Phillips VigilanTor Plugin <= 1.3.10 CSRF Vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <= 3.9.0 Insufficient Access Control in Moxa MiiNePort E1: Remote System Operation and Service Disruption Vulnerability Insufficient Authorization Check in Wade Graphic Design FANTSY: Remote User Privilege Escalation Insufficient Filtering for File Type in Wade Graphic Design FANTSY File Update Function Denial of Service Vulnerability in EnTech Monitor Asset Manager 2.9 (CVE-2021-XXXX) Unrestricted File Upload Vulnerability in OMICARD EDM Backend System SQL Injection Vulnerability in ELITE TECHNOLOGY CORP. Web Fax Command Injection Vulnerability in ASUS RT-AC86U Router Stack-based Buffer Overflow Vulnerability in ASUS RT-AC86U's CGI Function Command Injection Vulnerability in Furbo Dog Camera Insufficient Filtering of Special Characters in Openfind Mail2000 Content Filtering Function Leads to XSS Attack Code Injection Vulnerability in Apache Airflow Hive Provider Improper Input Validation vulnerability in Apache Airflow Drill Provider Insecure Session Cookie Transmission Vulnerability Incomplete Fix for Denial of Service Vulnerability in Apache Tomcat Null Pointer Dereference Vulnerability in FabulaTech USB for Remote Desktop 6.1.0.0 (VDB-229850) Improper Input Validation in Apache Airflow Spark Provider (CVE-2021-XXXX) Denial of Service Vulnerability in Hyperscan Library (Intel(R) before version 5.4.1) Unauthenticated Command Injection Vulnerability in Osprey Pump Controller v1.01 Plaintext Storage of Passwords in CONPROSYS HMI System (CHS) Versions Prior to 3.5.3 Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi Software Improper Access Control in Intel(R) oneAPI Toolkit and Component Software Installers: Local Denial of Service Vulnerability Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.26.0 and Prior Unauthenticated Remote Control Vulnerability in Osprey Pump Controller Version 1.01 Null Pointer Dereference Vulnerability in FlexiHub 5.5.14691.0 Denial of Service Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software Buffer Overflow Vulnerability in Intel NUC BIOS Firmware (IN0048 and earlier) Allows Privilege Escalation via Local Access Intel(R) Aptio* V UEFI Firmware Integrator Tools: Unauthorized Access to Sensitive Information NGINX Management Suite File Permissions Vulnerability Remote Code Execution in General Bytes Crypto Application Server (CAS) on BATM Devices Remote Code Execution Vulnerability in Panasonic AiSEG2 Versions 2.80F through 2.93A Authentication Bypass Vulnerability in Panasonic AiSEG2 Versions 2.00J through 2.93A Stack-based Buffer Overflow in Panasonic Control FPWIN Pro: Arbitrary Code Execution Vulnerability Type Confusion Vulnerability in Panasonic Control FPWIN Pro: Arbitrary Code Execution Critical Memory Corruption Vulnerability in Twister Antivirus 8 (VDB-229852) Arbitrary Code Execution Vulnerability in Panasonic Control FPWIN Pro Unauthenticated Remote Code Execution Vulnerability in AnyMailing Joomla Plugin Arbitrary File Access and Path Traversal Vulnerability in AnyMailing Joomla Plugin Stored Cross-Site Scripting (XSS) Vulnerability in AnyMailing Joomla Plugin Buffer Overflow Vulnerability in Intel(R) SSD Tools Software Privilege Escalation Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools Privilege Escalation Vulnerability in Intel NUC BIOS Firmware (pre-JY0070) Privilege Escalation Vulnerability in Intel(R) Chipset Driver Software Denial of Service Vulnerability in Twister Antivirus 8 Uncontrolled Search Path Element Vulnerability in Intel(R) QAT Drivers for Windows Buffer Overflow Vulnerability in Intel(R) QAT Drivers for Windows - HW Version 1.0 Authenticated Remote Command Execution Vulnerability in DNS iQuery Mesh Privilege Escalation Vulnerability in Intel NUC BIOS Firmware (Before QN0073) Use-After-Free Vulnerability in Foxit PDF Reader 12.1.1.15289 Uncontrolled Search Path Vulnerability in Intel(R) QSFP+ Configuration Utility Software CVE-2023-28746 CSRF Vulnerability in codeboxr CBX Currency Converter Plugin SQL Injection Vulnerability in Copy or Move Comments CSRF Vulnerability in CM On Demand Search And Replace Plugin Null Pointer Dereference Vulnerability in eScan Antivirus 22.0.1400.2443 Unauthenticated Reflected XSS Vulnerability in Ignazio Scimone Albo Pretorio On line Plugin <= 4.6 Stored Cross-Site Scripting (XSS) Vulnerability in Wpmet Wp Ultimate Review Plugin <= 2.0.3 Integer Overflow Vulnerability in netconsd v0.2: Heap Memory Corruption via parse_packet Function Apache ShardingSphere-Agent YAML Deserialization Vulnerability ReDoS Vulnerability in Ruby URI Component Time Component ReDoS Vulnerability Vulnerability: Unprivileged User Log File Path Overwrite in Veritas NetBackup DLL Path Validation Vulnerability in Veritas NetBackup Missing 'HttpOnly' Flag in Sensitive Cookie Allows XSS in ABB REX640 PCL1, PCL2, and PCL3 Firmware Modules Unauthenticated Access and Modification of SAP NetWeaver Enterprise Portal Settings and Data SAP BusinessObjects Business Intelligence Platform Login Token Disclosure Vulnerability Resource Exhaustion Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform Cleartext Transmission of Sensitive Information in SAP BusinessObjects Platform Vulnerability: Unauthorized Access and Password Compromise in SAP BusinessObjects Business Intelligence Platform (Promotion Management) Denial of Service Vulnerability in SIPROTEC 5 Devices Unauthenticated OS Command Injection in Zyxel ATP and USG Series Firmware Denial-of-Service Vulnerability in Zyxel XGS2220-30, XMG1930-30, and XS1930-10 Switches Buffer Overflow Vulnerability in Zyxel DX5401-B0 Firmware Arbitrary Plugin Installation and Remote Code Execution Vulnerability in Formidable Forms WordPress Plugin Critical Information Exposure Vulnerability in Zyxel DX5401-B0 Firmware Remote Command Execution Vulnerability in Zyxel ZyWALL/USG Series Firmware Buffer Overflow in seq_buf_putmem_hex in Linux Kernel Stored Cross-Site Scripting (XSS) Vulnerability in Kolja Nolte Secondary Title Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Grade Us, Inc. Review Stream Plugin <= 1.6.5 Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox Plugin SQL Injection vulnerability in LearnDash LearnDash LMS allows unauthorized database access Stored Cross-Site Scripting (XSS) Vulnerability in BestWebSoft Pagination Plugin <= 1.2.2 Vulnerability: Unauthenticated Reflected XSS in Vladimir Statsenko Terms Descriptions Plugin Kubernetes Secrets-Store-CSI-Driver Log Disclosure Vulnerability Yoast Local Premium Cross-Site Request Forgery (CSRF) Vulnerability Unauthenticated Stored XSS Vulnerability in Cimatti Consulting WordPress Contact Forms Plugin Deserialization of Untrusted Data Vulnerability in Gravity Forms Stored XSS Vulnerability in PHPRADAR Woocommerce Tip/Donation Plugin Contest Gallery Plugin Unauthenticated Reflected XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Yoast SEO: Local Plugin <= 14.9 Open Redirect Vulnerability in SolidWP Solid Security Plugin CVE-2023-28787 SQL Injection Vulnerability in Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress Unauthenticated Reflected XSS Vulnerability in Cimatti Consulting WordPress Contact Forms Plugin Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 Stored Cross-Site Scripting (XSS) Vulnerability in Brett Shumaker Simple Staff List Plugin <= 2.2.3 CSRF Vulnerability in Gangesh Matta Simple Org Chart Plugin Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox Plugin Buffer Overflow Vulnerability in signelf Library Allows Code Injection in Zscaler Client Connector for Linux Privilege Abuse Vulnerability in Zscaler Client Connector on Linux Zscaler Client Connector on Linux Origin Validation Error Vulnerability Code Injection Vulnerability in Zscaler Client Connector on Linux Privilege Escalation via Zscaler Client Connector for Windows Configuration File Manipulation CVE-2023-28798 Open Redirect Vulnerability in Login Flow Allows Unauthorized Token Disclosure Path Traversal Vulnerability in Frauscher Sensortechnik GmbH FDS001 Web Interface Improper Encoding of Redirect URL Parameter Allows for XSS Attack and Admin Login Bypass SAML Authentication Vulnerability in Zscaler Admin UI Allows Privilege Escalation Zscaler Client Connector Vulnerability: Unauthorized Disabling of ZIA/ZPA Zscaler Client Connector Authentication Bypass Vulnerability Vulnerability: Improper Verification of Cryptographic Signature in Zscaler Client Connector on Linux Privilege Escalation Vulnerability in Zscaler Client Connector on Linux SNI Mismatch Vulnerability in Zscaler Internet Access (ZIA) Allows Attackers to Evade Network Security Controls Hikvision Hybrid SAN/Cluster Storage Access Control Vulnerability: Admin Permission Exploitation Session Hijacking Vulnerability in Access Control Products Recoverable Password Storage Vulnerability in pimcore/customer-data-framework prior to 3.3.10 Unauthorized Modification of Device Network Configuration Vulnerability Buffer Overflow Vulnerability in Hikvision NVR/DVR Password Recovery Feature Buffer Overflow Vulnerability in Web Browser Plug-In: Arbitrary Code Execution and Process Exception Exploit Plug-in Parameter Manipulation Vulnerability Unsigned Files Exploit in Veritas NetBackup IT Analytics 11.2.0 Stored XSS Vulnerability in Concrete CMS (previously concrete5) Versions 8.5.12 and below, 9.0.0 through 9.0.2 Token Impersonation and Privilege Abuse Vulnerability in CBOT Chatbot Stored XSS Vulnerability in Concrete CMS (previously concrete5) RSS Displayer via href Attribute Unlimited Password Reset Vulnerability in Concrete CMS (previously concrete5) before 9.1 Uncontrolled Search Path Vulnerability in Intel(R) oneAPI Toolkit and Component Software Installers Server-side Request Forgery Vulnerability in CONPROSYS HMI System (CHS) Versions Prior to 3.5.3 CVE-2023-28826 XML External Entity Injection (XXE) Vulnerability in Polarion ALM (All versions < V22R2) Legacy OPC Services Vulnerability in SIMATIC NET PC Software, SIMATIC PCS 7, SIMATIC WinCC, and SINAUT Software User-Controlled Key Authorization Bypass Vulnerability in CBOT Chatbot Use-After-Free Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization Integer Overflow Vulnerability in OPC UA Implementations Could Cause Denial of Service Command Injection Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716 Arbitrary File Overwrite Vulnerability in Nextcloud Server Information Disclosure Vulnerability in Nextcloud Server and Nextcloud Enterprise Server Weak Fallback Password Generation Vulnerability in Nextcloud Server Stored Cross-Site Scripting (XSS) Vulnerability in Wagtail ModelAdmin Views Memory Exhaustion Vulnerability in Wagtail Content Management System SQL Injection Vulnerability in GLPI Allows Data Extraction and Webshell Creation SQL Injection Vulnerability in Shoppingfeed for PrestaShop Cryptographic Weakness in CBOT Chatbot's PRNG Allows Signature Spoofing Vulnerability: Arbitrary Ethernet Frame Injection in Moby's Encrypted Overlay Networks Vulnerability: Unencrypted Traffic Leakage in Docker Swarm Encrypted Overlay Networks Arbitrary Ethernet Frame Injection in Encrypted Overlay Networks SQL Injection Vulnerability in PrestaShop PayPal Module (Versions 3.12.0 - 3.16.3) Uncontrolled Distribution of Files in Nextcloud Server Information Disclosure Vulnerability in Nextcloud Talk Denial of Service (DoS) Vulnerability in Unpoly-Rails Gem: Load Balancer Bypass Unrestricted Password Verification in Nextcloud Server Bypassing State Protection in user_oidc 1.0.0 - 1.3.0 SQL Injection and XSS Vulnerabilities in GLPI Inventory Endpoint Message Integrity Vulnerability in CBOT Chatbot Allows Adversary in the Middle (AiTM) Pimcore Perspective Editor Unauthorized Account Access Vulnerability Cross-Site Scripting (XSS) Vulnerability in Silverstripe Form Capture Dashboard Form Code Execution Vulnerability in GLPI LDAP Injection Vulnerability in Mastodon Shell Command Injection Vulnerability in nophp Web Framework Unrestricted Data Modification in Fields Plugin for GLPI Redis Vulnerability: Crash on Access via Invalid Hash Field Creation (CVE-2021-29477) Password Leak in Apereo CAS X509 Authentication Redis-py before 4.5.3 Async Command Cancellation Vulnerability Data Leakage in redis-py: Open Connection Vulnerability Origin Validation Bypass in CBOT Chatbot: Content Spoofing via API Manipulation Bypassing 2FA Verification in LemonLDAP::NG Insufficient Verification of Data Authenticity in AMI MegaRAC SPx12 and SPx13 Devices Sensitive Information Disclosure via World-Readable Temporary Backup Path in Progress Chef Infra Server Out-of-Bounds Access Vulnerability in Linux Kernel Bluetooth HCI Sync GraphQL Java Stack Consumption Vulnerability Arbitrary File Deletion Vulnerability in NCP Secure Enterprise Client Arbitrary File Read Vulnerability in NCP Secure Enterprise Client CBOT Chatbot Authentication Bypass Vulnerability Insecure File Permissions in NCP Secure Enterprise Client Support Assistant: Privilege Escalation Vulnerability Registry Information Disclosure Vulnerability in NCP Secure Enterprise Client Privilege Escalation via Symbolic Link in NCP Secure Enterprise Client XSS Vulnerability in Seafile 9.0.6: Injection of JavaScript in Wiki and Discussion Pages Arbitrary Site Redirection Vulnerability in Seafile 9.0.6 /accounts/login Endpoint Stored XSS Vulnerability in Filerun Update 20220202: Exploiting Shared Files Download Terms FileRun Comment Deletion Vulnerability Unauthorized Access to Private Configuration Data in VTEX apps-graphql@2.x GraphQL API Module Buffer Overflow Vulnerability in Artifex Ghostscript Unrestricted Upload Vulnerability in PHPOK 6.4.100 Denial of Service Vulnerability in Trustwave ModSecurity 3.0.5 through 3.0.8 Blind SQL Injection Vulnerability in Cerebrate 1.13's searchAll API Endpoint XSS Vulnerability in MISP 2.4.169 Community Index Denial of Service Vulnerability in MyLink Infotainment System of Chevrolet Equinox 2021 SQL Injection Vulnerability in Veon Computer Service Tracking Software Privilege Escalation Vulnerability in Malwarebytes AdwCleaner 8.4.0 Hard-coded Password Vulnerability in MIB3 Infotainment System of Škoda Superb III (3V3) - 2.0 TDI (2022) Vulnerability: Easy Decoding of UDS Access on Škoda Superb III (3V3) - 2.0 TDI (2022) Hardcoded Secret Value Vulnerability in MIB3 Infotainment System of Škoda Superb III (3V3) - 2.0 TDI (2022) Denial-of-Service Vulnerability in MIB3 Infotainment System on Škoda Superb III (3V3) - 2.0 TDI (2022) Denial of Service Vulnerability in Skoda Vehicles via OBDII Port Skoda Automotive Cloud: Broken Access Control Vulnerability Exposes User Nicknames and Identifiers Skoda Automotive Cloud: Broken Access Control Vulnerability Exposes User Data Cross-Site Request Forgery (CSRF) Vulnerability in WP EasyCart Plugin Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart plugin for WordPress (up to version 5.4.8) allows unauthenticated attackers to perform bulk product deletion. DLL Hijacking Vulnerability in Trend Micro Security 2021-2023 (Consumer) Cross-Site Request Forgery Vulnerability in WP EasyCart Plugin (up to 5.4.8) Allows Unauthorized Product Deactivation CSRF Vulnerability in Robin Phillips Mobile Banner Plugin Never5 Post Connector Plugin <= 1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in WPMobile.App Plugin Stored Cross-Site Scripting (XSS) Vulnerability in StPeteDesign Call Now Accessibility Button Plugin <= 1.1 Stored Cross-Site Scripting (XSS) Vulnerability in Mammothology WP Full Stripe Free Plugin <= 1.6.1 Command Injection vulnerability in Apache UIMA DUCC (Unsupported) Arbitrary Recording/Room Access Vulnerability in Apache OpenMeetings Hard-coded Cryptographic Key in DataSpider Servista and ScriptRunner Denial of Service Vulnerability in Intel(R) SSD Tools Software Cross-Site Request Forgery Vulnerability in WP EasyCart Plugin CVE-2023-28949 Cross-Site Request Forgery (CSRF) Vulnerability in WP EasyCart Plugin Sensitive User Information Disclosure in IBM MQ Tracing Functionality CVE-2023-28952 Misconfigured Security Context in IBM Cognos Analytics on Cloud Pak for Data 4.0 Denial of Service Vulnerability in IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 Privilege Escalation in IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 CSV Injection Vulnerability in IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on QFX10002 Cross-Site Request Forgery Vulnerability in WP EasyCart Plugin (up to 5.4.8) Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows local attackers to execute malicious files via Docker container Improper Handling of Unexpected Data Type Vulnerability in Juniper Networks Junos OS on ACX Series Devices Improper Authentication Vulnerability in Juniper Networks Junos OS: Arbitrary File Upload Improper Authentication Vulnerability in cert-mgmt.php Allows Arbitrary File Reading Improper Handling of Length Parameter Inconsistency in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) Allows Remote DoS Denial of Service Vulnerability in Juniper Networks Junos OS Storm Control Feature Juniper Networks Junos OS Evolved Incorrect Default Permissions Vulnerability Unauthenticated DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved BGP Software Improperly Controlled Sequential Memory Allocation Vulnerability in Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature Component IP Address Spoofing Vulnerability in Brizy Page Builder Plugin for WordPress (up to version 2.4.18) Improper Exception Handling in Juniper Networks Junos OS on JRR200 Route Reflectors: Remote Kernel Crash Vulnerability Improper Restriction of Communication Channel in Juniper Networks Paragon Active Assurance (PAA) Allows Firewall Bypass Improper Link Resolution Before File Access Vulnerability in Juniper Networks Junos OS on NFX Series Improper Authorization Vulnerability in Juniper Networks Junos OS Evolved 'sysmanctl' Shell Command Improper Check for Unusual or Exceptional Conditions Vulnerability in Juniper Networks Junos OS USB Device-Triggered Denial of Service Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on MX Series Insecure Default Initialization of Resource Vulnerability in Juniper Networks Junos OS Evolved Improper Check for Unusual or Exceptional Conditions Vulnerability in Juniper Networks Junos OS Null-Pointer-Dereference Vulnerability in f2fs_write_end_io in Linux Kernel Use After Free Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Input Validation Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Memory Leak Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon OS Command Injection Vulnerability in Juniper Networks Junos OS Evolved gNOI Server Module Use After Free Vulnerability in Juniper Networks Junos OS on QFX Series: Denial of Service (DoS) via Layer 2 Address Learning Manager (l2alm) Improper Validation of Syntactic Correctness of Input Vulnerability in Juniper Networks SRX and MX Series IDP CSRF Vulnerability in wp.Insider and wpaffiliatemgr Affiliates Manager Plugin CSRF Vulnerability in Wpmet Wp Ultimate Review Plugin <= 2.0.3 Stored Cross-Site Scripting (XSS) Vulnerability in WooCommerce Plugin (<= 2.1.48) CSRF Vulnerability in weDevs Happy Addons for Elementor Plugin <= 3.8.2 Stored Cross-Site Scripting Vulnerability in Google Map Shortcode WordPress Plugin Stored XSS Vulnerability in PI Websolution Order Details for WooCommerce Plugin Unauthenticated Reflected XSS Vulnerability in RelyWP Coupon Affiliates Plugin <= 5.4.3 Unauthenticated Reflected XSS Vulnerability in Ignazio Scimone Albo Pretorio On Line Plugin <= 4.6.1 Unauthenticated Reflected XSS Vulnerability in UX-themes Flatsome Plugin <= 3.16.8 CSRF Vulnerability in Keith Solomon Configurable Tag Cloud (CTC) Plugin <= 5.2 Vulnerability: Data Recovery and Modification in Nextcloud Desktop Client Vulnerability: Full Access to End-to-End Encrypted Folder in Nextcloud Desktop Client Vulnerability: Full Access to End-to-End Encrypted Folder in Nextcloud Weak Hash Usage Vulnerability in NFine Rapid Development Platform 20230511 (VDB-229974) Insecure Trust of Server Certificate in Nextcloud Desktop Client Sensitive Information Leakage in Cilium Debug Mode CSRF Bypass via Content-Type Header in SvelteKit (CVE-2021-XXXXX) Path Traversal Vulnerability in Roxy-WI (6.3.9.0): Arbitrary File Read Vulnerability: Lack of Rate Limiting in Flask-AppBuilder Command Execution Vulnerability in Order GLPI Plugin Arbitrary Code Execution via Git Submodule URL Length Vulnerability CSRF Protection Bypass in SvelteKit Versions Prior to 1.15.2 XSS Vulnerability in Favorites Feature of baserCMS Improper Access Controls in NFine Rapid Development Platform 20230511 Server-Side Request Forgery Vulnerability in Budibase Versions Prior to 2.4.3 Vulnerability: Arbitrary File Placement in Git for Windows' connect.exe Configuration File Uncontrolled Search Path Element Vulnerability in Git for Windows Denial of Service Vulnerability in Traefik's HTTP Header Parsing Reflected Cross-Site Scripting Vulnerability in Goobi Viewer Core (CVE-2021-XXXX) Cross-Site Scripting Vulnerability in Goobi Viewer Core (prior to version 23.03) Cross-Site Scripting Vulnerability in Goobi Viewer Core Remote Code Execution in vm2 Sandbox Privilege Escalation Vulnerability in OpenFeature Operator Session Fixation Vulnerability in @fastify/passport Improper Access Controls in NFine Rapid Development Platform 20230511 Bypassing CSRF Protection in @fastify/passport Critical Cross-Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Cross Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Cross Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Critical Cross-Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Critical Cross-Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Critical Cross-Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Critical Cross-Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Critical Cross-Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Improper Access Controls in NFine Rapid Development Platform 20230511 Cross Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product Cross Site Scripting Vulnerability in Rockwell Automation's ArmorStart ST Product User Impersonation Vulnerability in Apache OpenMeetings HID SAFE External Visitor Manager Portal API Manipulation Vulnerability User-controlled image references in presentations can lead to script code execution during document editing Collaborative Document Manipulation Vulnerability Collaborative Document Drawing Vulnerability Uncontrolled External Data Source Connections Vulnerability SQL Injection in Imageconverter API Endpoints Template Engine Command Execution Vulnerability Arbitrary Script Injection Vulnerability in Upsell Widget Heap-based Buffer Overflow Vulnerability in Cesanta Mongoose 7.10 MQTT_CMD_PUBLISH Parsed Message Length Validation LDAP Contacts Provider Vulnerability: Unauthorized Access and Denial of Service User-defined OXMF Templates Vulnerability Unsanitized Script Injection in Upsell Shop Dialog Out of Bounds Read Vulnerability in JT Open and JT Utilities Weak Cipher Vulnerability in SCALANCE X Series and SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2) Apache Kylin Server Config Web Interface Information Disclosure Vulnerability Default Read-Only Permissions Vulnerability in XCC with LDAP Authentication Privilege Escalation via Local Account Permissions Override in XCC Authenticated XCC User with Read-Only Permissions Can Modify Custom User Roles and Trespass Message Embedded Malicious Code Vulnerability in 3CX DesktopApp through 18.12.416 Divide by Zero Vulnerability in Wireshark Versions 2.0.0 through 4.0.7 Unrestricted USB Port Access Vulnerability in FACSChorus Workstation Operating System Unprotected BIOS Configuration and Boot Order Vulnerability on FACSChorus Workstation Insecure Transmission of Hashed User Credentials in Domain Joined Systems Physical Access Vulnerability in FACSChorus Workstation Allows Memory Capture and Key Extraction Plaintext Storage of Sensitive Information in FACSChorus Software Privilege Escalation Vulnerability in FACSChorus Software Database Improper Data Access Privileges in FACSChorus Software Autodesk AutoCAD 2023 Memory Corruption Vulnerability Memory Corruption Vulnerabilities in pskernel.dll File Privilege Escalation Vulnerability via Malicious DLL Installation SQL Injection Vulnerability in Marksoft Heap-Based Buffer Overflow in Autodesk AutoCAD 2024 and 2023 via Maliciously Crafted MODEL File Out-of-Bounds Write Vulnerability in Autodesk AutoCAD 2024 and 2023 Autodesk AutoCAD 2024 and 2023 Out-Of-Bounds Write Vulnerability Autodesk AutoCAD 2024 and 2023 Memory Corruption Vulnerability Null Pointer Dereference Vulnerability in Libtiff's tif_dir.c Denial of Service Vulnerability in Suite Setups Prior to InstallShield 2023 R2 Command Injection Vulnerability in Zoho ManageEngine ADManager Plus (Before 7181) via Proxy Settings Memory Corruption Vulnerability in Samsung Exynos Processors Memory Corruption Vulnerability in Samsung Exynos Processors Memory Corruption Vulnerability in Samsung Exynos Processors Memory Corruption Vulnerability in Samsung Exynos Processors Memory Corruption Vulnerability in Samsung Exynos Processors Directory Traversal Vulnerability in EZ Sync Service Memory Corruption Vulnerability in Samsung Exynos Processors Memory Corruption Vulnerability in Samsung Exynos Processors Improper Parameter Handling in Exynos Mobile Processor and Modem Cross-site Scripting (XSS) Vulnerability in PI Websolution Conditional Cart Fee Plugin Stored XSS Vulnerability in PI Websolution Product Page Shipping Calculator for WooCommerce Plugin Critical SQL Injection Vulnerability in David F. Carr RSVPMaker Plugin < 10.5.5 SQL Injection Vulnerability in BestWebSoft Contact Form to DB Plugin Stored Cross-Site Scripting (XSS) Vulnerability in a3 Portfolio Plugin <= 3.1.0 Unauthenticated Reflected XSS Vulnerability in ArtistScope CopySafe Web Protection Plugin <= 3.13 Stored Cross-Site Scripting (XSS) Vulnerability in Elegant Themes Divi Theme <= 4.20.2 Command Injection Vulnerability in ASUSTOR Data Master (ADM) Printer Service Unauthenticated Reflected XSS Vulnerability in Dream-Theme The7 Plugin (<= 11.6.0) Unauthenticated Reflected XSS Vulnerability in Muffingroup Betheme Theme <= 26.7.5 Unrestricted Upload of Dangerous File Type in Olive One Click Demo Import Hard-coded Password Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716 Path Traversal Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716 Denial of Service Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716 Unauthenticated Remote File Download Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716 Undocumented File Disclosure Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716 Erroneous IP Netmask Handling Vulnerability in ABAP Platform and SAP Web Dispatcher Excel Formula Injection Vulnerability in SAP Application Interface Framework (Message Dashboard) BIND 9 Resolver Stack Overflow Vulnerability HTML Injection Vulnerability in SAP Application Interface (Message Dashboard) SAP AIF ODATA Service Information Disclosure Vulnerability SAP Application Interface (Message Monitoring) - HTML Injection Vulnerability Use After Free vulnerability in Secomea SiteManager Embedded allows Remote Code Execution. Path Traversal Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716 Insufficient Verification of SAML Assertions in Mendix SAML Module Path Traversal Vulnerability in Rockwell Automation ThinManager ThinServer Privilege Escalation Vulnerability in SIMATIC CN 4100 (All versions < V2.5) Default SSH Configuration Vulnerability in SIMATIC CN 4100 (All versions < V2.5) Use-after-free vulnerability in Irssi 1.3.x and 1.4.x before 1.4.4 CVE-2023-29134 User De-anonymization Vulnerability in GrowthExperiments Extension for MediaWiki Denial of Service Vulnerability in CheckUser Extension for MediaWiki Denial of Service Vulnerability in Rockwell Automation Thinmanager Thinserver Unauthenticated Access to Hidden User Edits in GrowthExperiments Extension Untrusted X-Forwarded-For Header Auto-Block Vulnerability Arbitrary Code Execution Vulnerability in Malwarebytes EDR 1.0.11 for Linux Vulnerability: Inode Identifier Reuse and Cross-Filesystem Collision in Malwarebytes EDR 1.0.11 for Linux Path Traversal Vulnerability in Rockwell Automation Thinmanager Thinserver Allows Remote File Deletion Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.26.0 and Prior Uncontrolled Search Path Element Vulnerability in Intel(R) PSR SDK Arbitrary File Deletion Vulnerability Denial of Service Vulnerability in Intel(R) SPS Firmware SQL Injection Vulnerability in CONPROSYS HMI System (CHS) Versions Prior to 3.5.3 Unauthenticated Access to Root Account in INEA ME RTU Firmware 3.36b and Prior Information Loss Vulnerability in DroneScout ds230 Remote ID Receiver Allows Traffic Injection Intel(R) OFU Software Vulnerability: Local Access Privilege Escalation Replay Attack Vulnerability in SUBNET PowerSYSTEM Center 2020 U10 and Prior Versions Starlette Directory Traversal Vulnerability Sensitive Information Exposure in InfiniteWP Client Plugin for WordPress Stack-based Buffer Overflow Vulnerability in FRENIC RHC Loader v1.1.0.3 Uncontrolled Search Path Vulnerability in Intel(R) OFU Software Buffer Overflow Vulnerability in Intel(R) C++ Compiler Classic UDP Profile Idle Timeout Vulnerability Unquoted Search Path Vulnerability in Intel(R) Arc(TM) & Iris(R) Xe Graphics Drivers Privilege Escalation Vulnerability in Pro Video Formats 2.2.5 FRENIC RHC Loader v1.1.0.3 Out-of-Bound Reads Vulnerability Insecure Transmission of Federated Credentials in Local Vuforia Web Application Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.26.0 and Prior Path Traversal Vulnerability in Rockwell Automation Thinmanager Thinserver Stored XSS Vulnerability in PI Websolution Product Enquiry for WooCommerce Unauthenticated Reflected XSS Vulnerability in Magic Post Thumbnail Plugin <= 4.1.10 Unauthenticated Reflected XSS Vulnerability in PropertyHive Plugin <= 1.5.46 FortiOS and FortiProxy Improper Certificate Validation Vulnerability Buffer Overflow Vulnerabilities in FortiADC and FortiDDoS-F Uninitialized Pointer Vulnerability in Fortinet FortiProxy and FortiOS Null Pointer Dereference Vulnerability in Fortinet FortiOS and Fortiproxy Null Pointer Dereference Vulnerability in Fortinet FortiOS and FortiProxy Externally-Controlled Format String Vulnerability in Fortinet FortiOS and FortiProxy Fortinet FortiOS Stack-Based Buffer Overflow Vulnerability FortiProxy and FortiOS Cross-site Scripting Vulnerability in Guest Management Setting Denial of Service Vulnerability in SAP NetWeaver AS for ABAP (Business Server Pages) Directory Traversal Vulnerability in SAP NetWeaver (BI CONT ADDON) Allows Remote File Overwrite DLL Hijacking Vulnerability in SapSetup 9.0 Allows Privilege Escalation SAP CRM WebClient UI - Cross-Site Scripting (XSS) Vulnerability SAP CRM (WebClient UI) - HTTP Verb Manipulation Vulnerability Insecure Game Upload Panel Allows Unauthorized Link Editing Exposure of `--grpc-preshared-key` via `/debug/pprof/cmdline` endpoint Vitess Database Clustering System Denial of Service Vulnerability Vulnerability: Shard Creation Issue in Vitess Prior to Version 16.0.2 Session Hijacking Vulnerability in Custom-Enabled Discourse Installations Improper Header Parsing in GuzzleHTTP/PSR7 Context Isolation Bypass in Electron Apps using contextBridge Vulnerability in vm2 Source Code Transformer Allows Remote Code Execution Arbitrary File Listing Vulnerability in Contao CMS XWiki HTML Cleaner Restricted Mode JavaScript Injection Vulnerability Arbitrary HTML and JavaScript Injection in XWiki RSS Macro User Information Disclosure Vulnerability in XWiki Commons Open Redirect Vulnerability in XWiki Commons XSS Vulnerability in XWiki HTML Macro Unauthenticated User Script Execution Vulnerability in XWiki Commons XWiki Commons Livetable Macro HTML Injection Vulnerability Vulnerability: Inadequate Rights Check for Deleted Documents in XWiki Commons Arbitrary Code Execution Vulnerability in XWiki Legacy Notification Activity Macro Arbitrary Code Execution Vulnerability in XWiki Commons Arbitrary Code Execution Vulnerability in XWiki Commons Arbitrary Code Execution Vulnerability in XWiki Commons Arbitrary Code Execution in XWiki Platform Logging UI Arbitrary Code Execution Vulnerability in XWiki Commons Remote Code Execution Vulnerability in Apache Linkis <=1.3.1 Apache Linkis <=1.3.1 Deserialization Remote Code Execution Vulnerability Twitter Reputation Score Manipulation Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Comment System 1.0 Critical Remote Code Execution Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.19 Apache Dubbo Deserialization Vulnerability CSRF Vulnerability in Fugu Maintenance Switch Plugin <= 1.5.2 Unauthenticated Reflected XSS Vulnerability in Cththemes Outdoor Theme <= 3.9.6 CSRF Vulnerability in Whydonate Crowdfunding Plugin Unrestricted File Upload Vulnerability in Supcon SimField up to 1.80.00.00 (VDB-230078) Arbitrary File Upload Vulnerability in BIG-IQ Bosch Building Integration System (BIS) 5.0 Vulnerability: Improper Information in Cybersecurity Guidebook Allows Unauthorized Network Access Improper Access Control in Intel(R) oneAPI Toolkits: Potential Privilege Escalation via Local Access Unchecked Return Value Vulnerability in Intel(R) RealSense(TM) ID Software for Intel(R) RealSense(TM) 450 FA (Version 0.25.0) Privilege Escalation Vulnerability in Intel Integrated Sensor Hub (ISH) Driver for Windows 10 SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Arbitrary SQL Execution Remote Code Execution (RCE) via Null-Byte Injection in Apache OpenMeetings Stored XSS vulnerability in Apache Airflow's Task Instance Details Page Cross-Site Scripting (XSS) Vulnerability in Webkul Krayin CRM 1.2.4 Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Information Disclosure Vulnerability in IBM Db2 for Linux, UNIX and Windows Remote Code Execution Vulnerability in IBM Db2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Vulnerability: SameSite Attribute Missing in IBM Sterling Connect:Express for UNIX 1.5 Browser UI (IBM X-Force ID: 252055) Denial of Service Vulnerability in SeaCMS 11.6 Picture Upload Handler (CVE-2021-230081) IBM Sterling Connect:Express for UNIX 1.5 - Server-Side Request Forgery (SSRF) Vulnerability Inadequate Memory Clearing Vulnerability in IBM Sterling Secure Proxy 6.0.3 and 6.1.0 Arbitrary File Upload Vulnerability in TIBCO Spotfire Statistics Services Critical Server-Side Request Forgery Vulnerability in JIZHICMS 2.4.5 (VDB-230082) Out-of-Bounds Read Vulnerability in Adobe Substance 3D Painter Out-of-Bounds Read Vulnerability in Adobe Substance 3D Painter Out-of-Bounds Read Vulnerability in Adobe Substance 3D Painter Out-of-Bounds Write Vulnerability in Adobe Substance 3D Painter Versions 8.3.0 and Earlier Out-of-Bounds Read Vulnerability in Adobe Substance 3D Painter Allows Memory Disclosure Access of Uninitialized Pointer Vulnerability in Adobe Substance 3D Painter Out-of-Bounds Read Vulnerability in Adobe Substance 3D Painter Allows Memory Disclosure Critical Code Injection Vulnerability in DedeCMS up to 5.7.106 (VDB-230083) Out-of-Bounds Read Vulnerability in Adobe Substance 3D Painter Out-of-Bounds Read Vulnerability in Adobe Substance 3D Painter Out-of-Bounds Write Vulnerability in Adobe Substance 3D Painter Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Painter Allows Arbitrary Code Execution Stack-based Buffer Overflow in Adobe Substance 3D Painter Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Substance 3D Painter Versions 8.3.0 and Earlier Access of Uninitialized Pointer Vulnerability in Adobe Substance 3D Painter Allows Memory Disclosure Adobe Commerce Information Exposure Vulnerability Adobe Commerce Incorrect Authorization Vulnerability XML Injection Vulnerability in Adobe Commerce Versions 2.4.6 and Earlier Heap Corruption Vulnerability in Swiftshader in Google Chrome Adobe Commerce Incorrect Authorization Vulnerability Arbitrary File System Read Vulnerability in Adobe Commerce Arbitrary File System Read Vulnerability in Adobe Commerce Improper Input Validation Vulnerability in Adobe Commerce Allows Security Feature Bypass Business Logic Errors Vulnerability in Adobe Commerce Versions 2.4.6 and Earlier: Security Feature Bypass Adobe Commerce Incorrect Authorization Vulnerability Adobe Commerce Incorrect Authorization Vulnerability Arbitrary Code Execution Vulnerability in Adobe Commerce Improper Access Control Vulnerability in Adobe ColdFusion Allows Unauthenticated Access to Administration Endpoints Untrusted Search Path Vulnerability in Adobe Acrobat Reader: Application Denial-of-Service Use After Free Vulnerability in Google Chrome Extensions Deserialization of Untrusted Data Vulnerability in Adobe ColdFusion Adobe ColdFusion Improper Restriction of Excessive Authentication Attempts Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.16.0 and Earlier Use After Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.16.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect Versions 12.3 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect Versions 12.3 and Earlier Adobe Experience Manager 6.5.16.0 (and earlier) Open Redirect Vulnerability Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Adobe InDesign Out-of-Bounds Read Vulnerability Heap Corruption Exploit via Crafted PDF in Google Chrome Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Adobe InDesign Out-of-Bounds Read Vulnerability Heap Corruption Exploit via Crafted PDF in Google Chrome Arbitrary Code Execution Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Animate Allows Arbitrary Code Execution Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.16.0 and Earlier Local Scoped IPv6 Address Connection Abort Vulnerability Windows MSHTML Platform Security Feature Bypass Vulnerability: A Critical Threat to System Security Exploiting the Windows OLE Remote Code Execution Vulnerability .NET Framework Remote Code Execution Vulnerability: A Critical Security Threat Exploiting the Microsoft Teams Remote Code Execution Vulnerability Heap Corruption Exploit via Crafted PDF in Google Chrome Exploiting the Microsoft Teams Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability: Exploiting Software Dependencies Unauthenticated Elevation of Privilege Vulnerability in Microsoft Azure Kubernetes Service Access Denial of Service Vulnerability in Microsoft Access EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Word Security Feature Bypass Vulnerability: Exploiting Microsoft Word's Security Measures Windows Kernel Win32k Elevation of Privilege Vulnerability Exploiting NuGet Client for Remote Code Execution Visual Studio Code URL Spoofing Vulnerability Heap Corruption Vulnerability in Mojo in Google Chrome AV1 Video Extension Remote Code Execution Vulnerability AV1 Video Extension RCE Vulnerability Sysmon for Windows Privilege Escalation Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Edge (Chromium-based) Security Feature Bypass Vulnerability NTFS Privilege Escalation Vulnerability Windows Admin Center Spoofing Vulnerability: Exploiting Trust in Remote Server Management Unveiling Sensitive Information: Windows Remote Desktop Gateway (RD Gateway) Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC and OLE DB Type Confusion Vulnerability in V8 Engine: Remote Heap Corruption in Google Chrome Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Windows Group Policy Privilege Escalation Vulnerability Windows Remote Desktop Security Bypass Vulnerability Sysinternals Process Monitor Windows Denial of Service Vulnerability Edge (Chromium-based) Security Feature Bypass Vulnerability DHCP Server Service Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server Unauthenticated Elevation of Privilege Vulnerability in Microsoft SharePoint Server Windows GDI Privilege Escalation Vulnerability GDI Privilege Escalation Vulnerability Type Confusion Vulnerability in V8 Engine: Remote Heap Corruption in Google Chrome Unauthenticated Elevation of Privilege in Microsoft Streaming Service Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Critical Remote Desktop Client Vulnerability Allows Remote Code Execution PGM Remote Code Execution Vulnerability in Windows Windows Authentication Privilege Escalation Vulnerability Windows Media Player Remote Code Execution Vulnerability Location-Based Attack: Exploiting Windows Geolocation Service for Remote Code Execution iSCSI Target WMI Provider RCE Vulnerability Windows Filtering Platform Privilege Escalation Vulnerability RPC Runtime DoS Vulnerability Spoofing Omnibox Contents via Picture In Picture in Google Chrome Windows Media Player Remote Code Execution Vulnerability Windows GDI Privilege Escalation Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Prompt Injection Vulnerability in LangChain through 0.0.131 Allows Arbitrary Code Execution Potentially Dangerous File Upload Vulnerability in Progress Sitefinity XSS Vulnerability in Progress Sitefinity: Privileged User Exploitation in Media Libraries Spoofing Omnibox Contents via Picture In Picture in Google Chrome Remote File Deletion Vulnerability in Warpinator before 1.6.0 via Directory Traversal Privilege Escalation and Sensitive Information Disclosure in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 Arbitrary Code Execution Vulnerability in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 via sfdc_preauth.jsp Vulnerability: Control Character Injection in chfn Program Unrestricted File Upload Vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP Unauthenticated Reflected XSS Vulnerability in Kevon Adonis WP Abstracts Plugin <= 2.6.2 CVE-2023-29386 Stored Cross-Site Scripting (XSS) Vulnerability in Julien Crego Manager for Icomoon Plugin <= 2.0 Unauthenticated Reflected XSS Vulnerability in impleCode Product Catalog Simple Plugin (<= 1.6.17) CAN Bus Vulnerability: Unauthorized Vehicle Control via Headlight Connector Access Privilege Escalation via Crafted Symbolic Link in Google Chrome Installer File Access Bypass Vulnerability in Google Chrome Downloads Arbitrary Attribute Injection through Unquoted HTML Attribute Values Improper Sanitization of Filename Parameter in Context.FileAttachment Function Vulnerability: Unexpected Code Generation in go command with cgo Vulnerability: Inadequate Behavior of Go Runtime with setuid/setgid Binaries on Unix Platforms Arbitrary Code Execution Vulnerability in Go Command with cgo and LDFLAGS Vulnerability: Arbitrary Code Execution in Go Command with cgo and gccgo HTTP/1 Client Host Header Injection Vulnerability Zero-Height Tiled Image Exploit: Triggering Excessive CPU Consumption through Image Decoding TIFF Decoder Vulnerability: Memory and CPU Consumption Exploit Vulnerability: Excessive CPU Usage in RSA Signature Verification Spoofing UI Contents via Malicious Chrome Extension in Google Chrome CWE-20: Improper Input Validation Vulnerability in Server Execution CWE-306: Missing Authentication for Critical Function in Java RMI Interface Remote Code Execution Vulnerability through Java RMI Interface Critical Function Denial-of-Service Vulnerability in Schneider UPS Monitor Service Buffer Overflow Vulnerability Denial of Service Vulnerability in libbzip3.a Out-of-Bounds Write Vulnerability in libbzip3.a Out-of-Bounds Read Vulnerability in libbzip3.a Out-of-Bounds Read Vulnerability in libbzip3.a Out-of-Bounds Read Vulnerability in libbzip3.a Improper Input Validation in openemr/openemr prior to 7.0.1 Invalid memmove in bz3_decode_block leading to a crash in libbzip3.a Out-of-Bounds Write Vulnerability in libbzip3.a Stored XSS Vulnerability in PI Websolution Cancel Order Request / Return Order / Repeat Order / Reorder for WooCommerce Plugin <= 1.3.2 Stored XSS Vulnerability in Plainware ShiftController Employee Shift Scheduling Plugin <= 4.9.23 CSRF Vulnerability in ShiftController Employee Shift Scheduling Plugin CSRF Vulnerability in Robert Schulz (sprd.Net AG) Spreadshop Plugin <= 1.6.5 Unauthenticated Reflected XSS Vulnerability in Amelia Plugin for TMS Booking CSRF Vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress Plugin Code Injection Vulnerability in openemr/openemr prior to 7.0.1 Unauthenticated Reflected XSS Vulnerability in CTHthemes TheRoof Theme <= 1.0.3 SQL Injection vulnerability in Favethemes Houzez - Real Estate WordPress Theme Stored XSS Vulnerability in FancyThemes Optin Forms Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Zwaply Cryptocurrency All-in-One Plugin <= 3.0.19 Stored Cross-Site Scripting (XSS) Vulnerability in Flyn San IFrame Shortcode Plugin <= 1.0.5 Stored Cross-Site Scripting (XSS) Vulnerability in Steven A. Zahm Connections Business Directory Plugin Stored XSS Vulnerability in Eric Martin SimpleModal Contact Form (SMCF) Plugin <= 1.2.9 Unauthenticated Reflected XSS Vulnerability in FooGallery Plugin <= 2.2.35 Improper Access Control in GitHub Repository: openemr/openemr (prior to 7.0.1) CSRF Vulnerability in PressTigers Simple Job Board Plugin Unauthenticated Reflected XSS Vulnerability in Robert Heller WebLibrarian Plugin <= 3.5.8.1 Proxy.html DOM XSS Vulnerability in Zoho ManageEngine Applications Manager XML External Entity (XXE) Vulnerability in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus, and AssetExplorer DLL Hijacking Vulnerability: Privilege Escalation and Trojanized Software Exploitation DLL Hijacking Vulnerability Allows Privilege Escalation to SYSTEM UNC Path Injection Vulnerability in Project File Allows for NLTMv2 Hash Capture KEPServerEX Vulnerability: Inadequate Protection of User Credentials Exposes Basic Authentication Vulnerability: Uncontrolled Resource Utilization through JavaScript Preprocessing, Webhooks, and Global Scripts Unauthenticated Access to GitHub Repository in OpenEMR Prior to 7.0.1 File System Access Vulnerability in Zabbix Server and Proxy via JavaScript Pre-processing Buffer Overrun Vulnerability in Zabbix Server and Proxy JSON Parser HTML Injection Vulnerability in Geomap Configuration Improper Handling of Backticks in Javascript Template Literals Persistent XSS: The Silent Threat Lurking in Your Web Application Reflected XSS Vulnerability: Exploiting Script Execution through Web Application Vulnerabilities URL Parsing Vulnerability Reflected XSS Vulnerability: Exploiting Action Form Fields for Malicious Script Execution Duktape 2.6 Valstack Overflow Vulnerability Arbitrary Content Loading Vulnerability in laola.redbull Android App Improper Access Control in GitHub Repository: openemr/openemr (prior to 7.0.1) Critical Arbitrary Code Execution Vulnerability in Rockwell Automation's Arena Simulation Software Heap-based Buffer Overflow Vulnerability in Rockwell Automation's Arena Simulation Software Heap-based Buffer Overflow Vulnerability in Rockwell Automation's Arena Simulation Software Unauthenticated Access to JMX Console in Rockwell Automation Pavilion8 Memory Leakage and Denial-of-Service Vulnerability in FactoryTalk Linx Privilege Escalation Vulnerability in SageMath FlintQS 1.0 Buffer Overflow Vulnerability in Texas Instruments (TI) WiLink WL18xx MCP Driver Non-deterministic Hashing Vulnerability in libxml2 Stored Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.1 Sensitive Information Leakage in Lightbend Alpakka Kafka (CVE-2021-12345) Arbitrary Command Execution and Administrative Access Vulnerability in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 (OSFOURK-23710) Arbitrary Command Execution and Administrative Access Vulnerability in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 (OSFOURK-23552) Arbitrary Command Execution and Administrative Access Vulnerability in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 (OSFOURK-23543) Path-Traversal Vulnerability in BiblioCraft before 2.4.6 Allows Code Execution Malformed Input Hang Vulnerability in Ribose RNP before 0.16.3 Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.1 Unintended Persistence of Unlocked Secret Keys in Ribose RNP before 0.16.3 CVE-2023-29483 LDAP User Authentication Bypass Vulnerability in Terminalfour before 8.3.16 Vulnerability in Heimdal Thor Agent Allows Bypassing Network Filtering and Executing Arbitrary Code Vulnerability: USB Access Bypass and Arbitrary Code Execution in Heimdal Thor Agent Denial of Service Vulnerability in Heimdal Thor Agent XSS Vulnerability in cPanel (SEC-669) Reflected Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.1 Memory Corruption Vulnerability in ncurses Remote Code Execution Vulnerability in Novi Survey BIOS Firmware Vulnerability in Intel(R) NUCs Allows Privilege Escalation via Local Access Privilege Escalation Vulnerability in Intel NUC BIOS Firmware (IN0048 and earlier) Improved Handling of Temporary Files in macOS Sonoma 14 Addresses Privacy Vulnerability FRENIC RHC Loader v1.1.0.3 and Earlier XXE Vulnerability GLib GVariant Deserialization Denial of Service Vulnerability GitHub Repository OpenEMR Prior to 7.0.1: Improper Authorization Vulnerability Intel(R) NUC BIOS Firmware Vulnerability: Unauthorized Access and Information Disclosure Improper Server Certificate Verification Vulnerability in Jiyu Kukan Toku-Toku Coupon App Vulnerability: Unauthorized Modification of resourceDirectory Path in appConfig.json Stack-based Buffer Overflow in Application's File Parsing Functionality Uncontrolled Search Path Element Vulnerability in Intel(R) RealSense(TM) Dynamic Calibration Software Cross-Site WebSocket Hijacking Vulnerability in Zoho ManageEngine Network Configuration Manager 12.6.165 Code Injection Vulnerability in XWiki Commons XWiki Commons Document Script API Author Manipulation Vulnerability Stored XSS Vulnerability in XWiki Commons Arbitrary Code Execution Vulnerability in XWiki Commons Critical SQL Injection Vulnerability in Bus Dispatch and Information System 1.0 (VDB-230112) Remote Code Execution Vulnerability in XWiki Platform Arbitrary Code Execution Vulnerability in XWiki Platform Arbitrary Code Execution Vulnerability in XWiki Platform Unauthenticated User Creation Vulnerability in XWiki Platform Remote Code Execution Vulnerability in XWiki Platform XWiki Platform App Within Minutes Admin Rights JavaScript Injection Vulnerability Arbitrary Code Execution in XWiki AttachmentSelector Vulnerability: Unrestricted Access to Office Document Viewer Macro in XWiki Platform Arbitrary Code Execution Vulnerability in XWiki Platform Remote Code Execution and Privilege Escalation via Attachment Selector in XWiki Platform Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 via XRA Dissector Infinite Loop XWiki Platform Translation Object Corruption Vulnerability Arbitrary Code Execution Vulnerability in XWiki Platform Arbitrary Script Execution and Remote Code Execution Vulnerability in XWiki Platform Arbitrary Script Execution and Remote Code Execution Vulnerability in XWiki Platform Arbitrary Code Execution via XWiki SchedulerJobClass Code Injection Vulnerability in XWiki Platform Code Injection Vulnerability in XWiki Platform Code Execution via User Profile Editing in XWiki Platform Arbitrary HTML Code Injection and Cross-Site Scripting (XSS) Vulnerability in XWiki Eavesdropping on Matrix Group Calls in matrix-js-sdk OpenLDAP Null Pointer Dereference Vulnerability Laminas Diactoros Newline Header Injection Vulnerability WebGL API Vulnerability in Firefox and Thunderbird for macOS: Out of Bounds Memory Access and Potential Exploitable Crash Vulnerability: Unsigned Update File Exploitation in Mozilla Maintenance Service Fullscreen Notification Spoofing Vulnerability Fullscreen Notification Spoofing Vulnerability in Firefox and Focus for Android Weak Map Memory Corruption Vulnerability in Firefox, Focus for Android, Firefox ESR, and Thunderbird Memory Corruption Vulnerability in Firefox, Focus for Android, Firefox ESR, and Thunderbird Race Conditions in Font Initialization Leading to Memory Corruption and Code Execution WebExtension Path Leakage Vulnerability Content-Disposition Header Filename Truncation Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository liangliangyy/djangoblog External Protocol Navigation Vulnerability in Firefox and Focus for Android Command Execution via Malicious .desktop File Download in Firefox for Linux Newline Filename Vulnerability in Firefox and Thunderbird Use-after-free vulnerability in Firefox and Focus for Android (versions < 112) allows for memory corruption and potential exploitation Memory Corruption and Exploitable Crash Vulnerability in Firefox and Focus for Android Vulnerability: Remote Code Execution via Environment Variable Resolution in Firefox and Thunderbird Screen Recording Vulnerability in Firefox for Android Insecure Cookie Creation Vulnerability in Firefox and Focus for Android ARM64 Ion Compiler Vulnerability Realm Misbinding Vulnerability in Firefox and Focus for Android Critical SQL Injection Vulnerability in SourceCodester Students Online Internship Timesheet System 1.0 (VDB-230142) Memory Corruption Vulnerabilities in Firefox 111 and Firefox ESR 102.9 Critical Memory Corruption Vulnerability in Firefox 111 Arbitrary Service Registration Vulnerability in Service Location Protocol (SLP) Stack Overflow Vulnerability in TP-Link TL-WPA7510 (EU)_V2_190125 via /admin/locale Operation Parameter Remote Code Execution (RCE) Vulnerability in huedawn-tesseract and dawnsparks-node-tesseract via child_process Function Cesanta MJS v2.20.0 SEGV Vulnerability in ffi_cb_impl_wpwwwww SQL Injection Vulnerability in Lisa Software Florist Site Cesanta MJS v2.20.0 SEGV Vulnerability in mjs_ffi_cb_free Cesanta MJS v2.20.0 SEGV Vulnerability in gc_sweep at src/mjs_gc.c Out-of-Memory Bug in Bento4 v1.6.0-639's mp4info Component Out-of-Memory Bug in Bento4 v1.6.0-639's mp42avc Component Out-of-Memory Bug in Bento4 v1.6.0-639's mp42aac Component Segmentation Violation Vulnerability in Bento4 v1.6.0-639 Heap Buffer Overflow in mp4v2 v2.0.0 via MP4StringProperty::~MP4StringProperty() Stack Overflow Vulnerability in yasm 1.3.0.55.g101bc via yasm/yasm+0x43b466 in vsprintf Origin Software ATS Pro User-Controlled Key Authentication Bypass Vulnerability Segmentation Violation Vulnerability in yasm 1.3.0.55.g101bc via yasm_expr_create Segmentation Violation Vulnerability in yasm 1.3.0.55.g101bc via delete_Token function in /nasm/nasm-pp.c Stack Overflow Vulnerability in yasm 1.3.0.55.g101bc via parse_expr1 function Stack Overflow Vulnerability in yasm 1.3.0.55.g101bc via parse_expr5 function in nasm-parse.c Heap Buffer Overflow in MP4GetVideoProfileLevel function in mp4v2 v2.0.0 Arbitrary File Read Vulnerability in Code Sector TeraCopy 3.9.7 Authentication Bypass Vulnerability in Oliva Expertise EKS: before 1.2 Buffer Overflow Vulnerability in ByronKnoll Cmix v.19: Arbitrary Code Execution and Denial of Service via paq8 Function SQL Injection Vulnerability in bloofox v0.5.2 via /index.php?mode=content&page=pages&action=edit&eid=1 SQL Injection Vulnerability in LMXCMS v1.4.1 via setbook Parameter Cross-Site Scripting (XSS) Vulnerability in Oliva Expertise EKS Segmentation Fault Vulnerability in Advancecomp Package Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (CVE-2021-230150) Arbitrary File Upload Vulnerability in Purchase Order Management v1.0 SQL Injection Vulnerability in Purchase Order Management v1.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Purchase Order Management v1.0 Arbitrary File Upload Vulnerability in Employee Performance Evaluation System v1.0 SQL Injection Vulnerability in Yoga Class Registration System 1.0 Arbitrary File Upload Vulnerability in Online Pizza Ordering v1.0 SQL Injection Vulnerability in PrestaShop jmsthemelayout 2.5.5 via ajax_jmsvermegamenu.php SQL Injection Vulnerability in Oliva Expertise EKS: before 1.2 SQL Injection Vulnerability in PrestaShop jmsmegamenu 1.1.x and 2.0.x via ajax_jmsmegamenu.php Incorrect Access Control in PrestaShop jmsslider 1.6.0 via ajax_jmsslider.php SQL Injection Vulnerability in PrestaShop jmspagebuilder 3.x via ajax_jmspagebuilder.php Remote Code Execution Vulnerability in Antabot White-Jotter v0.2.2 via File Upload XSS Vulnerability in ZHENFENG13 My-Blog: Arbitrary Script Injection via Title Field Qbian61 Forum-Java: Arbitrary Web Script Injection via Article Editor XSS Vulnerability in WinterChenS my-site Allows Arbitrary Script Injection via Blog Article Editing XSS Vulnerability in ZHENFENG13 My-Blog Allows Arbitrary Script Injection Stored Cross-Site Scripting Vulnerability in Simple Iframe WordPress Plugin Arbitrary Code Injection through Markdown Text in pandao editor.md (<= 1.5.0) Arbitrary Code Execution via Cross Site Scripting (XSS) in PerfreeBlog 3.1.2 Improper Authorization Vulnerability in Darktrace Mobile App Allows Unauthorized Control of Antigena Actions Insecure Permissions in eXtplorer 2.1.15: Arbitrary Code Execution via File Upload Denial of Service Vulnerability in libheif 1.15.1 via Crafted HEIF Images Stack Overflow Vulnerability in D-Link DIR823G_V1.0.2B05 via NewPassword Parameters in SetPasswdSettings Stored Cross-Site Scripting Vulnerability in TinyMCE Custom Styles WordPress Plugin Remote Denial of Service Vulnerability in socket.remoteAddress Variable Cleartext Transmission Vulnerability in Tenda N301 v6.0 Firmware v12.02.01.61_multi Cleartext Transmission Vulnerability in Tenda N301 v6.0 Firmware v12.03.01.06_pt PyroCMS 3.9 Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) Vulnerability Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via set_tftp_upgrad Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via version_set Function Memory Corruption Vulnerability in MindSpore 2.0.0-alpha/2.0.0-rc1 (VDB-230176) Arbitrary Device Creation Vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x WavLink WavRouter RPT70HA1.x - Factory Reset Vulnerability Authentication Bypass Vulnerability in Wildix WSG24POE version 103SP7D190822 Local File Exfiltration via Typora's Improper Path Handling Improper Access Control in Interlink PSG-5124 v1.0.4 Allows Arbitrary Code Execution via Crafted GET Request Arbitrary Code Execution via Cross Site Scripting (XSS) in Vade Secure Gateway Arbitrary Code Execution via Cross Site Scripting in Vade Secure Gateway Cross Site Scripting (XSS) Vulnerability in Vade Secure Gateway Allows Remote Code Execution Prototype Pollution in antfu/utils prior to 0.7.3 Cross Site Scripting (XSS) Vulnerability in SofaWiki <=3.8.9 via index.php File Upload Vulnerability in SofaWiki <= 3.8.9 Allows Command Execution Privilege Escalation Vulnerability in Glitter Unicorn Wallpaper App for Android 7.0-8.0 Persistent Denial of Service Vulnerability in Glitter Unicorn Wallpaper App for Android 7.0-8.0 BT21 x BTS Wallpaper App 12 for Android: Database Tampering Vulnerability BT21 x BTS Wallpaper App 12 for Android: Persistent Denial of Service via Database Injection Persistent Denial of Service Vulnerability in Call Blocker Application 6.6.3 for Android Privilege Escalation Vulnerability in Call Blocker App 6.6.3 for Android Elevation of Privilege Vulnerability in Call Blocker Application 6.6.3 for Android Cross-Site Scripting (XSS) Vulnerability in SourceCodester Students Online Internship Timesheet System 1.0 Persistent Denial of Service Vulnerability in SoLive for Android SharedPreference File Modification Vulnerability in SoLive 1.6.14 - 1.6.20 for Android Vulnerability: Unauthorized Modification of SharedPreference Files in Lock Master App 2.2.4 for Android Database Manipulation Vulnerability in edjing Mix v.7.09.01 for Android Denial of Service Vulnerability in edjing Mix v.7.09.01 for Android Dictionary Traversal Vulnerability in Keyboard Themes 1.275.1.164 for Android Allows Arbitrary Code Execution Denial of Service Vulnerability in Wave Animated Keyboard Emoji v.1.70.7 for Android Code Execution and Privilege Escalation Vulnerability in Wave Animated Keyboard Emoji v.1.70.7 for Android Escalation of Privilege Vulnerability in Alarm Clock for Heavy Sleepers v.5.3.2 for Android TLS Protocol Enforcement Bypass in quarkus-core Denial of Service Vulnerability in Alarm Clock for Heavy Sleepers v.5.3.2 for Android Database Manipulation Vulnerability in BestWeather v.7.3.1 for Android Allows Privilege Escalation Database Manipulation Vulnerability in BestWeather v.7.3.1 for Android Allows Unauthorized Code Execution Persistent Denial of Service Vulnerability in BestWeather v.7.3.1 for Android Persistent Denial of Service Vulnerability in BestWeather v.7.3.1 for Android Code Execution Vulnerability in The Thaiger v.1.2 for Android via Manipulated SharedPreference Files Vulnerability: Exposed Component Allows Unauthorized Modification of SharedPreference Data Persistent Denial of Service Vulnerability in Story Saver for Instagram - Video Downloader 1.0.6 for Android Yandex Navigator v.6.60 for Android: Privilege Escalation via SharedPreference Manipulation Vulnerability: AES-SIV Cipher Implementation Ignores Empty Associated Data Entries Persistent Denial of Service Vulnerability in Yandex Navigator v.6.60 for Android Privilege Escalation Vulnerability in Facemoji Emoji Keyboard v.2.9.1.2 for Android Denial of Service Vulnerability in Facemoji Emoji Keyboard v.2.9.1.2 for Android via SharedPreference Files Escalation of Privilege Vulnerability in Twilight v.13.3 for Android via Manipulation of SharedPreference Files Persistent Denial of Service Vulnerability in Twilight v.13.3 for Android Escalation of Privilege Vulnerability in Blue Light Filter v.1.5.5 for Android Persistent Denial of Service Vulnerability in Blue Light Filter v.1.5.5 for Android Persistent Denial of Service Vulnerability in FlightAware v.5.8.0 for Android Insecure File Creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich Persistent Denial of Service Vulnerability in Sleep v.20230303 for Android Privilege Escalation Vulnerability in CrossX v.1.15.3 for Android via Database Files Persistent Denial of Service Vulnerability in CrossX v.1.15.3 for Android Buffer Overrun Vulnerability in OpenSC's pkcs15 cardos_have_verifyrc_package Unrestricted File Upload Vulnerability in Sentrifugo 3.5 Cross-site Scripting (XSS) Vulnerability in ASUS RT-AC51U Wireless Router Firmware Stored Cross Site Scripting (XSS) vulnerability in Dreamer CMS 3.0.1 GL.iNET MT3000 4.1.0 Release 2 - OS Command Injection Vulnerability via logread Sengled Dimmer Switch V0.0.9 Denial of Service (DOS) Vulnerability Authorization Bypass Vulnerability in Abstrium Pydio Cells 4.2.0 Denial-of-Service Vulnerability in Third Reality Smart Blind 1.00.54 Critical Access Control Vulnerability in Abstrium Pydio Cells 4.2.0 Sensitive Information Leakage in kodbox 1.2.x through 1.3.7 Kodbox <= 1.37 Cross Site Scripting (XSS) Vulnerability via Debug Information Command Injection Vulnerability in TOTOLINK X18 V9.1.0cu.2024_B20220329 via setTracerouteCfg Function Command Injection Vulnerability in TOTOLINK X18 V9.1.0cu.2024_B20220329 via hostname Parameter Critical Remote Code Execution Vulnerability in Abstrium Pydio Cells 4.2.0 Command Injection Vulnerability in TOTOLINK X18 V9.1.0cu.2024_B20220329 Firmware Command Injection Vulnerabilities in TOTOLINK X18 V9.1.0cu.2024_B20220329 via rtLogEnabled and rtLogServer Parameters Command Injection Vulnerability in TOTOLINK X18 V9.1.0cu.2024_B20220329 via setDiagnosisCfg Function Command Injection Vulnerability in TOTOLINK X18 V9.1.0cu.2024_B20220329 via disconnectVPN Function Command Injection Vulnerability in WFS-SR03 v1.0.3 via sys_smb_pwdmod Function Command Injection Vulnerability in WFS-SR03 v1.0.3 via pro_stor_canceltrans_handler_part_19 Function Arbitrary Code Execution Vulnerability in vogtmh cmaps (companymaps) 8.0 Remote Code Execution Vulnerability in Maximilian Vogt CompanyMaps (cmaps) v.8.0 via SQL Injection Cross-Site Scripting (XSS) Vulnerability in Abstrium Pydio Cells 4.2.0 CSRF Vulnerability in mccms v2.6.3 Local Privilege Escalation Vulnerability in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and Earlier Local Privilege Escalation Vulnerability in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and earlier Authentication Bypass Vulnerability in WordPress Social Login and Register Plugin (Discord, Google, Twitter, LinkedIn) Local Information Disclosure Vulnerability in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and earlier Use-After-Free Vulnerability in Py_FindObjects() Function in SciPy Server-Side Template Injection in ejs v3.1.9 through closeDelimiter Configuration Privilege Escalation through Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23 Privilege Escalation Vulnerability in Wondershare Dr.Fone v.12.9.6 Cross Site Scripting (XSS) Vulnerability in Exelysis Unified Communication Solutions (EUCS) v.1.0 Cross Site Scripting Vulnerability in Exelysis Unified Communication Solution (EUCS) v.1.0 Allows Remote Privilege Escalation Insecure Permission Vulnerability in Botkind/Siber Systems SyncApp v.19.0.3.0: Privilege Escalation via SyncService.exe Stored Cross Site Scripting (XSS) Vulnerability in Hotel Druid 3.0.4 Allows Arbitrary Command Execution GitHub Repository Path Traversal Vulnerability in pimcore/pimcore prior to 10.5.22 Blind SQL Injection (Time-based) Vulnerability in ChurchCRM 4.5.4 - /EditEventTypes.php Multiple Stored XSS Vulnerabilities in AeroCMS v0.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in Bang Resto 1.0 via itemName Parameter Multiple SQL Injection Vulnerabilities in Bang Resto 1.0 Use After Free Vulnerability in hfsplus_put_super in Linux Kernel Exif Data Exposure in SENAYAN Library Management System (SLiMS) Bulian v9.5.2 Cross Site Scripting (XSS) Vulnerability in DirCMS 6.0.0 Foreground Command Execution Vulnerability in WBCE CMS 1.5.3 via admin/languages/install.php Buffer Overflow Vulnerability in D-Link DIR-868L Firmware 1.12 Teslamate v1.27.1 Information Disclosure Vulnerability Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce Plugin Insecure Permissions in DTStack Taier 1.3.0: Unauthorized Access to Sensitive Information via /Taier/API/tenant/listTenant Interface Remote Code Execution Vulnerability in FLIR-DVTEL Management Page Remote Code Execution Vulnerability in Agasio-Camera Device SQL Injection Vulnerability in Medisys Weblab Products v19.4.03 Zammad 5.3.x (Fixed 5.4.0) Incorrect Access Control Vulnerability Zammad 5.3.x (Fixed in 5.4.0) Incorrect Access Control Vulnerability Authorization Bypass Vulnerability in Wordapp Plugin for WordPress Local File Inclusion Vulnerability in spreadsheet-reader 0.5.11: Arbitrary File Inclusion via File Parameter in test.php Out of Bounds Memory Read Vulnerability in Fortra Globalscape EFT Administration Server Denial of Service Vulnerability in Fortra Globalscape EFT Versions Before 8.1.0.16 Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via UpdateSnat Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via Edit_BasicSSID Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via Edit_BasicSSID_5G Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via SetMobileAPInfoById Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via AddWlanMacList Interface Information Disclosure Vulnerability in Fortra Globalscape EFT's Administration Server: Remote Determination of Hard Drive Serial Number Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via UpdateMacClone Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via AddMacList Interface Stack Overflow Vulnerability in H3C Magic R200 R200V100R004 via DelvsList Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via SetAPWifiorLedInfoById Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via DeltriggerList Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via CMD Parameter at /goform/aspForm Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via UpdateWanParams Interface Stack Overflow Vulnerability in H3C Magic R200 Version R200V100R004 via go parameter at /goform/aspForm CSV Injection Vulnerability in RosarioSIS 10.8.4 Periods Module Insecure Permissions in SolarView Compact <= 6.0: Unrestricted Access to Server Files via texteditor.php Unauthenticated Denial of Service Vulnerability in SMM and FPC Management Web Server Incorrect Access Control in PowerJob V4.3.1: Exploiting the Create App Interface Vulnerability Incorrect Access Control in PowerJob V4.3.1: Exploiting the Create User/Save Interface Vulnerability Insecure Permissions Vulnerability in PowerJob V4.3.1 via List Job Interface PowerJob V4.3.1 Incorrect Access Control Vulnerability Unauthorized Interface in PowerJob V4.3.2 Allows Remote Code Execution Insecure Role-Based Access Controls in Sage 300: Exploiting Client-Side Enforcement Privilege Escalation Vulnerability in Web Management Server API Calls Remote Code Execution Vulnerability in Genesys CIC Polycom Phone Provisioning TFTP Server Local File Inclusion Vulnerability in Laravel-S 3.7.35 via /src/Illuminate/Laravel.php Segmentation Fault Vulnerability in llvm-project Commit fdbc55a5: mlir::IROperand<mlir::OpOperand> Component Segmentation Fault Vulnerability in mlir::Block::getArgument Component Segmentation Fault Vulnerability in mlir::Type::getDialect() Component of llvm-project Commit 6c01b5c Assertion Failure in llvm-project Commit a0138390: Operation Already Replaced Segmentation Fault Vulnerability in LLVM-Project Commit a0138390 Segmentation Fault Vulnerability in LLVM-Project Commit a0138390: matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp) Component Segmentation Fault Vulnerability in llvm-project Commit a0138390 Remote Command Execution Vulnerability in Metersphere v1.20.20-lts-79d354a6 Stored Cross-Site Scripting Vulnerability in Leyka WordPress Plugin Heap Buffer Overflow in swfrender v0.9.2: enumerateUsedIDs_fillstyle Vulnerability Arbitrary File Manipulation and Remote Code Execution in Jetpack WordPress Plugin Stack Overflow Vulnerability in D-Link DIR-605L Firmware v1.17B01 BETA Arbitrary File Read Vulnerability in S-CMS v5.0 Authenticated Remote Code Execution (RCE) Vulnerability in S-CMS v5.0 via /admin/ajax.php Pfsense CE version 2.6.0 Vulnerability: No Rate Limit Allows Creation of Malicious Users in Firewall Weak Password Requirements in Pfsense CE Version 2.6.0: A User Account Compromise Vulnerability Unauthenticated Password Change Vulnerability in Pfsense CE version 2.6.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.14 Cross Site Scripting Vulnerability in Maximilian Vogt Cmaps v.8.0: Remote Code Execution via Auditlog Tab Null Pointer Dereference Vulnerability in Debut Web Server 1.2/1.3: Denial-of-Service (DoS) Exploit SQL Injection Vulnerability in Sourcecodester Student Study Center Desk Management System v1.0 Directory Traversal Vulnerability in spring-boot-actuator-logview 0.2.13 via LogViewEndpoint.view Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.14 Heap Overflow Vulnerability in read_byte function of mqtt_code.c in NanoMQ v0.15.0-0 Heap Overflow Vulnerability in copyn_utf8_str function of NanoMQ v0.15.0-0 Null Pointer Dereference Vulnerability in NanoMQ v0.15.0-0 during subinfo_decode and unsubinfo_decode Decoding Arbitrary Code Injection Vulnerability in Gis3W g3w-suite 3.5 Content Editor SQL Injection and Authentication Bypass Vulnerability in Erikoglu Technology ErMon CWE-502: Deserialization of Untrusted Data Vulnerability in Dashboard Module Command Injection Vulnerability in TOTOLINK X5000R Router SQL Injection Vulnerability in oretnom23 Judging Management System v1.0: Remote Code Execution and Information Disclosure via sub_event_stat_update.php SQL Injection Vulnerability in oretnom23 Judging Management System v1.0: Arbitrary Code Execution and Sensitive Information Disclosure via txtsearch Parameter in review_search.php SQL Injection Vulnerability in oretnom23 Judging Management System v1.0 SQL Injection Vulnerability in Judging Management System v1.0 via /php-jms/review_se_result.php?mainevent_id= Server-Side Request Forgery (SSRF) vulnerability in imgproxy <=3.14.0 due to unsanitized imageURL parameter. Hidden NAND Flash Memory Partition Vulnerability in MagicJack Device Allows Unauthorized Access and Ransomware Deployment Critical SQL Injection Vulnerability in SourceCodester Train Station Ticketing System 1.0 Critical SQL Injection Vulnerability in SourceCodester Simple Chat System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Local Service Search Engine Management System 1.0 Command Injection Vulnerability in TOTOLINK A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOLINK A7100RU V7.4cu.2313_B20191024 Session Takeover Vulnerability in FICO Origination Manager Decision Module 4.8.1 Stored Cross-Site Scripting (XSS) Vulnerabilities in FICO Origination Manager Decision Module 4.8.1 SQL Injection Vulnerability in Novel-Plus 3.6.2 Cache Speculation Vulnerability: AmpereOne's Branch History Injection (BHI) or Spectre-BHB Authentication Bypass Vulnerability in D-Link DIR-879 v105A1 via phpcgi Authentication Bypass Vulnerability in D-Link DIR-890L FW1.10 A1 Remote Code Execution (RCE) Vulnerability in MitraStar GPT-2741GNAC-N2 Firmware BR_g5.9_1.11(WVK.0)b32 Critical Vulnerability in ningzichun Student Management System 1.0: Weak Password Recovery via resetPassword.php (VDB-230354) SQL Injection Vulnerability in Sourcecodester Judging Management System v1.0 via /php-jms/print_judges.php SQL Injection Vulnerability in Judging Management System v1.0 by oretnom23 Critical SQL Injection Vulnerability in ningzichun Student Management System 1.0 (VDB-230355) Denial of Service Vulnerability in osTicket Application due to Lengthy Passwords Buffer Overflow Vulnerability in Libming swftophp v.0.4.8: Denial of Service via newVar_N in util/decompile.c Denial of Service Vulnerability in libming swftophp v.0.4.8 Buffer Overflow Vulnerability in Libming swftophp v.0.4.8: Denial of Service via cws2fws Function Buffer Overflow Vulnerability in Libtiff V.4.0.7: Denial of Service via tiffcp Function Cesanta MJS v.1.26 Buffer Overflow Vulnerability in mjs_mk_string Function Denial of Service Vulnerability in Cesanta MJS v.1.26 via mjs_execute Function Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.9 Arbitrary File Upload Vulnerability in Semcms Shop v4.2 via SEMCMS_Upfile.php SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System v1.0 via QTY Parameter Arbitrary Code Execution via XSS in ONOS API Documentation Dashboard Stored XSS Vulnerability in TotalJS Flow v10 via Crafted Payload in Platform Name Field Stored XSS Vulnerability in TotalJS Messenger Commit b6cf1c9 TotalJS Messenger Stored XSS Vulnerability Stored XSS Vulnerability in TotalJS Messenger Commit b6cf1c9 DOM XSS Vulnerability in Grafana WorldMap Panel Plugin Cross Site Scripting (XSS) Vulnerability in Sourcecodester Medicine Tracker System in PHP 1.0.0 via page=about ARMember WordPress Plugin Cross-Site Request Forgery Vulnerability Cross Site Scripting (XSS) Vulnerability in Medicine Tracker System in PHP 1.0.0 SQL Injection Vulnerability in Medicine Tracker System in PHP 1.0.0 NULL Pointer Dereference Vulnerability in gpac/gpac prior to 2.2.2 Arbitrary File Upload Vulnerability in Online Food Ordering System v2.0 Cross Site Scripting (XSS) Vulnerability in Wuzhicms v4.1.0 Member Center Account Settings Cross Site Scripting (XSS) Vulnerability in LavaLite v9.0.0 Cross Site Scripting (XSS) vulnerability in EyouCms V1.6.1-UTF8-sp1 Unchecked Return Value in GPAC GitHub Repository Prior to Version 2.2.2 CraftCMS v.3.8.1 Remote Code Execution Vulnerability via Crafted Section Parameter Arbitrary Command Execution and Privilege Escalation Vulnerability in IXP EasyInstall 6.6.14884.0 Privilege Escalation Vulnerability in IXP Data EasyInstall 6.6.14907.0 via Static Cryptographic Key Command Injection Vulnerability in Tenda AC18 v15.03.05.19(6318_)_cn Cross-Site Scripting (XSS) Vulnerability in BeipyVideoResolution up to 2.6 Server-Side Template Injection (SSTI) Vulnerability in Camaleon CMS v2.7.0 via formats Parameter Unauthenticated Download of Camera Settings and Administrator Credentials in Assmann Digitus Plug&View IP Camera HT-IP211HDP (v2.000.022) Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Opart Opartmultihtmlblock SQL Injection Vulnerability in City Autocomplete Module for PrestaShop Critical Server-Side Request Forgery Vulnerability in yiwent Vip Video Analysis 1.0 (VDB-230359) SQL Injection Vulnerability in PrestaShop leocustomajax 1.0 and 1.0.0 via modules/leocustomajax/leoajax.php SQL Injection Vulnerability in Boxtal (envoimoinscher) Module for PrestaShop SQL Injection Vulnerability in Payplug Module for PrestaShop (Versions 3.6.0 - 3.7.1) SQL Injection Vulnerability in AfterMail Module for PrestaShop (before version 2.2.1) via Multiple Parameters Cross-Site Scripting (XSS) Vulnerability in yiwent Vip Video Analysis 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Lost and Found Information System 1.0 Directory Traversal Vulnerability in mlflow Platform (up to v2.0.1) Allows Arbitrary File Read Cross Site Scripting (XSS) Vulnerability in CraftCMS 3.7.59 via Volume Name Injection Server-Side Template Injection (SSTI) in CraftCMS version 3.7.59 allows Remote Code Execution via User Photo Location field. Critical Remote Code Execution Vulnerability in SourceCodester Lost and Found Information System 1.0 Stored XSS Vulnerability in Typecho v1.2.0 via Crafted Payload in URL Parameter Arbitrary File Upload Vulnerability in CRMEB v4.4 to v4.6 Arbitrary Code Execution Vulnerability in ONLYOFFICE DocumentServer Arbitrary Code Execution Vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 Memory Exhaustion Denial of Service Vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 SQL Injection Vulnerability in Prestashop posstaticblocks <= 1.0.0 via getPosCurrentHook() DMA Reentrancy Vulnerability in QEMU's e1000e NIC Emulation SQL Injection Vulnerability in PrestaShop cdesigner < 3.1.9 via CdesignerTraitementModuleFrontController::initContent() SQL Injection Vulnerability in Prestashop PosSearch::find() SQL Injection Vulnerability in Prestashop posstaticfooter <= 1.0.0 via getPosCurrentHook() Unrestricted Download of Personal Information in Linea Grafica's Detailed Order Module Incorrect Access Control in Prestashop Salesbooster Module Path Traversal Vulnerability in My Inventory Module (myinventory) <= 1.6.6 for PrestaShop Incorrect Access Control in Prestashop winbizpayment <= 1.0.2 via modules/winbizpayment/downloads/download.php Incorrect Access Control in Prestashop CustomExporter Module Reflected Cross-site Scripting (XSS) Vulnerability in i-librarian-free prior to 5.10.4 Path Traversal Vulnerability in Ultimate Image Tool Plugin for PrestaShop SQL Injection Vulnerability in Judging Management System v1.0 via event_id parameter at /php-jms/result_sheet.php SQL Injection Vulnerability in Judging Management System v1.0 via judge_id Parameter at /php-jms/edit_judge.php Stored XSS Vulnerability in DouPHP v1.7 via unique_id Parameter in /admin/article.php Divide by Zero Denial of Service Vulnerability in Kodi Home Theater Software Stored Cross-site Scripting (XSS) Vulnerability in i-librarian-free GitHub Repository (prior to version 5.10.4) Cross Site Scripting (XSS) Vulnerability in OURPHP <= 7.2.0 via ourphp_tz.php SQL Injection Vulnerability in OURPHP <= 7.2.0 Cross Site Scripting (XSS) Vulnerability in OURPHP <= 7.2.0 via /client/manage/ourphp_out.php User Account Information Disclosure Vulnerability in newbee-mall's updateUserInfo Function Inconsistent Handling of arg.result in IPv6 Module of Linux Kernel Leading to Kernel Panic Password Hash Retrieval Vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and Earlier Broken Authentication Vulnerability in 4D SAS 4D Server Software v17, v18, v19 R7, and Earlier Denial of Service Vulnerability in Rizin Prior to 0.5.0 Time-Based SQL Injection Vulnerability in WP EasyCart Plugin DLL Injection Vulnerability in CyberGhostVPN Windows Client Bluetooth LE Stack Vulnerability: Out-of-Bounds Memory Access via Segmented 'Prepare Write Response' Packets SQL Injection Vulnerability in NS-ASG v6.3 via /admin/add_ikev2.php SQL Injection Vulnerability in Beijing Netcon NS-ASG Application Security Gateway v6.3 via TunnelId SQL Injection Vulnerability in Judging Management System v.1.0: Remote Code Execution via crit_id Parameter Remote Code Execution via SQL Injection in Judging Management System v.1.0 Arbitrary Code Execution Vulnerability in Oretnom23 Storage Unit Rental Management System v.1.0 Server-Side Request Forgery Vulnerability in Dropbox Folder Share Plugin for WordPress Remote Code Execution in Dolibarr (before 17.0.1) via Uppercase Manipulation Cross Site Scripting Vulnerability in Webkil QloApps v.1.5.2 AuthController.php Privilege Escalation via Buffer Overflow in FiiO M6 Build Number v1.0.4 Command Injection Vulnerability in MagnusSolution MagnusBilling 6.x and 7.x Buffer Overflow Vulnerability in importshp Plugin in LibreCAD 2.2.0 Stored Cross-site Scripting (XSS) Vulnerability in jgraph/drawio GitHub Repository (prior to 21.2.8) RaspAP Raspap-webgui Command Injection Vulnerability Remote Command Injection Vulnerability in OpenWB 1.6 and 1.7 Remote Code Execution Vulnerability in MIM License Server and MIMpacs Services v6.9 - v7.0 Unrestricted File Upload Vulnerability in CLTPHP <=6.0 via Template.php:update Directory Traversal Vulnerability in CLTPHP <=6.0 Unrestricted File Upload Vulnerability in CLTPHP <=6.0 Cross Site Scripting (XSS) Vulnerability in CLTPHP <=6.0 via Changyan.php Title: CLTPHP <=6.0 Improper Input Validation Vulnerability Improper Input Validation Vulnerability in CLTPHP <=6.0 via Template.php Cluster Scoped Access Vulnerability in GRC Policy Propagator Insecure MQTT Backend Allows Unauthorized Access and Manipulation of Telemetry Data in HopeChart HQT-401 Telematics Unit Buffer Overflow Vulnerability in Netgear R6900, R6700v3, and R6700 Routers Insecure Permissions Vulnerability in scquickaccounting Module for PrestaShop Allows Unauthorized Access to Personal Information PrestaShop scexportcustomers Module Incorrect Access Control Vulnerability User Login Credential Disclosure in Deviniti Issue Sync Synchronization v3.5.2 for Jira Cross-Site Request Forgery Vulnerability in Guangdong Pythagorean OA Office System up to 4.50.31 (VDB-230458) Arbitrary Code Execution Vulnerability in N-able Technologies N-central Server Infinite Loop Vulnerability in WebAssembly 1.0 Component hang.wasm Path Traversal Vulnerability in King-Avis Module for Prestashop Cross Site Scripting (XSS) Vulnerability in LoginServlet.java in wliang6 ChatEngine Unrestricted File Upload Vulnerability in Mobatime Web Application Allows Remote Code Execution Cross Site Scripting (XSS) Vulnerability in textMessage Field in ChatEngine Cross Site Scripting (XSS) Vulnerability in LoginServlet.java in wliang6 ChatEngine Arbitrary Code Execution via Cross Site Scripting (XSS) in Payatu ChatEngine v.1.0 SQL Injection Vulnerability in Username Field in Payatu ChatEngine v.1.0 SQL Injection Vulnerability in textMessage Parameter in ChatEngine v.1.0 Allows for Sensitive Information Disclosure Arbitrary Code Execution via Cross Site Scripting (XSS) in ChatEngine's Username Field Authentication Bypass Vulnerability in Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 Privilege Escalation through Incorrect Authorization in Mobatime Web Application Local File Inclusion Vulnerability in SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 Server-Side Template Injection (SSTI) Vulnerability in Beetl v3.15.0's Render Function Arbitrary File Upload Vulnerability in PerfreeBlog v3.1.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in AsmBB v2.9.1 Stored XSS Vulnerabilities in Emlog Pro v2.0.3: Arbitrary Code Execution via Article Title and Summary Parameters Reflected XSS Vulnerability in 'mode' Parameter of /admin Functionality (Versions <=2.0.44) Neox Contact Center 2.3.9 - Cross Site Scripting (XSS) Vulnerability in search_sms_api_name Parameter JFinal CMS v5.1.0 Remote Code Execution (RCE) Vulnerability via ActionEnter Function Cross-Site Scripting (XSS) Vulnerability in Guangdong Pythagorean OA Office System up to 4.50.31 Privilege Escalation and Password Reset Vulnerability in FS S3900-24T4S Devices Hard-coded Default Password Vulnerability in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 Default Hard-Coded Password Vulnerability in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 Unauthenticated Remote Code Execution Vulnerability in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 Vulnerability: Physical Access to U-Boot via UART in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 Integrity Check Bypass Vulnerability in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 Unchecked Read Vulnerability in NTP Server Allows Remote Panic Trigger Buffer Overflow Vulnerability in libcoap Library Allows Information Disclosure via Malformed PDU Prototype Pollution in vConsole v3.15.0: Incorrect Key and Value Resolution in setOptions in core.ts Insecure Loading of Configuration Files in mRemoteNG Buffer Overflow Vulnerability in Tenda AC5 V15.03.06.28: Exploiting the initWebs Function Tenda AC15 V15.03.05.19 Buffer Overflow Vulnerability Unauthenticated Access and Data Retrieval Vulnerability in HelpDezk Community v1.1.10 Stack-Based Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.19's GetValue Function Stack-Based Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.19's sub_ED14 Function Stack-Based Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.19's xkjs_ver32 Function Stack-based Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.19's xian_pppoe_user Function Stack-based Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.19's getIfIp Function Stack-based Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.19's henan_pppoe_user Function Stack-Based Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.19's sub_8EE8 Function Critical SQL Injection Vulnerability in HelpDezk Community 1.1.10: Remote Data Extraction Directory Traversal Vulnerability in DedeCMS v5.7.107's /dialog/select_media.php Component Buffer Overflow Vulnerability in Valve Half-Life (hl.exe) Allows Arbitrary Code Execution and Privilege Escalation Buffer Overflow Vulnerability in TP-LINK Archer C50v2, Archer C20v1, and Archer C2v1 Routers Improper Access Control Vulnerability in SD ROM Utility Cross-Site Scripting (XSS) Vulnerability in Progress Ipswitch MoveIT 1.1.11 API Authentication Function Insecure Permissions in GARO Wallbox GLB/GTB/GTC Settings Page Allows for Man-in-the-Middle Attack Out of Bounds Access Vulnerability in lua-resty-json Debug Function Command Injection Vulnerability in Anyka Microelectronics AK3918EV300 MCU v18 Heap Overflow Vulnerability in YASM v1.3.0 via handle_dot_label function Time-based authentication bypass vulnerability in Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 Remote Code Execution Vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 Cross-Site Scripting (XSS) Vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 Segmentation Violation Vulnerability in Jerryscript Commit 1a2c047 Segmentation Violation Vulnerability in Jerryscript Commit 1a2c047 Cross-Site Scripting (XSS) Vulnerability in Autochat Automatic Conversation WordPress Plugin Stack Overflow Vulnerability in Jerryscript Commit 1a2c047 via ecma_op_function_construct Stack Overflow Vulnerability in Jerryscript Commit 1a2c047 via vm_loop in vm.c SQL Injection Vulnerability in Sourcecodester Packers and Movers Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in Pear-Admin-Boot v2.0.2: Arbitrary Code Execution via Private Message Title Vulnerability: Double Slash Bypass in dotCMS NormalizationFilter Apache Pulsar Broker's Rest Producer Incorrect Authorization Vulnerability Incorrect Authorization Vulnerability in Apache Pulsar: Privilege Escalation via Proxy Role Stack-based Buffer Overflow in AMI's SPx BMC via Adjacent Network Buffer Overflow Vulnerability in IBM Db2 db2set Open Redirect Vulnerability in IBM Security Verify Access 10.0 Allows for Phishing Attacks Local Privilege Escalation Vulnerability in IBM Storage Scale Stored Cross-Site Scripting in IBM Security Guardium 11.3, 11.4, and 11.5 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.3, 11.4, and 11.5 User Enumeration Vulnerability in IBM Security Guardium 11.3, 11.4, and 11.5 PowerVM Privilege Escalation Vulnerability Divide-by-Zero Vulnerability in Xpdf's Text Extraction Code Due to Excessively Large PDF Page Size Denial of Service and Data Corruption Vulnerability in IBM PowerVM Hypervisor Exposure of Sensitive Information in IBMJCEPlus and JSSE Components (IBM X-Force ID: 253188) Denial of Service Vulnerability in IBM Db2 Federated Server Server-Side Request Forgery (SSRF) Vulnerability in IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows SQL Injection Vulnerability in Tise Technology Parking Web Report Vulnerability: TLS Misconfiguration in Redpanda RPC Server Arbitrary File Read Vulnerability in TYPO3 11.5.24 Filelist Component Persistent XSS Vulnerability in MoroSystems EasyMind - Mind Maps Plugin for Confluence Persistent XSS vulnerability in Teamlead Reminder plugin for Jira (version 2.6.5) via the message parameter. DOM-based XSS in ebankIT before version 7 Denial-of-Service Vulnerability in ebankIT: Overloading Server with EStatementsIds Lack of Consistency Checks for CR0 and CR4 in nVMX on x86_64 Username Enumeration Vulnerability in Medicine Tracker System 1.0 Remote Code Execution in SmartPTT SCADA 1.1.0.0 via Malicious C# Script Execution SQL Injection Vulnerability in Biltay Technology Scienta Integer Overflow in picoTCP's pico_ipv6_alloc Leads to Memory Corruption and Denial of Service SQL Injection Vulnerability in Apache InLong (Versions 1.4.0 - 1.5.0) Allows Extraction of Usernames Weak Password Reset Mechanism in Milesight 4K/H.265 Series NVR Models Improper Authorization in Milesight 4K/H.265 Series NVR Web Interface Reflected XSS Vulnerability in Hitachi Ops Center Analyzer SQL Injection Vulnerability in TMT Lockcell: Before 15 Use-after-free vulnerability in Hermes bytecode generation with unsound inference Unauthenticated Reflected XSS Vulnerability in Cornel Raiu WP Search Analytics Plugin <= 1.4.7 Unauthenticated Reflected XSS Vulnerability in MyThemeShop URL Shortener Plugin Unauthenticated Reflected XSS Vulnerability in Maxim Glazunov YML for Yandex Market Plugin <= 3.10.7 CSRF Vulnerability in Kilian Evang Ultimate Noindex Nofollow Tool II Plugin <= 1.3 Unauthenticated Reflected XSS Vulnerability in RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates Plugin <= 5.4.5 Essitco AFFILIATE Solution Plugin <= 1.0 Authenticated Stored XSS Vulnerability CSRF Vulnerability in Tribulant Newsletters Plugin <= 4.8.8 User-Controlled Key Authorization Bypass Vulnerability in TMT Lockcell CVE-2023-30480 Unauthenticated Reflected XSS Vulnerability in AGP Font Awesome Collection Plugin <= 3.2.4 Stored Cross-Site Scripting (XSS) Vulnerability in VillaTheme WPBulky Plugin <= 1.0.10 Unauthenticated Reflected XSS Vulnerability in Kiboko Labs Watu Quiz Plugin (<= 3.3.9.2) CSRF Vulnerability in uPress Enable Accessibility Plugin <= 1.4 Unauthenticated Reflected XSS Vulnerability in Avartan Slider Lite Plugin (<= 1.5.3) Unauthenticated Reflected XSS Vulnerability in ThimPress LearnPress Export Import Plugin Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Email Subscription Popup Plugin Command Injection Vulnerability in TMT Lockcell: Unrestricted File Upload Unauthenticated Reflected XSS Vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon Plugin (<= 2.1.8) Stored Cross-Site Scripting (XSS) Vulnerability in Vark Minimum Purchase for WooCommerce Plugin Unauthenticated Reflected XSS Vulnerability in Themefic Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 Unauthenticated Reflected XSS Vulnerability in ImageRecycle ImageRecycle Plugin SQL Injection vulnerability in Themefic Ultimate Addons for Contact Form 7 Cross-site Scripting (XSS) Vulnerability in MagePeople Team WpBusTicketly Plugin <= 5.2.5 Unauthenticated Reflected XSS Vulnerability in Simon Chuang WP LINE Notify Plugin CodeFlavors Vimeotheque Plugin XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in FolioVision FV Flowplayer Video Player Plugin Cookie Validation and Integrity Checking Vulnerability in TMT Lockcell: Enabling Privilege Abuse and Authentication Bypass Unauthenticated Reflected XSS Vulnerability in WPForms Plugins Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Path Traversal Vulnerabilities Aruba EdgeConnect Enterprise Command Line Interface Path Traversal Vulnerabilities Aruba EdgeConnect Enterprise Command Line Interface Path Traversal Vulnerabilities Stored Cross-Site Scripting Vulnerability in Page Builder by AZEXO WordPress Plugin (Versions up to 1.27.133) Aruba EdgeConnect Enterprise Web Management Interface Arbitrary URL Request Vulnerability Kubernetes Cluster-Level Privilege Escalation in CubeFS through 3.2.1 Insecure Credential Logging in Jenkins Kubernetes Plugin Insecure Credential Logging in Jenkins Azure Key Vault Plugin Insecure Credential Logging in Jenkins Thycotic DevOps Secrets Vault Plugin Improper SSL/TLS Certificate Validation in Jenkins Image Tag Parameter Plugin 2.0 Unconditional SSL/TLS Certificate and Hostname Validation Disabling in Jenkins NeuVector Vulnerability Scanner Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Thycotic Secret Server Plugin Unauthenticated Triggering of Jenkins Quay.io Builds Cross-Site Request Forgery Vulnerability in Page Builder by AZEXO WordPress Plugin (up to 1.27.133) Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Quay.io Trigger Plugin Unauthenticated Triggering of Jenkins Assembla Merge Request Builder Plugin Builds Unauthenticated Build Triggering Vulnerability in Jenkins Fogbugz Plugin Unencrypted Storage of ReportPortal Access Tokens in Jenkins Controller Unmasked Access Tokens in Jenkins Report Portal Plugin Configuration Form CSRF Vulnerability in Jenkins Report Portal Plugin 0.5 and Earlier Unauthenticated Remote URL Connection Vulnerability in Jenkins Report Portal Plugin Unencrypted Storage of WSO2 Oauth Client Secret in Jenkins WSO2 Oauth Plugin Unmasked WSO2 Oauth Client Secret in Jenkins WSO2 Oauth Plugin Jenkins Lucene-Search Plugin HTTP Endpoint Vulnerability Unauthenticated Modification of Data in Page Builder by AZEXO WordPress Plugin Unencrypted Storage of HashiCorp Consul ACL Token in Jenkins Consul KV Builder Plugin Unmasked HashiCorp Consul ACL Token in Jenkins Consul KV Builder Plugin Jenkins TurboScript Plugin 1.3 and Earlier: Unauthorized Build Triggering Vulnerability Prototype Pollution Vulnerability in SheetJS Community Edition before 0.19.3 Insecure Deserialization Vulnerabilities in Cacti 1.2.24 Snowflake JDBC Driver Command Injection Vulnerability Newline Injection Vulnerability in Slim/PSR7 (CVE-2021-12345) Arbitrary Code Execution Vulnerability in XWiki Platform Improper Sanitization of SVG Files Allows Arbitrary JavaScript Execution in Discourse Nextcloud Server and Files Access Control Vulnerability Data Access Vulnerability in Nextcloud Talk Inaccessible Function Vulnerability in OpenZeppelin Contracts Proxy Vulnerability: Inconsistent Length of Signatures and Calldatas in OpenZeppelin Contracts Outdated `chainId` Vulnerability in web3-react Email address update vulnerability in Kiwi TCMS versions prior to 12.2 Arbitrary File Read Vulnerability in PrestaShop Off-by-one Error in Antelope Database Management System in Contiki-NG OS Unsanitized Exception Handling Vulnerability in vm2 Sandbox (CVE-2021-XXXX) Path Traversal Vulnerability in gatsby-plugin-sharp Plugin Use-after-free vulnerability in Apptainer allows for privilege escalation and denial of service Cross-Site Request Forgery Vulnerability in Page Builder by AZEXO WordPress Plugin (up to 1.27.133) IDOR Vulnerability in MeterSphere Allows Unauthorized Project Modification Out of Memory Vulnerability in Rekor Prior to Version 1.1.1 Multiple SQL Injection Vulnerabilities in Archery's SQL Audit Platform Multiple SQL Injection Vulnerabilities in Archery's SQL Audit Platform SQL Injection Vulnerabilities in Archery's `api_workflow.py` Endpoint SQL Injection Vulnerabilities in Archery's `explain` Method SQL Injection Vulnerability in Archery's `optimize_sqltuningadvisor` Method Multiple SQL Injection Vulnerabilities in Archery Multiple SQL Injection Vulnerabilities in Archery SQL Audit Platform Unsigned Firmware Update Package Vulnerability Path Traversal Vulnerability in YFCMF up to 3.0.4 (VDB-230542) Physical Connection Vulnerability: Unauthorized Configuration Modification on PCU Physical Access Vulnerability: Unauthorized Data Manipulation in PCU Modules Vulnerability: Tampering and Distribution of GRE Dataset Files in Systems Manager Session Hijacking Vulnerability in System Manager User Import Function Input Validation Bypass in Alaris Systems Manager Device Import Function Insecure Connection Vulnerability: Exposing Infusion Data through Systems Manager and CQI Reporter Application Path Traversal Vulnerability in YFCMF up to 3.0.4 (VDB-230543) Denial of Service Vulnerability in Pluto: Unauthenticated IKEv1 Aggressive Mode Packet Handling Race condition vulnerability in Libarchive allows for world-writable directories Remote Code Execution Vulnerability in Apache Guacamole 1.5.1 and Older Apache Guacamole RDP Audio Input Buffer Freed Reference Vulnerability AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 Argument Checking Vulnerability in runtar.c Cross-Site Scripting (XSS) Vulnerability in 07FLY CRM up to 1.2.0 CVE-2022-12345: Bypassing Policy Mechanism in Node.js Experimental Feature Vulnerability Title: Arbitrary Folder Creation Vulnerability in Node.js (.msi version) Installation Process Privilege Escalation Vulnerability in Node.js 20 with Experimental Permission Model Invalid Public Key DoS Vulnerability in Node.js X509Certificate() API HTTP Request Smuggling (HRS) Vulnerability in Node.js HTTP Module Critical SQL Injection Vulnerability in SourceCodester Online Exam Form Submission 1.0 (VDB-230565) Inconsistent Key Generation Behavior in crypto.createDiffieHellman() API Function Denial-of-Service Vulnerability in NodeBB <= v2.8.10 via Crafted Socket.IO Messages Cross-Site Scripting (XSS) Vulnerability in Agro-School Management System 1.0 (CVE-2021-230566) Privilege Escalation via FQL/Audit Logs in Apache Cassandra Unauthenticated Remote Attackers Can Access Sensitive Data in Hitron Technologies CODA-5310 via Telnet Default Telnet Account and Password Vulnerability in Hitron Technologies CODA-5310 Insufficient Authentication Vulnerability in Hitron Technologies CODA-5310 System Configuration Interface Multiple SQL Injection Vulnerabilities in Archery SQL Audit Platform Arbitrary Method Execution Vulnerability in Discourse's SiteSetting Class Cross-Site Request Forgery (CSRF) vulnerability in icingaweb2-module-jira SQLParse Regular Expression Denial of Service (ReDoS) Vulnerability HTML Injection Vulnerability in matrix-react-sdk Critical Unrestricted Upload Vulnerability in Agro-School Management System 1.0 Plaintext Credential Exposure in aws-sigv4 Rust Library Data Leakage in Discourse-Reactions Plugin Arbitrary File Descriptor Closure Vulnerability in Cloud Hypervisor Unrestricted File Upload Vulnerability in Kiwi TCMS Reflected Cross-site Scripting Vulnerability in Pay for Ruby on Rails Stored Cross-Site Scripting (XSS) Vulnerability in Iris-Web Cross-Site Request Forgery Vulnerability in Form Block Plugin Privilege Escalation and Secret Exposure in Kruise-Daemon Pod Sensitive Terraform output values leaked in Kitchen-Terraform v7.0.0 Uncontrolled Code Execution via Unescaped Artifact Title in Tuleap Open ALM Critical SQL Injection Vulnerability in Agro-School Management System 1.0 (VDB-230568) Unintended File Extraction Vulnerability in MindsDB Command Injection Vulnerability in Gipsy Discord Bot Cluster-level Privilege Escalation in Clusternet Prior to Version 0.15.2 Command Injection Vulnerability in `embano1/wip` GitHub Action Wasmtime Vulnerability: LLVM Undefined Behavior in Per-Instance State Management SQL Injection Vulnerability in rudder-server (Versions prior to 1.3.0-rc.1) Directory Traversal and Cross-Site Scripting Vulnerabilities in Jellyfin Media System Stored Cross-Site Scripting (XSS) Vulnerability in Jellyfin-Web Command Injection Vulnerability in Kiwi TCMS Incorrect Bytecode Generation in Vyper Compiler for `raw_call` with `revert_on_failure=False` and `max_outsize=0` Insecure Direct Object References in SP Project & Document Manager Plugin for WordPress Local File Overwrite Vulnerability in Dmidecode before 3.5 Improper Input Validation in Apache Traffic Server: Proxy Configuration Vulnerability False TPM PCR Values Vulnerability Remote Denial of Service Vulnerability in TiKV 6.1.2 Denial of Service Vulnerability in TiKV 6.1.2: RpcStatus UNAVAILABLE for not leader Memory Leak in Baidu Braft 1.1.2's atomic_server Example Command Injection Vulnerability in Atos Unify OpenScape SBC, OpenScape Branch, and OpenScape BCF Stored XSS Vulnerability in Archer Platform 6.8 to 6.12 P6 HF1 (6.12.0.6.1) User Enumeration Vulnerability in Mobatime Mobile Application (CVE-2023-3065 and 3066) Improper Access Control Vulnerability in PersonaManagerService: Local Configuration Modification Improper Access Control Vulnerability in Settings Prior to SMR Jul-2023 Release 1: Unauthorized Access to Google Account Data Privilege Escalation Vulnerability in Galaxy Themes Service Local Privilege Escalation: Arbitrary Application Deletion in Galaxy Themes Service CdmaSmsParser Stack Out-of-Bound Write Vulnerability Heap Out-of-Bound Write Vulnerability in IpcRxIncomingCBMsg of RILD (SMR Jul-2023 Release 1) BroadcastSmsConfig Heap Out-of-Bound Write Vulnerability Heap Out-of-Bound Write Vulnerability in IpcRxUsimPhoneBookCapa of RILD IpcRxImeiUpdateImeiNoti Stack Out-of-Bounds Write Vulnerability RmtUimNeedApdu Heap Out-of-Bound Write Vulnerability Authentication Bypass Vulnerability in Mobatime Mobile Application AMXGT100 CallrunTspCmd Out of Bounds Read and Write Vulnerability CallgetTspsysfs Vulnerability: Local Code Execution via Out of Bounds Read and Write CallrunTspCmdNoRead Out of Bounds Read and Write Vulnerability Vulnerability: Out of Bounds Read and Write in enableTspDevice of sysinput HAL Service Improper Access Control Vulnerability in SLocationService: Unauthorized Location Update Improper Input Validation Vulnerability in SCEPProfile: Privileged Activity Launch LSOItemData Input Validation Vulnerability EnhancedAttestationResult Input Validation Vulnerability DataProfile Prior to SMR Jul-2023 Release 1 Local Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Transaction prior to SMR Jul-2023 Release 1 Impersonation Vulnerability in Mobatime Mobile Application AMXGT100 UwbAospAdapterService getDefaultChipId Vulnerability UwbAospAdapterService getChipInfos Vulnerability: Unauthorized Access to UWB Chipset Identifier UwbAospAdapterService getChipIds Vulnerability: Unauthorized Access to UWB Chipset Identifier Out-of-Bounds Write Vulnerability in OemPersonalizationSetLock in libsec-ril RegisteredMSISDN Input Validation Vulnerability Out-Of-Bounds Read Vulnerability in OnOemServiceMode in libsec-ril Out-of-Bounds Write Vulnerability in DoOemImeiSetPreconfig in libsec-ril Audio System Service Vulnerability: Unauthorized Broadcast with System Privilege Out-of-bounds Write Vulnerability in libsec-ril: Arbitrary Code Execution DoOemFactorySendFactoryTestResult Out-of-Bounds Write Vulnerability Stored Cross-site Scripting (XSS) vulnerability in GitHub repository zadam/trilium prior to version 0.59.4 Out-of-bounds Write Vulnerability in libsec-ril prior to SMR Jul-2023 Release 1 Package Installation Downgrade Vulnerability Improper Privilege Management Vulnerability in Samsung Smart Switch for Windows Installer Arbitrary Directory Deletion Vulnerability in Smart Switch PC Bypassing SameSite Cookie Protection in Samsung Internet (prior to version 21.0.0.41) Local Account Information Access Vulnerability in Samsung Pass Improper Access Control Vulnerability in Samsung Pass: Physical Attackers Can Access Data Improper Access Control Vulnerability in Samsung Pass: Unauthorized Data Access on Unlocked Devices Zip Path Traversal Vulnerability in Android Calendar App (Version 12.4.07.15) Allows Arbitrary File Writing HDCP Trustlet Access Control Vulnerability Critical SQL Injection Vulnerability in Campcodes Retro Cellphone Online Store 1.0 Privilege Escalation Vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 Out-of-Bounds Write Vulnerability in HAL VaultKeeper's initialize Function Local Privilege Escalation: Unauthorized Access to silenceRinger API in Telecom SMR Aug-2023 Release 1 Local Privilege Escalation: Unauthorized Access to endCall API in Telecom (SMR Aug-2023 Release 1) Local Privilege Escalation: Unauthorized Access to acceptRingingCall API in Samsung Telecom Improper Access Control Vulnerability in Telecom SMR Aug-2023 Release 1: Local Attackers Can Change TTY Mode Out-of-bounds Write Vulnerability in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 Out-of-bounds Write Vulnerability in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 Out-of-bounds Write Vulnerability in MakeUiccAuthForOem of libsec-ril Out-of-bounds Write Vulnerability in libsec-ril prior to SMR Aug-2023 Release 1 Unverified Password Change Vulnerability in GitHub Repository tsolucio/corebos prior to 8 Privilege Escalation Vulnerability in Duo prior to SMR Oct-2023 Release 1 AuthenticationConfig Parcel Mismatch Vulnerability Privilege Escalation Vulnerability in Evaluator prior to SMR Oct-2023 Release 1 DoOemFactorySendFactoryBypassCommand Out-of-bounds Write Vulnerability Out-of-bounds Write Vulnerability in libsec-ril's IpcTxPcscTransmitApdu Allows Arbitrary Code Execution Critical Out-of-Bounds Write Vulnerability in SSHDCPAPP TA on Galaxy Book Devices Out-of-Bounds Write Vulnerability in IpcTxGetVerifyAkey in libsec-ril Out-of-Bounds Write Vulnerability in libsec-ril prior to SMR Aug-2023 Release 1 Improper Access Control Vulnerability in TelephonyUI: Unauthorized BLE Connection Out-of-bounds Write Vulnerability in libsimba's parser_hvcC Function Stored Cross-site Scripting (XSS) Vulnerability in tsolucio/corebos prior to version 8 SemWifiApTimeOutImpl Vulnerability: Unauthorized ContentProvider Access via PendingIntent Hijacking WifiGeofenceManager Prior to SMR Aug-2023 Release 1: PendingIntent Hijacking Vulnerability Stack Overflow Vulnerability in SSHDCPAPP TA Improper URL Validation Vulnerability in Samsung Members (Version < 14.0.07.1) Allows Unauthorized Access to Sensitive Information Unauthorized Access to Downloaded Files in Samsung Internet Secret Mode Privileged Content Provider Access Vulnerability in Galaxy Store (prior to version 4.5.56.6) Arbitrary File Read Vulnerability in Samsung Keyboard prior to SMR Sep-2023 Release 1 Arbitrary File Deletion Vulnerability in Samsung Keyboard Captive Portal Wi-Fi Access Vulnerability in SecSettings prior to SMR Sep-2023 Release 1 Local Privilege Escalation Vulnerability in Dual Messenger prior to SMR Sep-2023 Release 1 Stored Cross-site Scripting (XSS) Vulnerability in tsolucio/corebos prior to version 8 Privilege Escalation Vulnerability in Knox AI Prior to SMR Sep-2023 Release 1 Authentication Bypass Vulnerability in Phone and Messaging Storage SMR SEP-2023 Release 1 Arbitrary Activity Launch Vulnerability in Settings Suggestions prior to SMR Sep-2023 Release 1 Improper Privilege Management Vulnerability in FolderLockNotifier in One UI Home FolderContainerDragDelegate Improper Authorization Vulnerability in One UI Home Improper Access Control Vulnerability in Weather App Allows Unauthorized Access to Location Information Improper Access Control Vulnerability in SVCAgent: Unauthorized Command Triggering Unresettable Identifier Exposure Vulnerability in SVCAgent Improper Export of Android Application Components Vulnerability in WifiApAutoHotspotEnablingActivity InboundSmsHandler Vulnerability: Unauthorized Access to Message Data ACL Policy Block Labeling Vulnerability LmsAssemblyTrackerCTC Prior to SMR Sep-2023 Release 1: Arbitrary File Access via PendingIntent Hijacking Log Leakage Vulnerability in Locksettings Prior to SMR Sep-2023 Release 1 Arbitrary Code Execution Vulnerability in Samsung Blockchain Keystore's bc_tui Trustlet Arbitrary File Write Vulnerability in Samsung Health GallerySearchProvider Authentication Bypass Vulnerability LocalProvider Authentication Bypass Vulnerability in Gallery 14.5.01.2 GameLauncher Prior to Version 4.2.59.5: PendingIntent Hijacking Vulnerability Unauthenticated Wi-Fi Enablement and Connection Vulnerability in SecSettings PackageInstallerCHN Intent Redirection Vulnerability Improper Certificate Validation in Samsung Email: Remote Network Traffic Interception Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in tsolucio/corebos GitHub Repository via evvtgendoc Camera Implicit Intent Hijacking Vulnerability Package Installation Vulnerability: Unauthorized Application Installation via Debugger Command Improper Access Control in System Property Allows Local Attacker to Obtain CPU Serial Number Critical Stack-based Buffer Overflow Vulnerability in HDCP Trustlet Prior to SMR Oct-2023 Release 1 Enables Code Execution Improper Access Control Vulnerability in Samsung Health: Unauthorized Access to Sensitive Information via Implicit Intent Improper Preservation of Permissions in SAssistant Allows Unauthorized Access to Backup Data Improper Authorization in Samsung Assistant PushMsgReceiver Allows for JavaScript Interface Execution Improper Access Control Vulnerability in Samsung Health: Unauthorized Access to Sensitive Information via Implicit Intent SMM Memory Corruption Vulnerability in Galaxy Book UEFI Firmware Arbitrary Code Execution via libsec-ril Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in tsolucio/corebos prior to version 8 Unauthorized Access to Sensitive Information in SAP BusinessObjects Business Intelligence Platform Unauthenticated Redirect Vulnerability in SAP BusinessObjects Business Intelligence Platform Stored Cross-Site Scripting (XSS) Vulnerability in SAP CRM WebClient UI CSS Injection and Phishing Attack in SAPUI5 Unauthenticated Remote Code Execution in SAP AS NetWeaver JAVA Phan Chuong IP Metaboxes Plugin <= 2.1.1 - Authenticated Stored XSS Vulnerability Stored XSS Vulnerability in Booqable Rental Software Plugin Unauthenticated Reflected XSS Vulnerability in WPGem WooCommerce Easy Duplicate Product Plugin Stored XSS Vulnerability in iHomefinder Optima Express + MarketBoost IDX Plugin <= 7.3.0 CSRF Vulnerability in GitHub Repository tsolucio/corebos prior to 8 SQL Injection vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress Stored XSS Vulnerability in iControlWP Article Directory Redux Plugin Stored XSS Vulnerability in Silvia Pfeiffer and Andrew Nimmo External Videos Plugin <= 2.0.1 Unauthenticated Reflected XSS Vulnerability in Phan Chuong IP Metaboxes Plugin <= 2.1.1 Unauthenticated Reflected XSS Vulnerability in AdFoxly Ad Manager Plugin (<= 1.8.5) Know-how Protection Encryption Update Vulnerability in Totally Integrated Automation Portal (TIA Portal) Arbitrary Script Injection Vulnerability in Pleasanter 1.3.38.1 and Earlier Privilege Escalation Vulnerability in Printer Driver Packager NX v1.0.02 to v1.1.25 Unrestricted User Account Creation Vulnerability in MStore API WordPress Plugin Out-of-bounds Read Vulnerability in Intel RealSense ID Software Title: Improper Authentication Vulnerability in KB-AHR and KB-IRIP Series Allows Arbitrary OS Command Execution Heap-based Overflow Vulnerability in Intel(R) SoC Watch Software (Before Version 2021.1) Allows Privilege Escalation via Local Access OS Command Injection Vulnerability in KB-AHR and KB-IRIP Series Privilege Escalation Vulnerability in Delta Electronics InfraSuite Device Master Hidden Functionality Vulnerability in KB-AHR and KB-IRIP Series: Arbitrary OS Command Execution and Device Settings Alteration Buffer Overflow Vulnerability in Intel(R) Optimization for TensorFlow Vulnerability: Privilege Escalation via Local Access in Intel(R) Server Board S2600WTT P2P Consensus Message Vulnerability: Exploiting Unpatched Nodes for Network Disruption Blind SQL Injection Vulnerability in MStore API WordPress Plugin ASUSTOR Data Master (ADM) Stack-Based Buffer Overflow Vulnerability Incorrect Authorization Vulnerability in Apache IoTDB Web Workbench Race Condition and Use-After-Free Vulnerability in Linux Kernel's da9150-charger.c Heap Buffer Overflow Vulnerability in libtiff Library via TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS Values Heap Buffer Overflow Vulnerability in libtiff's extractContigSamples32bits Vulnerability: Unauthorized Access to Database Connection Passwords in Apache Superset Unauthenticated Reflected XSS Vulnerability in WP Engine Advanced Custom Fields Pro and WP Engine Advanced Custom Fields Plugins Stored Cross-Site Scripting (XSS) Vulnerability in Blubrry PowerPress Podcasting Plugin Unauthenticated Reflected XSS Vulnerability in Jonathan Daggerhart Query Wrangler Plugin Lenovo Universal Device Client (UDC) Local Privilege Escalation Vulnerability TheGuideX User IP and Location Plugin <= 2.2 Stored XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in Theme Blvd Tweeple Plugin <= 0.9.5 Unauthenticated Reflected XSS Vulnerability in Andy Moyle Church Admin Plugin <= 3.7.5 Stored Cross-Site Scripting (XSS) Vulnerability in Kaya Studio Kaya QR Code Generator Plugin <= 1.5.2 Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Video Grid Plugin <= 1.21 Stored XSS Vulnerability in Benjamin Guy Captcha Them All Plugin <= 1.3.3 Remote Code Execution Vulnerability in MonicaHQ 4.0.0 via CSTI in `people:id/introductions` Endpoint Remote Code Execution Vulnerability in MonicaHQ v4.0.0 via CSTI in `people/add` Endpoint Remote Code Execution Vulnerability in MonicaHQ Version 4.0.0 via CSTI in `people:id/work` Endpoint Type Confusion Vulnerability in V8 Allows Remote Heap Corruption Remote Code Execution Vulnerability in MonicaHQ 4.0.0 via CSTI in `people:id/relationships` Endpoint Avatar Upload Vulnerability in Plane Version 0.7.1-dev Cross-Site Scripting (XSS) Vulnerability in Lexical prior to v0.10.0 Out of Bounds Read Vulnerability in JT Open, JT Utilities, and Parasolid Out of Bounds Read Vulnerability in JT Open and JT Utilities Insufficiently Random Default Credentials in Netflix Lemur (CVE-XXXX) Denial of Service Vulnerability in Starlette Python Framework's MultipartParser Privilege Escalation Vulnerability in MikroTik RouterOS Stored Cross-Site Scripting Vulnerability in WP Mail Catcher Plugin Heap Memory Corruption Vulnerability in MikroTik RouterOS 6 Web Server Default Credentials Vulnerability in qBittorrent Web User Interface Sangfor NGAF8.0.17 Source Code Disclosure Vulnerability Authentication Bypass Vulnerability in Sangfor Next-Gen Application Firewall NGAF8.0.17 Authenticated File Disclosure Vulnerability in Sangfor Next-Gen Application Firewall NGAF8.0.17 Sangfor NGAF8.0.17 Application Firewall OS Command Injection Vulnerability Sangfor NGAF8.0.17 Application Firewall OS Command Injection Vulnerability Stored Cross-Site Scripting Vulnerability in WP Mail Logging Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Post SMTP WordPress Plugin (Versions up to 2.5.7) Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.9 Vulnerability: Storage Allocator Overflow in Vyper Smart Contract Language (Versions Prior to 0.3.8) Cross-Site Scripting (XSS) Vulnerability in PrestaShop SQL Filtering Vulnerability in PrestaShop Versions Prior to 8.0.4 and 1.7.8.9 Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.9 Privilege Escalation and Cluster-wide Access Vulnerability in Fluid CSI Pod Insecure Storage of Credentials in Baremetal Operator (BMO) Prior to Version 0.3.0 User Access Control Bypass in Payload CMS Versions Prior to 1.7.0 Control Character Vulnerability in Mutagen Authentication Bypass Vulnerability in ESPv2 Authentication Data Leakage in typed-rest-client Library (CVE-2021-12345) Uninitialized Pointer Vulnerability in H2O HTTP Server (CVE-2021-12345) SQL Injection Vulnerability in Pimcore Admin Search Find API SQL Injection Vulnerability in Pimcore Translation Export API Cross-Site Scripting Vulnerability in X-WRT luci up to 22.10_b202303061504 SQL Injection Vulnerability in Pimcore Admin Translations API HTTP Policy Bypass Vulnerability in Cilium Arbitrary File Read Vulnerability in Pimcore's `/admin/misc/script-proxy` API Endpoint GitHub Actions Gradle Build Action Sensitive Data Leakage Vulnerability OS Command Injection Vulnerability in AVideo Prior to Version 12.4 Path Traversal and Arbitrary File Creation in Pimcore Versions Prior to 10.5.18 Cross-Site Websocket Hijacking in eDEX-UI Terminal Emulator Prototype Pollution in MetadataRecord via meta() Decorator in @aedart/support Package Polynomial Inefficiency in reTrimSpace Regex in Denosaurs Emoji Package Vulnerability: Command Execution via Triton Minecraft Plugin Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.9 Unsanitized Input in Meeting Room Creation Allows for Cookie Hijacking and Account Takeover Flask Caching Proxy Session Cookie Leakage Vulnerability Local Privilege Escalation Vulnerability in Connectivity Service Possible Local Privilege Escalation Vulnerability in Connectivity Service Missing Permission Check in Dialer Service: Local Information Disclosure Vulnerability Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges SQL Injection Vulnerability in Streampark Platform's Fuzzy Search Feature Unauthenticated Reflected XSS Vulnerability in Jon Christopher CMS Tree Page View Plugin <= 1.6.7 Unauthenticated Privilege Escalation in Easy Digital Downloads Plugin Stored Cross-Site Scripting Vulnerability in FluentSMTP WordPress Plugin (Versions up to 2.2.4) Unauthenticated Reflected XSS Vulnerability in PT Woo Plugins Stock Exporter for WooCommerce Plugin SQL Injection Vulnerability in BannerSky BSK Forms Blacklist Stored Cross-Site Scripting (XSS) Vulnerability in Steve Curtis, St. Pete Design Gps Plotter Plugin <= 5.1.4 Stored XSS Vulnerability in All My Web Needs Logo Scheduler Plugin <= 1.2.0 Stored Cross-Site Scripting (XSS) Vulnerability in Dave's WordPress Live Search Plugin <= 4.8.1 Unauthenticated Reflected XSS Vulnerability in Maxim Glazunov XML for Google Merchant Center Plugin Stored Cross-Site Scripting Vulnerability in WP Mail Log Plugin for WordPress (Versions up to 1.1.1) Non-compliant Cryptographic Modules in Red Hat OpenShift Container Platform Privilege Escalation Vulnerability in SIMATIC WinCC (All versions < V7.5.2.13) Deserialization Code Execution Vulnerability in Siveillance Video Deserialization Code Execution Vulnerability in Siveillance Video Management Server Heap Out-of-Bounds Write Vulnerability in Linux Kernel IPvlan Network Driver Stack Overflow Vulnerability in Xpedition Layout Browser (All versions < VX.2.14) Allows Code Execution Cross-Site Request Forgery Vulnerability in POWER METER SICAM Q100 (All versions < V2.60) Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Agent Local Denial of Service (DoS) Vulnerability in HP-UX with IPv6/inet6 Configuration Local Privileged LDAP Information Disclosure Vulnerability in HPE Insight Remote Support Enhanced Privilege Exploit in MC990 X and UV300 RMC Component Default Configuration Local Privilege Escalation Vulnerability Remote Authentication Bypass Vulnerability in OneView API Remote Authentication Bypass Vulnerability in OneView APIs Unsupported Vulnerability in Captura up to 8.0.0: Uncontrolled Search Path in CRYPTBASE.dll Remote Code Execution Vulnerability in HPE MSA Controller Denial of Service Vulnerability in HPE Integrated Lights-Out 5 and 6 using iLOrest Critical Remote Code Execution Vulnerability in HPE OneView Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Email Service Vulnerability: Local Information Disclosure via Missing Permission Check Email Service Vulnerability: Local Information Disclosure without Execution Privileges Possible Local Privilege Escalation Vulnerability in DMService Possible Local Privilege Escalation Vulnerability in DMService Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Local Information Disclosure Vulnerability in Messaging Service Stored Cross-Site Scripting Vulnerability in SMTP Mail Plugin for WordPress Local Information Disclosure Vulnerability in Messaging Service Local Information Disclosure Vulnerability in Messaging Service Local Information Disclosure Vulnerability in Messaging Service Local Information Disclosure Vulnerability in Messaging Service Local Information Disclosure Vulnerability in Messaging Service Missing Permission Check in OPM Service Allows Local Information Disclosure Missing Permission Check in OPM Service Allows Local Information Disclosure Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Escalation of Privilege via Missing Permission Check Telephony Service Vulnerability: Local Escalation of Privilege via Missing Permission Check Stored Cross-Site Scripting Vulnerability in YaySMTP WordPress Plugin (Versions up to 2.4.5) Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure via Missing Permission Check Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Critical SQL Injection Vulnerability in Agro-School Management System 1.0 (CVE-2021-230670) Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Arbitrary Folder Creation Vulnerability in Moodle's TinyMCE Loaders SQL Injection Vulnerability in Moodle's External Wiki Method Unauthenticated Arbitrary File Read/Write Vulnerability in Multiple Services Unauthorized Access to Issue Metadata via Foundry's Notification API Insecure Attachment Retrieval in Foundry's Comments Functionality Origin Validation Vulnerability in Slate Sandbox Allows Content Modification and Phishing Attacks Improper Access Control in GitHub Repository nilsteampassnet/teampass prior to 3.0.9 Unauthenticated Information Disclosure Vulnerability in Foundry Campaigns Service Vulnerability Alert: XXE Attack Exploit in Foundry Magritte Plugin Rest-Source Foundry Issues Vulnerability: Exploitable Phishing Link Creation via Request Manipulation Race Condition in Gotham Video-Application-Server Service Leads to Incomplete ACL Application for New Videos Authorization Bypass Vulnerability in Foundry Workspace-Server Allows Unauthorized Access to Developer Mode Settings Foundry Comments Attachment Exposure Vulnerability Resolved in Version 2.267.0 DOM XSS Vulnerability in Foundry Frontend XSS Vulnerability in Apollo Change Requests: User-Interactive JavaScript URI Link Improper Access Controls in KylinSoft kylin-software-properties on KylinOS (VDB-230686) Unauthorized Access to Build Metadata in Foundry Job-Tracker Critical Vulnerability in Palantir Gotham: Incorrect Classification Bug Stored Cross-Site Scripting (XSS) Vulnerability in Gotham Cerberus Service Stored XSS Vulnerability in Foundry Frontend Path Traversal Vulnerability in Gotham Orbital-Simulator Service (Version 0.692.0 and earlier) CVE-2023-30968 Critical Security Vulnerability: Lack of Authentication/Authorization in Palantir Tiles1 Service Critical Command Injection Vulnerability in KylinSoft kylin-software-properties on KylinOS Path Traversal Vulnerability in Gotham Table Service and Forward App Critical Path Traversal Vulnerability in KylinSoft youker-assistant on KylinOS (VDB-230688) Out-of-Bounds Read Vulnerability in Solid Edge SE2023 (ZDI-CAN-19426) Memory Corruption Vulnerability in Solid Edge SE2023 (All versions < V223.0 Update 3) and Solid Edge SE2023 (All versions < V223.0 Update 2) Allows Code Execution (ZDI-CAN-19561) Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Local Privilege Escalation Vulnerability in IBM i Facsimile Support Local Privilege Escalation Vulnerability in IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 Critical Local Host File Access Vulnerability in KylinSoft youker-assistant on KylinOS Remote Command Execution Vulnerability in IBM i DDM Architecture Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 Cross-Tenant Data Access Vulnerability in IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 Weak Cryptographic Algorithms in IBM QRadar SIEM 7.5.0: A Gateway to Decrypt Sensitive Data Bypassing IP Whitelist Restrictions in IBM Aspera Faspex CVE-2023-30996 Uncontrolled Resource Consumption Vulnerability in IBM Security Access Manager Container Critical SQL Injection Vulnerability in IBOS 4.5.5 (VDB-230690) Sensitive Information Exposure in IBM Security Access Manager Container Sensitive Information Exposure in IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 Improper Access Controls in IBM Security Access Manager Container Remote Code Execution Vulnerability in IBM Security Access Manager Container Privilege Escalation Vulnerability in IBM Security Access Manager Container Denial of Service Vulnerability in IBM Security Access Manager Container Authentication Bypass Vulnerability in Apache Pulsar Broker Vulnerability: NVIDIA DGX H100 BMC IPMI Improper Input Validation Vulnerability in NVIDIA DGX H100 BMC REST Service Allows for Code Execution and Privilege Escalation Vulnerability in NVIDIA DGX H100 BMC IPMI: Privilege Escalation, Information Disclosure, and Denial of Service NVIDIA DGX H100 BMC REST Service Input Validation Vulnerability NVIDIA DGX H100 BMC REST Service Input Validation Vulnerability Vulnerability in NVIDIA DGX H100 BMC REST Service: Privilege Escalation and Information Disclosure Vulnerability in NVIDIA GeForce Now for Android Game Launcher Component Allows for Information Disclosure and Code Execution NVIDIA DGX H100 BMC REST Service Authentication Bypass Vulnerability Uncontrolled Search Path Vulnerability in NVIDIA GPU Display Driver for Windows Arbitrary Data Write Vulnerability in NVIDIA GPU Display Driver for Windows NVIDIA GPU Driver for Windows and Linux: Kernel Mode NULL-Pointer Dereference Vulnerability NVIDIA GPU Display Driver for Windows Impersonation Vulnerability GitLab EE Vulnerability: Unauthorized Access to Private Issue and MR Titles Unprivileged User Access Control Vulnerability in NVIDIA GPU Display Driver for Windows Denial of Service Vulnerability in NVIDIA vGPU Software NULL-Pointer Dereference Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA Display Driver for Windows Pointer Dereference Vulnerability Vulnerability: Stack Memory Corruption in NVIDIA DGX A100 BMC's Host KVM Daemon NVIDIA DGX A100 BMC LDAP User Injection Vulnerability NVIDIA vGPU Software Vulnerability: Denial of Service via NULL-Pointer Dereference Privilege Escalation Vulnerability in NVIDIA GPU Display Driver for Windows CVE-2023-31028 Critical Vulnerability in NVIDIA DGX A100 BMC Allows Remote Code Execution and Data Tampering Authentication Bypass Vulnerability Allowing MITM Attack and Potential DOS on Robot's Camera Video Stream Title: NVIDIA DGX A100 BMC Host KVM Daemon Stack Overflow Vulnerability Heap-Based Buffer Overflow Vulnerability in NVIDIA DGX A100 SBIOS Vulnerability in NVIDIA DGX A100 SBIOS Allows for Local Denial of Service Critical Vulnerability in NVIDIA DGX A100 BMC: Missing Authentication Allows for Privilege Escalation and Code Execution Vulnerability: Integer Overflow in NVIDIA DGX A100 SBIOS Vulnerability in NVIDIA DGX A100 SBIOS Allows Arbitrary Code Execution at SMM Level Path Traversal Vulnerability in NVIDIA Triton Inference Server Allows for Code Execution and Data Tampering Code Injection Vulnerability in NVIDIA Bluefield 2 and Bluefield 3 DPU BMC's ipmitool SQL Injection Vulnerability in Log4cxx ODBC Appender Arbitrary Code Execution via ServerOptions::pid_file in Apache bRPC <1.5.0 Unauthenticated Access to Cameras via Web Server Cleartext Storage of System Password Information in Insyde InsydeH2O FlashBlade Purity Vulnerability: Object Store Protocol Impact on Data Access and Replication Unredacted Password Logging Vulnerability in EnterpriseDB EDB Postgres Advanced Server (EPAS) Stored XSS Vulnerability in Text Editors and Formats in Backdrop CMS before 1.24.2 Path Traversal Vulnerability in PaperCut NG and PaperCut MF before 22.1.1 Bypassing Validation in Multiple File Uploads in Django Forms Sensitive Information Disclosure in OPC UA .NET Standard Reference Server Vulnerability: Insecure Direct Object References in LearnDash LMS Plugin for WordPress Password Exposure in CloverDX Audit Log Apache InLong Untrusted Data Deserialization Vulnerability Directory Traversal Vulnerability in Repetier Server 1.4.10: Unauthorized Access to Credentials Netlink_dump NULL Pointer Dereference Vulnerability Privilege Escalation Vulnerability in Repetier Server through 1.4.10 Lack of CSRF Protection in Repetier Server through 1.4.10 Improper Privilege Management Vulnerability in Apache InLong Unauthorized Access to Files or Directories in Apache InLong Insufficient Session Expiration in Apache InLong: User Persistence Vulnerability Apache InLong Vulnerability: Unauthorized Access to Files and Directories Full Control Permissions for Everyone on Directories in TSplus Remote Access Full Control Permissions for Everyone in TSplus Remote Access Clear-text Storage of Credentials in TSplus Remote Access Login Page IPv6 Fragment Reassembly Integer Overflow Vulnerability Unauthenticated Reflected XSS Vulnerability in Yannick Lefebvre Modal Dialog Plugin <= 3.5.14 Unauthenticated Reflected XSS Vulnerability in Praveen Goswami Advanced Category Template Plugin Unauthenticated Reflected XSS Vulnerability in hupe13 Extensions for Leaflet Map Plugin <= 3.4.1 Arshid Easy Hide Login CSRF Vulnerability Unauthenticated Reflected XSS Vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.6 CSRF Vulnerability in ReCorp Export WP Page to Static HTML/CSS Plugin CSRF Vulnerability in WP BrowserUpdate Plugin <= 4.4.1 Stored Cross-Site Scripting (XSS) Vulnerability in Chris Roberts Tippy Plugin <= 6.2.1 Local Denial of Service Vulnerability in Linux Kernel's skcipher_recvmsg Function NULL Pointer Dereference in vidtv_mux_stop_thread Sleeping Function in gsmld_write Leads to Kernel Block in Linux Kernel 6.2 Race Condition in hci_uart_tty_ioctl Leads to NULL Pointer Dereference Blocking Operation Vulnerability in Linux Kernel 6.2 Divide-by-Zero Error in UBI CDEV Driver CSRF Vulnerability in Igor Benic Simple Giveaways Plugin CSRF Vulnerability in JoomSky JS Job Manager Plugin CSRF Vulnerability in Faraz Quazi Floating Action Button Plugin CSRF Vulnerability in Tradebooster Video XML Sitemap Generator Stored Cross-site Scripting (XSS) Vulnerability in Admidio GitHub Repository (prior to 4.2.8) CVE-2023-31090 Stored Cross-Site Scripting (XSS) Vulnerability in Pradeep Singh Dynamically Register Sidebars Plugin <= 1.0.1 SQL Injection Vulnerability in Foxskav Easy Bet CSRF Vulnerability in Chronosly Events Calendar Plugin Unauthenticated Reflected XSS Vulnerability in WP Trio Stock Sync for WooCommerce Plugin Open Redirect Vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms Local Privilege Escalation to SYSTEM via Stack Overflow in Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver Weak Password Requirements vulnerability in Apache InLong Remote Code Execution Vulnerability in Zoho ManageEngine OPManager through 126323 via Probe Servers Stack Buffer Overflow Vulnerability in SiLabs Unify Gateway 1.3.1 and Earlier SMI Handler Vulnerability in Phoenix SecureCore™ Technology™ 4 Allows Unauthorized SPI Flash Modification Insecure Default Initialization of Resource Vulnerability in Apache InLong Integer Underflow and Invalid Read Vulnerability in Ppmd7.c of 7-Zip Apache InLong Vulnerability: Unauthorized Modification of Cluster Name and Type Use After Free Vulnerability in btrfs_ioctl_balance() and btrfs_ioctl_defrag() Functions Unintended SIM Status Query Vulnerability in Samsung Exynos Modem 5123 and 5300 Vulnerability: Activation Mode Manipulation in Samsung Exynos Modem 5123 and 5300 Unintended Querying of RCS Capability in Samsung Exynos Modem 5123 and 5300 Local Code Execution Vulnerability in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 Apache HTTP Server mod_macro Out-of-bounds Read Vulnerability Improper Password Verification Vulnerability in `effectindex/tripreporter` Lack of Entropy in c-ares Cross-Compilation Vulnerability Uncaught Exception Vulnerability in Engine.IO Arbitrary HTML Injection and Cross-Site Scripting in XWiki Commons XML Library Vulnerability in SPDM Session Establishment in libspdm Command Injection Vulnerability in NextCloud Cookbook's `pull-checks.yml` Workflow NULL pointer dereference vulnerability in Contiki-NG's IPv6 router solicitation message handling code LXCA's Common Information Model (CIM) Server Unauthenticated XXE Vulnerability Buffer Underflow Vulnerability in c-ares Library Path Traversal Vulnerability in Greenplum Database (GPDB) Allows Arbitrary File Writes Privilege Escalation Vulnerability in Cacti Unvalidated Filtering Vulnerability in Ghost API Tauri IPC Isolation Bypass Vulnerability Nonce Collisions in Dgraph Audit Logs Allow Brute Force Attacks PostgresNIO TLS Man-in-the-Middle Vulnerability Integer Underflow Vulnerability in MaraDNS DNS Packet Decompression Function Unauthorized Modification of Related Objects in DHIS2 Core Unrestricted Session Cookie Generation in DHIS2 Core Authorization Bypass in Terraform Enterprise Agent Pools (CVE-2023-3114) OpenProject Session Termination Bypass Vulnerability Race condition vulnerability in OpenSearch's access control rules implementation Vulnerability: Category Permissions Reset to Default in Discourse Unauthenticated Terminal Access Vulnerability in Mage-AI Cross-Site Scripting (XSS) Vulnerability in Craft CMS Feed Widget Reflected XSS Vulnerability with Full CSP Bypass in Collabora Online for Nextcloud Out-of-bounds array access vulnerability in Vyper prior to version 0.3.8 Insecure Random Number Generation in c-ares Library Remote Code Execution Vulnerability in SEL RTAC Web Interface Remote Code Execution Vulnerability in SEL RTAC Web Interface Improper Enforcement of Single Sign-On Restrictions in GitLab EE Recoverable Password Storage Vulnerability in SEL RTAC Database System Improper Certificate Validation in SEL RTAC Web Interface Allows Remote Man-in-the-Middle Attack Authentication Bypass Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface OpenHarmony v3.2.2 and Prior Versions: Local Attacker Exploits Incorrect Default Permissions to Access Confidential Information and Rewrite Sensitive Files Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Improper Input Validation in SEL RTAC Web Interface Allows Unauthorized Resource Access Arbitrary Configuration File Alteration Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Cross-site Scripting (XSS) Vulnerability in SEL RTAC Web Interface Path Traversal Vulnerability in SEL RTAC Web Interface Allows Unauthorized Folder Creation Path Traversal Vulnerability in SEL-5036 acSELerator Bay Screen Builder Software Inclusion of Functionality from Untrusted Control Sphere vulnerability in SEL-5030 acSELerator QuickSet Software Unicode Encoding Vulnerability in SEL-5030 acSELerator QuickSet Software Inclusion of Functionality from Untrusted Control Sphere vulnerability in SEL-5030 acSELerator QuickSet Software SQL Injection Vulnerability in SEL-5030 acSELerator QuickSet Software Special Elements Filtering Vulnerability in SEL-5030 acSELerator QuickSet Software Authentication Bypass via Hard-coded Credentials in SEL-5037 SEL Grid Configurator CSRF Vulnerability in SEL-5037 SEL Grid Configurator: Unauthorized Execution of Embedded Instructions Privilege Escalation Vulnerability in SEL-5037 SEL Grid Configurator Insufficient Entropy Vulnerability in SEL-451: Brute-Force Session Token Bypass Cross-Site Scripting (XSS) Vulnerability in SEL-451 AgilePoint NX v8.0 SU2.2 & SU2.3 - Arbitrary File Delete Vulnerability AgilePoint NX v8.0 SU2.2 & SU2.3 - Path Traversal File Download Vulnerability Reflected Cross-Site Scripting Vulnerability in Export All URLs WordPress Plugin Reflected Cross-Site Scripting (RXSS) Vulnerability in InnoKB Server Path Traversal Vulnerability in InnoKB Server and InnoKB/Console 2.2.1 EasyTor Applications - Unauthorized Access Vulnerability Reflected XSS Vulnerability in Cybonet PineApp Mail Secure ROZCOM Client Vulnerability: Hard-coded Credentials Unspecified Request Vulnerability in ROZCOM Server Framework Allows Information Disclosure Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration Vulnerability Insufficiently Protected Credentials in Avaya IX Workforce Engagement v15.2.7.1195 Archer Series Routers: Arbitrary OS Command Execution Vulnerability Authentication Bypass Vulnerability in Intel(R) Server Product OpenBMC Firmware Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (CVE-2021-230798) Improper Authentication in DroneScout ds230 Remote ID Receiver Firmware Update Procedure Information Loss Vulnerability in DroneScout ds230 Remote ID Receiver SoftEther VPN 5.01.9674 ClientConnect() Information Disclosure Vulnerability Vulnerability: Insecure HTTP Connections in Snap One OvrC Pro Devices Improper Array Index Validation Vulnerability in Diagon v1.0.139 Insecure Cookie Handling in ASUS Router RT-AX3000 Firmware Unauthenticated Remote Information Disclosure Vulnerability in Wi-Fi AP UNIT Uncontrolled Search Path Vulnerability in Intel(R) Trace Analyzer and Collector Wi-Fi AP UNIT OS Command Injection Vulnerability Privilege Escalation Vulnerability in Intel(R) Solid State Drive Toolbox(TM) Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (CVE-2021-230799) Vulnerability: Lack of Token Requirement in PTC Vuforia Studio Denial of Service Vulnerability in OpenVINO Model Server Software Apache InLong Vulnerability: Resource Exposure to Wrong Sphere Credential Exposure via Query Parameters in Checkmk Arbitrary Livestatus Command Execution in Checkmk RestAPI Arbitrary Command Execution Vulnerability in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 Server-Side Request Forgery (SSRF) Vulnerability in Dahua Smart Parking Management User-Controlled LD_LIBRARY_PATH Vulnerability in Checkmk Agent (CVE-2021-12345) Vulnerability: Unauthorized Access with Locked Credentials in Checkmk SQL Injection Vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries Stored Cross-Site Scripting (XSS) Vulnerability in WPBakery Page Builder Plugin <= 6.13.0 Unrestricted File Upload Vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon CSRF Vulnerability in Ultimate Member Plugin <= 2.6.0 Stored Cross-Site Scripting (XSS) Vulnerability in MyTechTalky User Location and IP Plugin <= 1.6 CSRF to Stored XSS Vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional Plugin <= 1.0.6 SSRF Vulnerability in WPChill Download Monitor Stored Cross-Site Scripting Vulnerability in GD Mail Queue Plugin for WordPress Unauthenticated Reflected XSS Vulnerability in WP-EXPERTS.IN TEAM WP Categories Widget Plugin Ransom Christofferson PDQ CSV Plugin <= 1.0.0 - Authenticated Stored XSS Vulnerability Vulnerability: Deserialization of Untrusted Data in Medtronic's Paceart Optima System Persistent XSS Vulnerability in Dradis (before 4.8.0) Allows Authenticated Author Users to Exploit Avatars Broken Access Control Vulnerability in Jamf Pro Server Gallery App Vulnerability: Hijacking Attacks and Product Availability Impact Improper Permission Verification in MediaPlaybackController SDK: Confidentiality Impact API Calling Verification Vulnerability in hwPartsDFR Module Stored Cross-Site Scripting (XSS) Vulnerability in CM On Demand Search And Replace Plugin <= 1.3.0 Open Redirect Vulnerability in WP Directory Kit Stored XSS vulnerability in Haoqisir Baidu Tongji generator allows Cross-Site Request Forgery (CSRF) Unrestricted File Upload Vulnerability in Unlimited Elements For Elementor Stored Cross-Site Scripting (XSS) Vulnerability in David Artiss Plugins List Plugin <= 2.5 Haoqisir Baidu Tongji Generator Plugin <= 1.0.2 - Stored XSS Vulnerability CVE-2023-31234 CSRF Vulnerability in Participants Database Plugin <= 2.4.9 Stored XSS Vulnerability in unFocus Projects Scripts n Styles Plugin <= 3.5.7 Open Redirect Vulnerability in Dylan James Zephyr Project Manager Session Token Impersonation Vulnerability in POWER METER SICAM Q100 (All versions < V2.60) Arbitrary Code Execution via Stack-Based Buffer Overflow in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 Vulnerability: Privilege Escalation in Elementor Pro Plugin for WordPress Hidden Superuser Account with Hard-Coded Credentials in Snap One OvrC Pro Versions Prior to 7.2 Snap One OvrC Cloud Server Vulnerability: Device Takeover via Bypass Route Authentication Bypass Vulnerability in Open Automation Software OAS Platform v18.00.0072 Uninitialized Pointer Vulnerability in Product's CSP File Parsing Snap One OvrC Cloud Vulnerability: Web Management Interface Impersonation and Arbitrary Redirection Privilege Escalation Vulnerability in Intel(R) SDP Tool Software Memory Corruption Vulnerability in Weston Embedded uC-HTTP v3.01.01: Remote Code Execution via Host Header Parsing Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability Vulnerability: Unauthorized Modification of Product Pricing in B2BKing Plugin for WordPress Insecure File Path Sanitization in Drupal Unauthenticated Access to Pricing Data in B2BKing WordPress Plugin Critical Vulnerability: Unauthenticated Administrator Access in iSTAR Access Control Systems Improper Access Control in Intel(R) VROC Software: Local Privilege Escalation Vulnerability Stack-Based Buffer Overflow Vulnerability in Yifan YF325 v1.0_20221108's httpd do_wds Functionality Vulnerability in Intel DCM Software Allows Privilege Escalation via Network Access Unauthenticated User Memory Consumption Vulnerability in AVEVA PI Server Uninitialized Pointer Use Vulnerability in WPS Office 11.2.0.11537 Allows Remote Code Execution Insecure Transmission of Credentials: PiiGAB M-Bus Plaintext Vulnerability Out-of-Bounds Read Vulnerability in Project File Parsing Vulnerability: Account Takeover and Authentication Bypass in Grafana with Azure AD OAuth Stack Buffer Overflow in illumos-gate: Privilege Escalation via /dev/net XSS Vulnerability in Serenity Serene (and StartSharp) Allows Remote Code Execution User Enumeration Vulnerability in Serenity Serene Token Reuse Vulnerability in Serenity Serene (and StartSharp) Improper Input Validation in Pexip Infinity before 31.2 Allows Remote Abort Stored Cross-Site Scripting Vulnerability in URL Shortify WordPress Plugin Trust Wallet Core before 3.1.1: Low Entropy Vulnerability Local Authentication Bypass and Sensitive Information Disclosure in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718) Improper Access Control in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718) Allows Information Disclosure and Profile Restriction Bypass CSV Injection Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) v6.3.8.6: Remote Information Disclosure via Delivery Name Field CSV Injection Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) v6.3.8.6: User Profile Field Sensitive Information Disclosure CSV Injection Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) v6.3.8.6: User Name Field Data Leakage XSS Vulnerability in SESAMI planfocus CPTO 6.3.8.6 718 via Name Field Arbitrary Code Execution and Information Disclosure Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) v6.3.8.6 (#718) Arbitrary Code Execution via Barcode Field in Sesami Cash Point & Transport Optimizer (CPTO) v6.3.8.6 (#718) Stored Cross-Site Scripting Vulnerability in Short URL WordPress Plugin Cleartext Credential Transmission Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718) Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718) Arbitrary Code Execution via Teller Field in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718) Lack of Privilege and Nonce Checks in MStore API WordPress Plugin Sensitive Information Exposure in MainWP Child Plugin for WordPress AMD RadeonTM Graphics Display Driver Input Validation Vulnerability Unauthenticated Access to Restricted Lessons in Tutor LMS WordPress Plugin Reflected XSS Vulnerability in Forminator WordPress Plugin SEV Firmware Memory Initialization Vulnerability Insecure TSC Observation Vulnerability in Secure_TSC Stored Cross-Site Scripting Vulnerability in Mailtree Log Mail Plugin for WordPress Stored Cross-Site Scripting Vulnerability in MailArchiver Plugin for WordPress libX11 Vulnerability: Out-of-Bounds Write in src/InitExt.c URL Disclosure Vulnerability in Protect WP Admin WordPress Plugin Clickjacking Vulnerability in KNIME Business Hub before 1.4.0 SAP Business One Installation Vulnerability: Unauthenticated Access to SMB Shared Folder Privilege Escalation and Unauthorized Access in SAP BusinessObjects Business Intelligence Platform Unauthenticated Remote Log Modification Vulnerability in SAP NetWeaver AS for Java Unauthenticated Redirect Vulnerability in SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability in SAP Business Planning and Consolidation (Versions 740, 750) Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR: Remote Credential Theft Vulnerability Uncontrolled Resource Consumption Vulnerability in SICK FTMg AIR FLOW SENSOR Use-after-free vulnerability in r592_remove in Linux Kernel allows for system crash and potential kernel information leak Vulnerability: Lack of Transport Layer Security (TLS) in SICK EventCam App allows unauthorized interception and disclosure of sensitive information Unauthenticated API Access Vulnerability in EventCam App Allows Unauthorized Configuration Modification Weak Hash Generation in LMS5xx: Vulnerability Exploitation and Password Retrieval HTTP Request Header Leakage in Filebeat Debug Logs Arbitrary Code Execution Vulnerability in Kibana 8.0.0 - 8.7.0 Arbitrary Code Execution Vulnerability in Kibana 8.7.0 Insecure Token Configuration in ECK <2.8 with APM Server >=8.0 Cleartext Logging of Sensitive Information in Elasticsearch Audit Logs Elasticsearch HTTP Layer Denial of Service Vulnerability Elasticsearch _search API Stack Overflow Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository microweber/microweber prior to 2.0 Insecure Certificate Validation in Beats, Elastic Agent, APM Server, and Fleet Server Sensitive Information Leakage in Kibana Logs Sensitive Information Exposure through Log Files in Brocade SANnav Brocade SANnav Web Interface Authentication Bypass Vulnerability Privilege Escalation Vulnerability in Brocade Fabric OS v9.1.0 - v9.1.1 Brocade Fabric OS Commands Information Disclosure Vulnerability Vulnerability: Unauthorized Command Execution in Brocade Fabric OS Vulnerability: Local File Dumping via Command Line in Brocade Fabric OS Shell Variable Leakage Vulnerability in Brocade Fabric OS Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Discussion Forum Site 1.0 (CVE-2021-231012) Buffer Overflow Vulnerability in Brocade Fabric OS Switch Buffer Overflow Vulnerability in Brocade Fabric OS Switch Privilege Escalation Vulnerability in Brocade Fabric OS Versions Before v9.1.1c and v9.2.0 SQL Injection Vulnerability in Logbuch in Evasys HTML Injection and XSS Vulnerability in Evasys User Profile and Direct Links Unauthorized Data Access in Evasys Components Out-of-Bounds Write Vulnerability in qfq_change_class Function Log Tampering Vulnerability in systemd 253 Log File Tampering Vulnerability in systemd 253 Vulnerability: Log File Tampering in systemd 253 Cross Site Scripting (XSS) Vulnerability in SourceCodester Online Discussion Forum Site 1.0 via admin\posts\manage_post.php Vulnerability: JSON Sanitization Exception in NATO Communications and Information Agency anet (aka Advisor Network) Predictable DNS Transaction IDs in Lightbend Akka: A Vulnerability for DNS Resolution Poisoning Unauthenticated Remote Access to JVM via Jolokia JMX-HTTP Bridge in Talend Studio Unprivileged User Information Disclosure Vulnerability in Cassia Access Controller Cassia Gateway Firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947: Root Privilege Escalation via Unsanitized queueUrl Parameter in /bypass/config Arbitrary Code Execution Vulnerability in Draytek Vigor2620 and Vigor2925 Devices Path Traversal Vulnerability in HL7 Sensor in PRTG 23.2.84.1566 and Earlier Versions Path Traversal Vulnerability in PRTG WMI Custom Sensor Allows Unauthorized File Execution Critical SQL Injection Vulnerability in SourceCodester Online Discussion Forum Site 1.0 (VDB-231014) Path Traversal Vulnerability in PRTG SQL v2 Sensors CSRF Token Bypass Vulnerability in PRTG 23.2.84.1566 and Earlier Versions Apache InLong Incorrect Permission Assignment Vulnerability Apache InLong Incorrect Permission Assignment Vulnerability Improper Input Validation in Pexip Infinity before 31.2 Allows Remote Triggering of Abort Arbitrary Script Execution Vulnerability in Mitel MiVoice Connect Headquarters Server Unauthenticated Administrative Access Vulnerability in Mitel MiVoice Connect Unauthenticated Administrative Access Vulnerability in Mitel MiVoice Connect Critical SQL Injection Vulnerability in SourceCodester Online Discussion Forum Site 1.0 Command Injection Vulnerability in MiVoice Connect's Connect Mobility Router Path Traversal Vulnerability in SteelSeries GG 36.0.0 Allows Remote Code Execution Unencrypted Database Write Vulnerability in SteelSeries GG 36.0.0 Remote Code Execution Vulnerability in FSMLabs TimeKeeper 8.0.17 through 8.0.28 XSS Vulnerability in FSMLabs TimeKeeper 8.0.17 Weak Permissions in Inosoft VisiWin 7 Allows for Trojan Horse File Execution as SYSTEM Privilege Escalation in Apache StreamPipes REST Interface Critical SQL Injection Vulnerability in SourceCodester Online Discussion Forum Site 1.0 (VDB-231016) Stack-based Buffer Overflow in SmartDNS DNS Request Handling Arbitrary Software Installation Vulnerability on GL.iNet Devices Arbitrary File Write Vulnerability on GL.iNet Devices Arbitrary File Write Vulnerability in GL.iNet Devices Arbitrary Parameter Injection Vulnerability in GL.iNet Devices Buffer Overflow Vulnerability in GL.iNet Devices Arbitrary File Write Vulnerability on GL.iNet Devices Path Traversal Vulnerability in GL.iNet Devices GL.iNet Devices Wi-Fi Configuration Information Disclosure Vulnerability Critical SQL Injection Vulnerability in SourceCodester Online Discussion Forum Site 1.0 (VDB-231017) Directory Traversal Vulnerability in Cauldron cbang Insecure TLS Certificate Verification in CPAN.pm Insecure TLS Certificate Verification in GitLab::API::V4 through 0.26 Insecure Default TLS Configuration in HTTP::Tiny Arbitrary Code Execution Vulnerability in Hyland Perceptive Filters Denial of Service Vulnerability in Frrouting bgpd v.8.4.2 via bgp_capability_llgr() Function Critical SQL Injection Vulnerability in SourceCodester Online Discussion Forum Site 1.0 (VDB-231018) Denial of Service Vulnerability in Frrouting bgpd v.8.4.2 via bgp_attr_psid_sub() Function Default Password Disclosure in Zoho ManageEngine ADManager Plus Version 7182 and Prior Privilege Escalation Vulnerability in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) Remote Code Execution and Information Disclosure Vulnerability in PHP Gurukul Hospital Management System v.4.0 Critical SQL Injection Vulnerability in SourceCodester Online Discussion Forum Site 1.0 (VDB-231019) Remote Code Execution Vulnerability in Altenergy Power Control Software C1.2.5 via /models/management_model.php Arbitrary File Upload Vulnerability in Schlix CMS v2.2.8-1 Cross-Site Scripting (XSS) Vulnerability in Grav Versions 1.7.44 and Earlier: Arbitrary Code Execution via onmouseover Attribute Critical SQL Injection Vulnerability in SourceCodester Online Discussion Forum Site 1.0 (VDB-231020) Memory Leaks Found in Teeworlds v0.7.5 Heap Use-After-Free Vulnerability in CDataFileReader::GetItem of Teeworlds v0.7.5 SQL Injection Vulnerability in Pharmacy Management System v1.0 via email parameter at login_core.php Critical SQL Injection Vulnerability in SourceCodester Online Discussion Forum Site 1.0 (CVE-2021-231021) Command Injection Vulnerability in Motorola CX2L Router 1.0.1 via staticroute_list Parameter Command Injection Vulnerability in Motorola CX2L Router 1.0.1 via system_time_timezone Parameter Open Virtual Network Service Monitor MAC Rate Limiting Vulnerability Command Injection Vulnerability in Motorola CX2L Router 1.0.1 via smartqos_priority_devices Parameter Command Injection Vulnerability in Motorola CX2L Router 1.0.1 via tomography_ping_number Parameter PHAR Deserialization Vulnerability in WordPress Gallery Plugin Unrestricted File Upload Vulnerability in CKEditor v1.2.3 Plugin for Redmine Arbitrary Code Execution Vulnerability in pipreqs v0.3.0 to v0.4.11 Stored XSS Vulnerability in alkacon-OpenCMS v11.0.0.0 via Crafted Payload in Upload Image Title Field Arbitrary Code Execution through Cross Site Scripting (XSS) Vulnerability in DedeBIZ v6.0.3 Search Feature Stored XSS Vulnerability in ChurchCRM v4.5.3 FundRaiserEditor.php Component Arbitrary File Read and Delete Vulnerability in WordPress Gallery Plugin Segmentation Violation Vulnerability in PoDoFoInfo 0.10.0 via PoDoFo::PdfObject::DelayedLoad Segmentation Violation Vulnerability in PoDoFoInfo 0.10.0 via PoDoFo::PdfDictionary::findKeyParent Heap-Use-After-Free Vulnerability in Podofo v0.10.0 via PoDoFo::PdfEncrypt::IsMetadataEncrypted() Heap Buffer Overflow in Podofo v0.10.0 via PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3 Component Heap Buffer Overflow in PoDoFo v0.10.0 via PdfEncryptRC4 Component Command Injection Vulnerability in TOTOLINK X5000R V9.1.0cu.2350_B20230313 via setWanCfg Function Privilege Escalation Vulnerability in Bludit 4.0.0-rc-2 Arbitrary Code Execution through File Upload in Serendipity 2.4-beta1 Hardcoded Cryptographic Key Vulnerability in Dromara Lamp-Cloud Stored Cross-Site Scripting Vulnerability in Mail Control Plugin for WordPress Unverified Public Key Retrieval in light-oauth2 (CVE-2021-XXXX) Hardcoded Key Vulnerability in Dromara Sureness before v1.0.8 Low Iteration Count Vulnerability in jose4j (before v0.9.3) Reflected XSS Vulnerability in cu/silicon Repository Remote Code Execution Vulnerability in Tenda AC5 Router V15.03.06.28 via Mac Parameter Use After Free Vulnerability in Linux Kernel's Firewire Driver Vulnerability: Incorrect Access Control via Exposed HTTP Channel in IC Realtime ICIP-P2012T 2.420 IC Realtime ICIP-P2012T 2.420 Vulnerability: Incorrect Access Control via Unauthenticated Port Access Zammad v5.4.0 Email Verification Bypass and Ticket Access Vulnerability ESET File Operations Vulnerability RedCloth Gem v4.0.0: Regular Expression Denial of Service (ReDoS) Vulnerability Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.9 Denial of Service (DoS) Vulnerability in openlink virtuoso-opensource v7.2.9's artm_div_int Component Denial of Service (DoS) Vulnerability in openlink virtuoso-opensource v7.2.9 Framebuffer Console (fbcon) Font Size Overflow Vulnerability Denial of Service (DoS) Vulnerability in openlink virtuoso-opensource v7.2.9 Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.9 Denial of Service (DoS) Vulnerability in openlink virtuoso-opensource v7.2.9 Denial of Service (DoS) Vulnerability in openlink virtuoso-opensource v7.2.9 Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.9 Denial of Service Vulnerability in OpenLink Virtuoso-Opensource v7.2.9 Denial of Service (DoS) Vulnerability in OpenLink Virtuoso-Opensource v7.2.9 Denial of Service (DoS) Vulnerability in OpenLink Virtuoso-Opensource v7.2.9 SQL Injection Vulnerability in openlink virtuoso-opensource v7.2.9 Denial of Service (DoS) Vulnerability in openlink virtuoso-opensource v7.2.9's sch_name_to_object Component Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce Denial of Service (DoS) Vulnerability in OpenLink Virtuoso-Opensource v7.2.9 Denial of Service (DoS) Vulnerability in kc_var_col Component of OpenLink Virtuoso-Opensource v7.2.9 SQL Injection Vulnerability in openlink virtuoso-opensource v7.2.9 Denial of Service (DoS) Vulnerability in OpenLink Virtuoso-Opensource v7.2.9 Denial of Service (DoS) Vulnerability in OpenLink Virtuoso-Opensource v7.2.9 Denial of Service (DoS) Vulnerability in OpenLink Virtuoso-Opensource v7.2.9's psiginfo Component Denial of Service (DoS) Vulnerability in gpf_notice Component of OpenLink Virtuoso-Opensource v7.2.9 Denial of Service (DoS) Vulnerability in OpenLink Virtuoso-Opensource v7.2.9's strhash Component Denial of Service (DoS) Vulnerability in OpenLink Virtuoso-Opensource v7.2.9's stricmp Component SQL Injection Vulnerability in OpenLink Virtuoso-OpenSource v7.2.9 Resource Consumption Vulnerability in y_project RuoYi up to 4.7.7 (VDB-231090) SQL Injection Vulnerability in OpenLink Virtuoso-OpenSource v7.2.9 SQL Injection Vulnerability in openlink virtuoso-opensource v7.2.9 CVE-2023-31634 Heap-buffer-overflow vulnerability in LibTIFF's extractImageSection() function allows denial of service via crafted TIFF file Cross-Site Scripting (XSS) Vulnerability in SourceCodester Life Insurance Management System 1.0 (insertNominee.php) ODR Violation in Redis Raft Master Segmentation Violation Vulnerability in Redis-7.0.10 Stored Cross-Site Scripting Vulnerability in Lana Email Logger Plugin for WordPress Reflected Cross-Site Scripting (XSS) Vulnerability in WSO2 API Manager before 4.2.0 WebAssembly wat2wasm v1.0.32 Vulnerability: Crash in libc++abi.dylib via '@' before a quote Stored Cross-Site Scripting Vulnerability in Mail Queue Plugin for WordPress Denial of Service (DoS) Vulnerability in wasm2c, wasm2wat, wasm-decompile, and wasm-validate 1.0.32 SQL Injection Vulnerability in PrestaShop Postfinance Validation Module SQL Injection Vulnerability in PrestaShop < 2.4.3 Module Length, Weight or Volume Sell (ailinear) Insecure Permissions in Luowice 3.5.18: Unauthorized Access to Alarm Device Information Videogo v6.8.1: Incorrect Access Control Allows Binding of Shared Devices After Connection Termination Improper Access Control in Videogo v6.8.1 Allows Unauthorized Image Access via Device Id Modification Stored Cross-Site Scripting Vulnerability in WP Reroute Email Plugin Arbitrary File Upload and Command Execution Vulnerability in Wcms 0.3.2 Stored Cross-Site Scripting Vulnerability in tagDiv Composer WordPress Plugin Stored Cross Site Scripting (XSS) Vulnerability in Bludit v3.14.1 via SVG File on Site Logo Reflected Cross-Site Scripting (XSS) Vulnerability in ChurchCRM v4.5.4 via Image File Stored Cross-Site Scripting Vulnerability in tagDiv Composer WordPress Plugin Command Injection Vulnerability in TP-Link TL-WPA4530 KIT V2 (EU) Command Injection Vulnerability in TP-Link TL-WPA4530 KIT V2 (EU) SQL Injection Vulnerability in MicroWorld eScan Management Console 14.0.1400.2281: Remote Database Dump and Code Execution Arbitrary Code Injection via Cross Site Scripting (XSS) in Microworld Technologies eScan Management Console 14.0.1400.2281 Incorrect Access Control Vulnerability in Sourcecodester Online Computer and Laptop Store 1.0 Reflected XSS Vulnerability in Sourcecodester Task Reminder System 1.0 Allows Injection of Malicious JavaScript SQL Injection Vulnerability in SEMCMS 1.5 via Ant_Rponse.php Arbitrary Command Execution via CSRF in EyouCMS v1.6.2 Upload Software Format Function EAP-7 Deserialization Vulnerability Allows for Denial of Service Attacks Buffer Overflow Vulnerability in TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 Multiple SQL Injection Vulnerabilities in Chitor-CMS before v1.1.2 Local File Inclusion Vulnerability in FUXA <= 1.1.12 via file=fuxa.log Confidential Information Exfiltration Vulnerability in FUXA <= 1.1.12 via SQL Injection Local File Inclusion Vulnerability in FUXA <= 1.1.12 via /api/download FUXA <= 1.1.12 SQL Injection Vulnerability in /api/signin GitHub Repository Path Traversal Vulnerability in froxlor/froxlor (prior to 2.0.20) Heap Buffer Overflow in NASM 2.16.02rc1 (GitHub commit: b952891) Segmentation Violation Vulnerability in yasm 1.3.0.55.g101bc via expand_mmac_params function Segmentation Violation Vulnerability in yasm 1.3.0.55.g101bc via do_directive() function Heap-Use-After-Free Vulnerability in yasm 1.3.0.55.g101bc via expand_mmac_params Function AList 3.15.1 Incorrect Access Control Vulnerability Vulnerability: Inconsistent Service Availability on Teltonika RUT240 Devices in Bridge Mode Command Injection Vulnerability in TOTOLINK A3300R v17.0.0cu.557 Excessive Authentication Attempts Vulnerability in froxlor/froxlor prior to 2.0.20 Command Injection Vulnerability in Linksys E2000 Router Firmware 1.0.06 Command Injection Vulnerability in Linksys E2000 Router Firmware 1.0.06 Command Injection Vulnerability in Linksys WRT54GL Router Firmware 4.30.18.006 Command Injection Vulnerability in adslr VW2100 Router Firmware M1DV1.0 Unquoted Service Path Vulnerability in Wondershare Filmora 12.2.1.2088 Privilege Escalation via Insecure Permissions in MobileTrans v4.0.11 Cross-Site Scripting (XSS) Vulnerability in AI ChatBot WordPress Plugin SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System v1.0 SQL Injection Vulnerability in diskusi.php in eNdonesia 8.7 Cross-Site Scripting (XSS) Vulnerability in Optimizely CMS UI Admin Panel (Versions prior to v12.16.0) Command Injection Vulnerability in TP-Link Archer VR1600V Administrative Web Portal XSS Vulnerability in DedeCMS v5.7.108 via 'edit___cfg_powerby' and 'edit___cfg_beian' Parameters in sys_info.php Code Replay Attack Vulnerability in Kerui W18 Alarm System v1.0's 433MHz Keyfob Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 (CVE-2021-231150) Code Replay Attack Vulnerability in Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 Code Replay Attack Vulnerability in Digoo DG-HAMB Smart Home Security System v1.0 Code Replay Attack Vulnerability in AGShome Smart Alarm v1.0 Transmitter Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 (VDB-231151) Cross Site Scripting (XSS) Vulnerability in Wekan v6.84 and Earlier CSRF Vulnerability in POST SMTP Mailer WordPress Plugin CSRF Vulnerability in POST SMTP Mailer WordPress Plugin Allows Email Resending Infinite Recursion Vulnerability in MuPDF v1.21.1 Allows DoS via Crafted PDF File Arbitrary Code Execution Vulnerability in Chamilo LMS v1.11.18 via System Announcements Parameter Heap Buffer Overflow in QEMU Virtual Crypto Device Arbitrary Code Execution Vulnerability in Chamilo LMS v.1.11.18 via Forum Title Parameter Arbitrary Code Execution Vulnerability in Chamilo LMS v1.11.18 via Skills Wheel Parameter Arbitrary Code Execution Vulnerability in Chamilo LMS v1.11.18 via skype and linkedin_url Parameters Arbitrary Code Execution Vulnerability in Chamilo LMS v.1.11.18 via Resource Sequencing Parameters Arbitrary Code Execution via Course Category Parameters in Chamilo LMS v1.11.18 Arbitrary Code Execution via Cross Site Scripting in Chamilo LMS v.1.11.18 Cross Site Scripting (XSS) Vulnerability in Chamilo LMS v.1.11.18 via Crafted Payload in My Progress Function Arbitrary Code Execution Vulnerability in Chamilo LMS v.1.11.18 via Personal Notes Function Hard-coded Passwords in Technicolor TG670 10.5.N.9 Devices Allow Unrestricted WAN Access Privilege Escalation via DLL Hijacking in Splashtop Software Updater D-Link DIR-300 Firmware File Inclusion Vulnerability Cross Site Scripting (XSS) Vulnerability in IT Sourcecode Content Management System Project Remote Code Execution Vulnerability in Marukyu Line v.13.4.1 via Channel Access Token in Miniapp Function Remote Code Execution Vulnerability in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 Reflected Cross-Site Scripting Vulnerability in Membership WordPress Plugin Remote Code Execution Vulnerability in Shizutetsu Store v.13.6.1 Remote Code Execution Vulnerability in ALBIS Co. ALBIS v.13.6.1 Remote Code Execution Vulnerability in Entetsu Store v.13.4.1 Remote Code Execution Vulnerability in Marui Co Marui Official App v.13.6.1 Remote Code Execution Vulnerability in DELICIA v.13.6.1 Remote Code Execution Vulnerability in Inageya v.13.4.1 via Channel Access Token in Miniapp Inageya Function Unauthenticated Remote Command Execution in Skyscreamer Open Source Nevado JMS v1.3.2 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Performance Indicator System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Sales Tracker Management System 1.0 SQL Injection Vulnerability in Sourcecodester Faculty Evaluation System v1.0 SQL Injection Vulnerability in Sourcecodester Faculty Evaluation System v1.0 via /eval/admin/view_faculty.php?id= SQL Injection Vulnerability in Sourcecodester Faculty Evaluation System v1.0 via /eval/admin/manage_subject.php?id= SQL Injection Vulnerability in Sourcecodester Faculty Evaluation System v1.0 via /eval/admin/manage_class.php?id= Arbitrary File Read Vulnerability in Davinci 0.3.0-rc Davinci 0.3.0-rc Vulnerability: Server-side Request Forgery (SSRF) Cross-Site Scripting (XSS) Vulnerability in Cudy LT400 1.13.4 Cross Site Scripting (XSS) Vulnerability in Cudy LT400 1.13.4 Cross Site Scripting (XSS) Vulnerability in Cudy LT400 1.13.4 via icon parameter in /cgi-bin/luci/admin/network/bandwidth CVE-2023-31854 Command Injection Vulnerability in TOTOLINK CP300+ V5.2cu.7594_B20200910 Unrestricted File Upload Vulnerability in Sourcecodester Online Computer and Laptop Store 1.0 Prototype Pollution Vulnerability in Popup by Supsystic WordPress Plugin Storage Type XSS Vulnerability in Wuzhi CMS v3.1.2 Backend of Five Finger CMS B2B System Directory Traversal Vulnerability in ZLMediaKit 4.0 Cross Site Scripting (XSS) Vulnerability in jizhicms v2.4.6 CSV Injection Vulnerability in Sage X3 version 12.14.0.50-0 Cross Site Scripting (XSS) Vulnerability in Sage X3 version 12.14.0.50-0 Unrestricted Upload Vulnerability in PHPGurukul Teachers Record Management System 1.0 Privilege Escalation via Bypassing Security Controls in OpenText Documentum Content Server Arbitrary Code Execution Vulnerability in Gin 0.7.4 Arbitrary Code Execution Vulnerability in Yank Note (YN) 3.52.1 SSRF Vulnerability in owncast/owncast prior to 0.1.0 CVE-2023-31889 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online School Fees System 1.0 XML Deserialization Vulnerability in glazedlists v1.11.0: Arbitrary Code Execution via BeanXMLByteCoder.decode() Vulnerability: Denial of Service (DoS) via DNS Recursion in Telefnica Brasil Vivo Play (IPTV) Firmware Output Encoding Vulnerability in GitHub Repository nilsteampassnet/teampass prior to 3.0.9 RPA Technology Mobile Mouse 3.6.0.4 Remote Code Execution Vulnerability Unrestricted File Upload Vulnerability in GuppY CMS 6.00.10 Local File Inclusion Vulnerability in savysoda Wifi HD Wireless Disk Drive 11 Heap Buffer Overflow in Jerryscript 3.0.0 (commit 1a2c047) via lexer_compare_identifier_to_chars in js-lexer.c Heap-buffer-overflow vulnerability in Jerryscript 3.0.0 via scanner_literal_is_created in js-scanner-util.c Heap-buffer-overflow vulnerability in Jerryscript 3.0 (commit 05dbbd1) via ecma_builtin_typedarray_prototype_sort Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.9 Heap-buffer-overflow vulnerability in Jerryscript 3.0 (commit 05dbbd1) in parser_parse_function_statement Assertion Failure in Jerryscript 3.0 (commit 1a2c047) in parser_parse_class at jerry-core/parser/js/js-parser-expr.c Out-of-Memory Vulnerability in Jerryscript 3.0 (commit 05dbbd1) Assertion Failure in Jerryscript 3.0 (commit 1a2c047) at jmem_heap_finalize in jerry-core/jmem/jmem-heap.c Assertion Failure in Jerryscript 3.0 (commit 1a2c047) at parser_parse_function_arguments in jerry-core/parser/js/js-parser.c Assertion Failure Vulnerability in Jerryscript 3.0 (commit 05dbbd1) Session Fixation Vulnerability in froxlor/froxlor prior to 2.1.0 Assertion Failure in Jerryscript 3.0 (commit 05dbbd1) at vm_loop in jerry-core/vm/vm.c Assertion Failure in ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c in Jerryscript 3.0 (commit 05dbbd1) Stack-Overflow Vulnerability in QuickJS Commit 2788d71: js_proxy_isArray at quickjs.c Insecure Permissions in Suprema BioStar 2: Privilege Escalation Vulnerability Plaintext Storage of SNMPv3 Authentication Passwords in Brocade SANnav Vulnerability: File Overwrite via less Command in Brocade Fabric OS Web Interface Information Disclosure Vulnerability Reflected XSS Vulnerability in Brocade Webtools PortSetting.html Arbitrary Code Injection via SEO Configuration in Liferay Portal Remote Code Execution Vulnerability in Rail Pass Management System v.1.0 via viewid Parameter Remote Code Execution Vulnerability in Rail Pass Management System v.1.0 via edit-pass-detail.php Cross Site Scripting Vulnerability in Rail Pass Management System v.1.0 via admin-profile.php Cross Site Scripting Vulnerability in Rail Pass Management System v.1.0 via admin-profile.php Remote Code Execution Vulnerability in Rail Pass Management System v.1.0 via view-pass-detail.php Remote Code Execution Vulnerability in Rail Pass Management System v.1.0 via edit-cateogry-detail.php SQL Injection Vulnerability in Online Travel Agency System v.1.0: Remote Code Execution via emp_id Parameter SQL Injection Vulnerability in Online Travel Agency System v.1.0: Remote Code Execution via customer_edit.php SQL Injection Vulnerability in Online Travel Agency System v.1.0: Remote Code Execution via article_edit.php Arbitrary Code Execution Vulnerability in Online Travel Agency System v.1.0 via File Upload in employee_insert.php Arbitrary Code Execution via Cross Site Scripting in Online Travel Agency System v.1.0 SQL Injection Vulnerability in Online Travel Agency System v.1.0: Remote Code Execution via ticket_id Parameter SQL Injection Vulnerability in Online Travel Agency System v.1.0: Remote Code Execution via emp_id Parameter SQL Injection Vulnerability in Online Travel Agency System v.1.0: Remote Code Execution via id Parameter at daily_expenditure_edit.php Arbitrary Code Execution Vulnerability in Online Travel Agency System v.1.0 via File Upload in artical.php Stack-based Buffer Overflow Vulnerability in ImageMagick's coders/tiff.c Stored JavaScript Payload Vulnerability in Administration Panel Login Footer and Description Parameters Unauthenticated Blind SQL Injection in MStore API Plugin for WordPress (up to 4.0.1) Use After Free Vulnerability in yasm v1.3.0 via pp_getline() function Use After Free Vulnerability in yasm v1.3.0 via expand_mmac_params function Use After Free Vulnerability in yasm v1.3.0 via error function in nasm-pp.c Memory Leak Vulnerability in yasm v1.3.0 via yasm_intnum_copy() Stack Buffer Overflow in libming v0.4.8 via makeswf_preprocess function Global Buffer Overflow Vulnerability in Catdoc v0.95 Cross-Site Request Forgery Vulnerability in MStore API Plugin for WordPress Stack Buffer Overflow in Sngrep v1.6.0 via packet_set_payload function Heap Buffer Overflow in Sngrep v1.6.0 via capture_packet_reasm_ip function Command Injection Vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 Command Injection Vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 Command Injection Vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 Cross-Site Request Forgery Vulnerability in MStore API Plugin for WordPress Vulnerability: Denial of Service (DoS) via Empty UDP Packet Hanwha IP Camera ANE-L7012R 1.41.01 XSS Vulnerability Command Injection Vulnerability in Hanwha IP Camera ANE-L7012R 1.41.01 Local Network Access to MongoDB on UniFi OS 3.1: Cloud Key Gen2 and Gen2 Plus Vulnerability Critical Heap Overflow Vulnerability Disrupts UPnP Service in EdgeRouters and Aircubes Insecure Static State Parameter in @fastify/oauth2 Cross-Site Request Forgery Vulnerability in MStore API Plugin for WordPress UniFi Network XSS Vulnerability Allows Privilege Escalation via Malicious Web Page Bypassing Policy Mechanism in Node.js Experimental Feature Path Traversal Vulnerability in fs.mkdtemp() and fs.mkdtempSync() in Node.js 20 CVE-2022-12345: Path Traversal Bypass in Node.js Experimental Permission Model Inadequate Permission Model Allows Unauthorized File Stats Retrieval in Node.js 20 CVE-2022-12345: Bypassing Policy Mechanism in Node.js Experimental Feature Apache Spark UI ACL Bypass and Arbitrary Shell Command Execution ReFS Remote Code Execution Vulnerability in Windows Windows Collaborative Translation Framework Privilege Escalation Vulnerability Cross-Site Request Forgery Vulnerability in MStore API Plugin for WordPress Windows Bus Filter Driver Privilege Escalation Vulnerability Windows iSCSI Discovery Service Denial of Service Vulnerability Windows Container Manager Service Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization PGM Remote Code Execution Vulnerability in Windows PGM Remote Code Execution Vulnerability in Windows Windows Installer Data Exposure Vulnerability Print Nightmare: Remote Code Execution Vulnerability in Microsoft PostScript Printer Driver Windows Hello RCE Vulnerability: A Critical Security Flaw Exploiting Remote Code Execution Windows Kernel Information Leakage Vulnerability Cross-Site Request Forgery Vulnerability in MStore API Plugin for WordPress DNS Cache Poisoning: Windows Vulnerability Exposes Users to Spoofing Attacks Windows SMB Witness Service Security Feature Bypass Vulnerability Windows Server Service Security Feature Bypass Vulnerability: A Critical Flaw in Windows Server Service Power Apps Spoofing Vulnerability: Exploiting Microsoft's Application Platform Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server SQL Server ODBC Driver Remote Code Execution Vulnerability Exploiting the Microsoft SQL OLE DB Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Cross-Site Request Forgery Vulnerability in MStore API Plugin for WordPress .NET and Visual Studio DoS Vulnerability: Exploiting Software Resource Exhaustion Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Exploiting .NET and Visual Studio Elevation of Privilege Vulnerability Clustered Server Remote Code Execution Vulnerability in Microsoft Failover Cluster RPC Runtime DoS Vulnerability RPC Runtime DoS Vulnerability Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Microsoft Printer Driver Information Disclosure Vulnerability Microsoft Printer Driver Information Disclosure Vulnerability Windows Update Orchestrator Service Information Disclosure Vulnerability: Exposing Sensitive System Data Exposed Secrets: OLE Automation Information Disclosure Vulnerability Windows Remote Desktop Security Bypass Vulnerability Microsoft Message Queuing DoS Vulnerability Microsoft Message Queuing DoS Vulnerability Windows MSHTML Platform Privilege Escalation Vulnerability Exploiting the Paint 3D Remote Code Execution Vulnerability Exploiting Windows SmartScreen Security Feature Bypass Vulnerability GitLab Denial of Service Vulnerability Windows Installer Privilege Escalation Vulnerability Raw Image Extension RCE Vulnerability Microsoft Power Apps Online Spoofing Vulnerability Windows Installer Privilege Escalation Vulnerability ShadowCopy Privilege Escalation Vulnerability ATL Elevation of Privilege Vulnerability WSUS Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Vulnerability: Integer Overflow in Vyper Loop Variables Incorrect Compilation of Default Arguments in Vyper Smart Contract Language (CVE-2021-XXXX) Remote Denial of Service (DoS) Vulnerability in Chengdu VEC40G 3.0 via /send_order.cgi?parameter=restart Insecure Access Control in DHIS2 Core API Unrestricted iFrame Tag Vulnerability in Discourse Insufficient Security Checks in OroPlatform Calendar Management System Insufficient Security Checks in OroCalendarBundle Allows Bypassing ACL Restrictions Insufficient Security Checks in OroCommerce Customer Portal and Non-Authenticated Visitor Website Information Disclosure Vulnerability in OroCommerce Unescaped JavaScript Execution in Time Tracker Week View c-ares Denial of Service Vulnerability XWiki Platform URL Redirection Vulnerability Arbitrary Code Execution Vulnerability in XWiki Platform Cross-Site Scripting (XSS) Vulnerability in XWiki Platform prior to version 14.6-rc-1 XWiki Platform JavaScript Execution Vulnerability Uncontrolled Code Execution via Jenkins Hook in Tuleap Command Injection Vulnerability in WWBN AVideo Plugin/CloneSite/cloneClient.json.php (Versions 12.4 and Prior) Authentication Bypass Vulnerability in user_oidc App Business Logic Error in Conditions Tab of Customer Management Framework (CMF) for Pimcore Vulnerability: Arbitrary Code Execution via Malicious .in_totorc File Hardcoded DNS Key Usage Vulnerability in Netmaker Insecure Direct Object Reference (IDOR) vulnerability in Netmaker prior to versions 0.17.1 and 0.18.6 allows unauthorized password updates Privilege Escalation Vulnerability in Netmaker Versions Prior to 0.17.1 and 0.18.6 Critical SQL Injection Vulnerability in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3 Vulnerability: Privilege Escalation via Untrusted User Data Execution in Wings Unauthenticated Subscription and Message Publication in Vert.x STOMP Server Unauthorized Access to Key Names in etcd LeaseTimeToLive API Exposed Cluster Information Vulnerability in Microsoft Failover Cluster HTTP.sys DoS Vulnerability Microsoft Printer Driver Information Disclosure Vulnerability XSS Vulnerability in Pega Platform Task Creation XSS Vulnerability in Pega Platform's Ad-Hoc Case Creation XSS Vulnerability in Pega Platform Pin Description Lack of Privilege and Nonce Checks in MStore API WordPress Plugin Default Credentials Vulnerability in Pega Platform Versions 6.1 - 7.3.1 CSRF Vulnerability in POEditor Plugin <= 0.9.4 CSRF Vulnerability in PeepSo Community Plugin CSRF Vulnerability in Criss Swaim TPG Redirect Plugin <= 1.0.7 Code Injection Vulnerability in Rename Media Files Plugin Buffer Clearing Vulnerability in sli_crypto_transparent_aead_encrypt_tag Buffer Clearing Vulnerability in sli_crypto_transparent_aead_decrypt_tag Buffer Clearing Vulnerability in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and Earlier Buffer Clearing Vulnerability in sli_se_sign_hash Function GitLab Denial of Service Vulnerability Buffer Clearing Vulnerability in sli_se_driver_mac_compute Open Redirect Vulnerability in Pexle Chris Library Viewer Stored Cross-Site Scripting (XSS) Vulnerability in Pexle Chris Library Viewer Plugin <= 2.0.6 Stored Cross-Site Scripting (XSS) Vulnerability in Theme Palace TP Education Plugin <= 4.4 CSRF Vulnerability in Mark Tilly MyCurator Content Curation Plugin Unauthenticated Reflected XSS Vulnerability in ollybach WPPizza Plugin <= 3.17.1 Unauthenticated Reflected XSS Vulnerability in Fahad Mahmood WP Docs Plugin <= 1.9.9 Unauthenticated Reflected XSS Vulnerability in Photo Gallery Team Photo Gallery Plugin Unauthenticated Reflected XSS Vulnerability in Ignazio Scimone Albo Pretorio On line Plugin <= 4.6.3 Unauthenticated Reflected XSS Vulnerability in Ignazio Scimone Albo Pretorio On line Plugin <= 4.6.3 WordPress Database Administrator Plugin SQL Injection Vulnerability Remote Code Execution Vulnerability in SAP PowerDesigner (Proxy) - Version 16.7 Insufficient Authorization Checks in Vendor Master Hierarchy SAP GUI for Windows NTLM Authentication Information Disclosure Vulnerability SAP NetWeaver (Change and Transport System) Denial of Service Vulnerability MDS COMPARE TOOL Vulnerability: Database Command Manipulation and Information Retrieval TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 - Authenticated Stored XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in WPoperation SALERT Plugin Unauthenticated Reflected XSS Vulnerability in WPO365 | Mail Integration for Office 365 / Outlook Plugin <= 1.9.0 NULL Pointer Dereference Vulnerability in gfs2 File System SQL Injection vulnerability in Highfivery LLC Zero Spam for WordPress Unauthenticated Reflected XSS Vulnerability in Spiffy Calendar Plugin <= 4.9.3 CSRF Vulnerability in Dream-Theme The7 Allows Stored XSS Arul Prasad J Publish Confirm Message Plugin CSRF Vulnerability CSRF Vulnerability in Daniel Powney Multi Rating Plugin <= 5.0.6 CVE-2023-32127 SQL Injection Vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box Unauthorized Data Disclosure Vulnerability in WP Mail SMTP Pro Plugin for WordPress Stored XSS Vulnerability in Daniel Powney Multi Rating Plugin <= 5.0.6 CVE-2023-32131 CVE-2023-32132 CVE-2023-32133 CVE-2023-32134 CVE-2023-32135 CVE-2023-32136 CVE-2023-32137 CVE-2023-32138 CVE-2023-32139 Critical Use After Free Vulnerability in Google Chrome Autofill Payments CVE-2023-32140 CVE-2023-32141 CVE-2023-32142 CVE-2023-32143 CVE-2023-32144 CVE-2023-32145 CVE-2023-32146 CVE-2023-32147 CVE-2023-32148 CVE-2023-32149 WebRTC Use After Free Vulnerability in Google Chrome CVE-2023-32150 CVE-2023-32151 CVE-2023-32152 CVE-2023-32153 CVE-2023-32154 CVE-2023-32155 CVE-2023-32156 CVE-2023-32157 CVE-2023-32158 CVE-2023-32159 Type Confusion Vulnerability in V8 Engine Allows Remote Heap Corruption CVE-2023-32160 CVE-2023-32161 Wacom Drivers for Windows Privilege Escalation Vulnerability Wacom Drivers for Windows Local Privilege Escalation via Symbolic Link Vulnerability CVE-2023-32164 CVE-2023-32165 CVE-2023-32166 CVE-2023-32167 CVE-2023-32168 CVE-2023-32169 WebXR Use After Free Vulnerability in Google Chrome CVE-2023-32170 CVE-2023-32171 CVE-2023-32172 CVE-2023-32173 CVE-2023-32174 CVE-2023-32175 CVE-2023-32176 CVE-2023-32177 CVE-2023-32178 CVE-2023-32179 Race Condition Vulnerability in it-novum/openitcockpit prior to 4.6.5 Buffer Overflow Vulnerability in openSUSE libeconf Allows for DoS via Malformed Configuration Files Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE Linux Enterprise Desktop 15 SP5, SUSE Linux Enterprise High Performance Computing 15 SP5, and openSUSE Leap 15.5 postfix Privilege Escalation Vulnerability in openSUSE Tumbleweed hawk2 Package Insecure Storage of Sensitive Information in openSUSE opensuse-welcome Unlimited Resource Allocation Denial of Service Vulnerability in SUSE RKE2 Unbounded Resource Allocation Vulnerability in SUSE k3s Unauthenticated Access to EventON WordPress Plugin Post Content via ICS Export Vulnerability NULL Pointer Dereference in dpu_crtc_atomic_check Remote Code Execution via SPARQL Query in Apache Jena Stack-based Buffer Overflow Vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 via Crafted SIM2 File Improper Authentication in Walchem Intuition 9 Firmware Versions Prior to v4.21 Out-of-Bounds Write Vulnerability in Project File Parsing of CScape_EnvisionRV Intel(R) OFU Software Vulnerability: Local Access Privilege Escalation Obscured Browser Prompts Vulnerability: User Confusion and Spoofing Attacks in Firefox and Thunderbird Out-of-Bound Read Vulnerability in RLBox Expat Driver Popup Notification Delay Vulnerability in Firefox and Thunderbird Dynamic `import()` in service workers reveals script base URL (Firefox < 113) Firefox < 113: Out of Memory Crash via Malicious Favicon User Enumeration Vulnerability in Roundcube Password Recovery Plugin 1.2 Improper Ordering of Principal Objects in Firefox < 113 Type Checking Bug in Firefox and Thunderbird Versions < 102.11 Address Bar Obfuscation Vulnerability Uninitialized Value Read Limit Vulnerability in Firefox and Thunderbird Denial of Service Vulnerability in Protocol Handlers `ms-cxh` and `ms-cxh-full` Memory Corruption Vulnerabilities in Firefox and Thunderbird Versions Prior to 113 and 102.11 Memory Corruption Vulnerability in Firefox 112 Authenticated User Java Constructor Invocation Vulnerability in IdentityIQ Avaya IX Workforce Engagement v15.2.7.1195 - Open Redirect Vulnerability Unspecified Method Vulnerability: Unlocking Mazda Model (2015-2016) Unrestricted Password Recovery Vulnerability in Roundcube Password Recovery Plugin 1.2 Authentication Bypass Vulnerability in Milesight NCR/Camera Version 71.8.0.6-r5 Privilege Escalation Vulnerability in EaseUS Todo Backup version 20220111.390 Authentication Bypass Vulnerability in D-Link DSL-G256DG vBZ_1.00.27 Web Management Interface Unspecified Method Command Execution Vulnerability in D-Link DSL-224 Firmware Version 3.0.10 Vulnerability in D-Link DSL-224 Firmware 3.0.10: Excessive Authentication Attempts Unrestricted File Upload Vulnerability in Sysaid Sysaid - Unauthorized Access to Server Files Hard-coded Credentials in Synel SYnergy Fingerprint Terminals CVE-2023-32228 Vulnerability: Permanent Chip Damage in Bosch IP Cameras when Enabling Stream Security Undertow Servlets @MultipartConfig OutOfMemory DoS Vulnerability Improper Handling of Malformed API Requests in Bosch BT Software Products Leads to Denial of Service (DoS) Vulnerability Elevated Code Execution Vulnerability in Vasion PrinterLogic Client for Windows PrinterLogic Client for Windows Privilege Escalation Vulnerability Use-after-free vulnerability in Netfilter nf_tables in Linux kernel through 6.3.1 allows for arbitrary read and write operations on kernel memory, leading to privilege escalation. Arbitrary File Read Vulnerability in Ghost before 5.42.1 Unauthenticated Reflected XSS Vulnerability in Booking Ultra Pro Plugin (<= 1.1.8) CVE-2023-32237 Stored Cross-Site Scripting (XSS) Vulnerability in xtemos WoodMart Theme <= 7.2.1 Critical Code Injection Vulnerability in nuxt/nuxt (prior to 3.5.3) Critical Unauthenticated Reflected XSS Vulnerability in WPDeveloper Essential Addons for Elementor Pro Plugin Deserialization of Untrusted Data Vulnerability in WoodMart - Multipurpose WooCommerce Theme Privilege Escalation Vulnerability in WPDeveloper Essential Addons for Elementor CSRF Vulnerability in WPDeveloper Essential Addons for Elementor Pro Denial-of-Service Vulnerability in Linux Kernel's ksmbd SMB Server Denial-of-Service Vulnerability in Linux Kernel's ksmbd SMB Server Stored Cross-Site Scripting Vulnerability in Float Menu WordPress Plugin Kernel Code Execution Vulnerability in Linux ksmbd Denial-of-Service Vulnerability in Linux Kernel's ksmbd SMB Server Kernel Code Execution Vulnerability in Linux ksmbd Kernel Code Execution Vulnerability in Linux ksmbd Kernel Code Execution Vulnerability in Linux ksmbd CVE-2023-32259 Stored Cross-Site Scripting Vulnerability in Popup Builder WordPress Plugin CVE-2023-32260 Enumeration of Credentials IDs in Micro Focus Dimensions CM Plugin for Jenkins Unauthorized Credential Access Vulnerability in Micro Focus Dimensions CM Plugin for Jenkins Login Certificate Retrieval Vulnerability in Micro Focus Dimensions CM Plugin for Jenkins CVE-2023-32264 ESCWA Authentication Vulnerability: Exposing Service Account Passwords Remote Exploitation Vulnerability in OpenText / Micro Focus ArcSight Management Center Proxy Administrator Credential Exposure Use-after-free vulnerability in AF_NETROM socket in Linux kernel Insufficient Granularity of Access Control in fossbilling/fossbilling Repository Memory Corruption Vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 via Crafted V8 File Information Disclosure Vulnerability in Open Automation Software OAS Platform v18.00.0072 Uncontrolled Search Path Vulnerability in Intel NUC Pro Software Suite Configuration Tool Stack-based Buffer Overflow Vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 via Crafted SIM2 File Hard Coded Credentials Vulnerability in Enphase Installer Toolkit 3.27.0 Information Disclosure Vulnerability in SoftEther VPN 4.41-9782-beta and 5.01.9674 Stack-based Buffer Overflow Vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0: Information Disclosure and Arbitrary Code Execution Path Traversal Vulnerability in Intel(R) NUC Uniwill Service Driver Installation Software Improper Access Control in Intel(R) Connectivity Performance Suite: Potential Information Disclosure Vulnerability Critical Business Logic Vulnerability in fossbilling/fossbilling prior to 0.5.0 OpenBMC Firmware Vulnerability: Unauthorized Information Disclosure via Network Access Out-of-Bounds Read Vulnerability in FontManager CVE-2023-32282 Information Disclosure Vulnerability in Intel(R) On Demand Software Accusoft ImageGear 20.1 TIFF Planar Adobe Out-of-Bounds Write Vulnerability Vulnerability: Improper Access Control in Intel(R) NUC BIOS Firmware Enables Denial of Service via Local Access Out-of-bounds Read Vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 Out-of-Bounds Read Vulnerability in Application's Project File Parsing Critical Business Logic Vulnerability in fossbilling/fossbilling prior to 0.5.0 Cleartext Credential Vulnerability in myMail App for iOS Stored Cross-Site Scripting (XSS) Vulnerability in MonsterInsights Pro Stored Cross-Site Scripting (XSS) Vulnerability in GetButton Chat Button Plugin Stored XSS Vulnerability in Radical Web Design GDPR Cookie Consent Notice Box Plugin CVE-2023-32295 Unauthenticated Reflected XSS Vulnerability in Kangu para WooCommerce Plugin (<= 2.2.9) Unauthenticated Reflected XSS Vulnerability in Kathy Darling Simple User Listing Plugin <= 1.9.2 GitHub Repository fossbilling/fossbilling Prior to 0.5.0 Missing Authorization Vulnerability Unauthenticated Reflected XSS Vulnerability in Yoast SEO: Local Plugin <= 14.8 Multiple Duplicate Topics Vulnerability in Discourse Insecure File Permissions in Planet Software Prior to Version 2.0.1 Privilege Escalation Vulnerability in Aiven-Extras PostgreSQL Extension (CVE-XXXX) Time Tracker Reports SQL Injection Vulnerability Multiple Heap Overflow and Integer Overflow Vulnerabilities in Sofia-SIP Boolean-based blind SQL injection vulnerability in Anuko TimeTracker Arbitrary File Read and Directory Traversal in PyMdown Extensions Information Disclosure Vulnerability in UJCMS ZIP Package Handler (UJCMS up to 6.0.2) Insecure Direct Object References (IDOR) in DataEase API Interface Improper Organization/Workspace Permission Check in CloudExplorer Lite (CVE-2021-XXXX) Untrusted Actor Access to Endpoints in UmbracoIdentityExtensions Untrusted Code Execution and Console Manipulation in vm2 (CVE-2021-12345) Sandbox Escape Vulnerability in vm2 (Versions up to 3.9.17) Path Traversal Vulnerability in Openfire Administrative Console Unrestricted Organization Access in CloudExplorer Lite Tar Slip Vulnerability in Autolab's MOSS Cheat Checker Functionality Session Persistence Vulnerability in Nextcloud Server Missing Brute-Force Protection on Nextcloud WebDAV Endpoints Critical Deserialization Vulnerability in Zhong Bang CRMEB up to 4.6.0 Parallel Request Execution Vulnerability in Nextcloud Server Multiple Remote Code Execution and Information Disclosure Vulnerabilities in CKAN Arbitrary File Read Vulnerability in Ombi Versions Prior to 4.38.2 Arbitrary Outbound Federation Disabling Vulnerability in Synapse 1.73 and Earlier Heap Buffer Overflow Vulnerability in OpenPrinting CUPS 2.4.2 and Prior Cross-Site Scripting Vulnerability in PostHog-js Library (Versions prior to 1.57.2) XML External Entity Injection (XXE) Vulnerability in IBM Security Access Manager Container Insecure Protocol Vulnerability in IBM Security Verify Access 10.0.0.0 through 10.0.6.1 Improper File Validation in IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) Allows Unauthorized File Downloads Critical Server-Side Request Forgery Vulnerability in Zhong Bang CRMEB up to 4.6.0 (VDB-231504) Insecure Network Calls in IBM Security Verify Access 10.0.0.0 through 10.0.6.1 Vulnerability CVE-2023-32331 HTML Injection Vulnerability in IBM Maximo Application Suite and IBM Maximo Asset Management Improper Access Controls in IBM Maximo Asset Management 7.6.1.3 Sensitive Information Disclosure via URL Parameters in IBM Maximo Asset Management and IBM Maximo Application Suite CVE-2023-32335 Insecure Deserialization Remote Code Execution in IBM InfoSphere Information Server 11.7 IBM Maximo Spatial Asset Management 8.10 SSRF Vulnerability Clear Text Storage of User Credentials in IBM Sterling Secure Proxy and IBM Sterling External Authentication Server Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow Remote Code Execution Vulnerability in Zhong Bang CRMEB up to 4.6.0 Denial of Service Vulnerability in IBM Sterling B2B Integrator Timing-based side channel vulnerability in IBM GSKit RSA Decryption Implementation CVE-2023-32344 Vulnerability: Information Disclosure in Teltonika Remote Management System Vulnerability: Authentication Bypass and Credential Theft in Teltonika Remote Management System Teltonika Remote Management System OpenVPN Server Vulnerability Arbitrary Code Execution via Exposed UCI Configuration Utility in Teltonika RUT Router Firmware Critical Server-Side Request Forgery Vulnerability in mccms up to 2.6.5 (VDB-231506) Teltonika RUT Router Firmware Lua Service OS Command Injection Vulnerability Elevated Privileges Vulnerability Patched in iTunes 12.12.9 for Windows Gatekeeper Bypass Vulnerability Privilege Escalation Vulnerability Patched in iTunes 12.12.9 for Windows Kernel Memory Disclosure Vulnerability Fixed in watchOS 9.5, tvOS 16.5, iOS 16.5, and iPadOS 16.5 File System Vulnerability in macOS: Logic Issue Allows Unauthorized Modification Buffer Overflow Vulnerability Patched in macOS Ventura 13.3 Persistent Access to System Configuration Files After Permission Revocation Type Confusion Vulnerability in iOS, iPadOS, and macOS Allows Arbitrary Code Execution VoiceOver Vulnerability: Password Disclosure in iOS 16.7.2 and iPadOS 16.7.2 Critical Server-Side Request Forgery Vulnerability in mccms up to 2.6.5 (CVE-2021-231507) Print Document Access Vulnerability Cache Access Vulnerability Sensitive Information Exposure in macOS Ventura 13.3 Privacy Preferences Bypass Vulnerability Patched in macOS Ventura 13.4 Sandbox Circumvention Vulnerability in macOS Ventura 13.5 Shake-to-Undo Vulnerability Allows Unauthorized Resurfacing of Deleted Photos Arbitrary Code Execution Vulnerability in Font File Processing Improved Entitlements to Prevent Unauthorized Data Access Vulnerability: Out-of-Bounds Read in 3D Model Processing File System Vulnerability in macOS: Logic Issue Allows Unauthorized Modification Hard-coded Password Vulnerability in OTCMS up to 6.62 (VDB-231508) Vulnerability: Logic Issue in Content Security Policy Wildcard Blocking Sandbox Escape Vulnerability Patched in iOS 16.5, iPadOS 16.5, and macOS Ventura 13.4 Image Processing Vulnerability: Memory Disclosure through Out-of-Bounds Read Use-After-Free Vulnerability Exploited in Apple Devices Vulnerability: Out-of-Bounds Read in 3D Model Processing Improved Entitlements to Prevent Unauthorized File System Modification macOS Sonoma 14 Patch: Buffer Overflow Vulnerability Allows Arbitrary Code Execution Kernel Privilege Escalation via Use-After-Free Vulnerability in macOS macOS Ventura 13.4 Patch: Buffer Overflow Vulnerability Allows Arbitrary Code Execution Server-side Request Forgery (SSRF) Vulnerability in OTCMS up to 6.62 Arbitrary Code Execution Vulnerability in macOS 3D Model Processing Arbitrary Code Execution Vulnerability in macOS and iOS Vulnerability: Out-of-Bounds Read in 3D Model Processing Vulnerability: Code Injection in Xcode's Sensitive Binaries Improved Bounds Checking Patch for Buffer Overflow Vulnerability PDF File Denial-of-Service Vulnerability Patched in iOS 16.5, iPadOS 16.5, and macOS Ventura 13.4 Improved Handling of Temporary Files in macOS: Addressing Privacy Vulnerability Use-After-Free Vulnerability in macOS: Remote Code Execution and App Termination Improved Private Data Redaction for Log Entries: Addressing Privacy Issue in Multiple Apple Operating Systems Improved Redaction of Sensitive Information in iOS 16.5 and Other Apple Operating Systems Path Traversal Vulnerability in OTCMS up to 6.62 (VDB-231510) Unauthenticated Access to Hidden Photos Album via Visual Lookup Shortcut Vulnerability: Unauthorized Access to Sensitive Data Improved Private Data Redaction for Log Entries in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5, and iPadOS 16.5 Arbitrary Code Execution Vulnerability in Apple Operating Systems Lock Screen Contact Information Disclosure Vulnerability File System Vulnerability in macOS: Logic Issue Allows Unauthorized Modification Elevated Privileges Vulnerability Patched in Xcode 15 and Apple OS Updates File System Modification Vulnerability Use-After-Free Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Cache Vulnerability: Unauthorized Access to Sensitive Location Information Path Traversal Vulnerability in OTCMS up to 6.62 (VDB-231511) Vulnerability in iOS, iPadOS, watchOS, and macOS Allows Malicious Apps to Exploit Entitlements and Privacy Permissions Vulnerability: Buffer Overflow in Office Document Parsing Improved Input Validation Fixes Out-of-Bounds Read Vulnerability Improved Redaction of Sensitive Location Information in Multiple Apple Operating Systems Improved Entitlements to Address Privacy Bypass Vulnerability Root Privilege Escalation Vulnerability in macOS Privacy Bypass Vulnerability Fixed in Multiple Apple Operating Systems Sensitive Location Information Exposure Vulnerability Remote Code Execution Vulnerability in Apple Web Content Sandbox Path Traversal Vulnerability in OTCMS up to 6.62 (VDB-231512) Vulnerability: Out-of-Bounds Read Leading to Kernel State Leakage Privacy Bypass Vulnerability Patched in Apple's Latest Updates Use-after-free vulnerability allows for unexpected app termination or arbitrary code execution Race Condition Vulnerability Patched in Multiple Apple Operating Systems macOS Ventura 13.4 Patch: Sandbox Escape Vulnerability Fixed Improved Redaction of Sensitive Location Information in iOS 16.5 and macOS Ventura 13.4 Sensitive Location Information Exposure Vulnerability Vulnerability in watchOS 9.5 allows unauthorized access to user photos and contacts on locked devices File Processing Vulnerability in macOS Monterey, Ventura, and Big Sur: Arbitrary Code Execution and App Termination Improved Bounds Checks Fix Arbitrary Code Execution Vulnerability in iOS 16.5 and iPadOS 16.5 Unbounded Resource Allocation and Initialization Vulnerability in B&R Automation Runtime Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in Apple Devices Improved Handling of Temporary Files in macOS Sonoma 14 Addresses Privacy Vulnerability Privacy Preference Bypass Vulnerability Patched in iOS 16.5 and macOS Ventura 13.4 Improved Memory Handling to Address Buffer Overflow Vulnerability Kernel Memory Bypass Vulnerability in iOS, iPadOS, and watchOS Elevated Privileges Vulnerability Patched in iOS 16.5 and iPadOS 16.5 macOS Ventura 13.3 Patch: Fixing Logic Issue Allowing Unauthorized Root Privilege Access Network Traffic Interception Vulnerability in Apple Music 4.2.0 for Android Root Privilege Escalation Vulnerability in macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5, and watchOS 9.5 Vulnerability: Privacy Preferences Bypass in macOS Ventura 13.5 Vulnerability: Session Hijacking and Weak Password Hashing in BCM-WEB version 3.3.X Improved Handling of Temporary Files in macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5, and watchOS 9.5: Addressing Privacy Vulnerability Arbitrary Code Execution Vulnerability in macOS and iOS Arbitrary Code Execution Vulnerability in Apple Devices Arbitrary Code Execution Vulnerability in macOS Ventura, Safari, iOS, and iPadOS Improved Bounds Checks in macOS Ventura 13.3: Preventing Unexpected System Termination and Kernel Memory Write Vulnerability File Handling Protocol Vulnerability Allows Sandbox Escape in iOS and iPadOS 16.6 Privacy Preference Bypass Vulnerability Patched in Apple Operating Systems Type Confusion Vulnerability in Apple Software Allows Arbitrary Code Execution Vulnerability: Unauthorized Modification of Data in Comments Like Dislike Plugin for WordPress Arbitrary Code Execution Vulnerability in macOS and iOS Shortcut App Settings Access Vulnerability Improper Input Validation in macOS Leads to Denial-of-Service and Memory Disclosure Sandbox Circumvention Vulnerability in macOS Cross-Site Scripting Vulnerability Patched in Safari and Apple Operating Systems Sensitive Information Disclosure Vulnerability in Dell Wyse ThinOS Sensitive Information Disclosure Vulnerability in Dell Wyse ThinOS License Key Stored in Cleartext Vulnerability in PowerPath for Windows Improper Verification of Cryptographic Signature in Dell PowerStore Versions Prior to 3.5 Stored Cross-Site Scripting Vulnerability in Floating Chat Widget WordPress Plugin Improper Access Control Vulnerability in Dell Power Manager Dell Display Manager Application 2.1.1.17 Privilege Escalation Vulnerability Unauthorized Modification Vulnerability in Dell BIOS Allows Unauthorized Access Arbitrary File Creation Vulnerability in DUP Framework Sensitive Information Disclosure Vulnerability in Dell Wyse ThinOS Improper Privilege Management Vulnerability in Dell PowerScale OneFS Improper Access Control Vulnerability in Dell AppSync Embedded Service Enabler Component GitLab EE/CE Vulnerability: Sidekiq Job Processor Blockage Privilege Escalation Vulnerability in Dell PowerEdge BIOS Dell PowerEdge and Precision BIOS Buffer Overflow Vulnerability Critical OS Command Injection Vulnerability in Dell OS10 Networking Switches Dell VxRail Upgrade Functionality Denial-of-Service Vulnerability Improper Certificate Validation Vulnerability in Dell VxRail Authentication Bypass Vulnerability in Dell Power Protect Cyber Recovery Sensitive Information Exposure in Dell ECS Streamer Title: Dell Precision Tower BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution PHP SOAP HTTP Digest Authentication Vulnerability Insecure Operation on Windows Junction / Mount Point Vulnerability in Dell Digital Delivery Arbitrary Folder/File Deletion Vulnerability in Dell Display Manager Application Sensitive Data Exposure Vulnerability in Dell Hybrid Client version 2.0 Improper Access Control Vulnerability in Dell Common Event Enabler 8.9.8.2 for Windows Dell PowerStore Log File Information Disclosure Vulnerability Privilege Escalation Vulnerability in Dell Encryption and Endpoint Security Suite Enterprise Stored Cross-Site Scripting Vulnerability in All-in-one Floating Contact Form WordPress Plugin Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Denial-of-Service Vulnerability in Wyse Management Suite Improper Authorization Vulnerability in Wyse Management Suite Sensitive Information Disclosure Vulnerability in Wyse Management Suite Critical Privilege Escalation Vulnerability in Dell Networking Switches Critical Privilege Escalation Vulnerability in Dell SmartFabric Storage Software Privilege Escalation Vulnerability in Dell PowerScale OneFS 9.5.x Elevation of Privilege Vulnerability in Dell PowerScale OneFS Dell PowerScale OneFS NFS Information Disclosure Vulnerability Privilege Escalation Vulnerability in Dell PowerScale OneFS 8.2x-9.5x Authentication Bypass Vulnerability in Web3 – Crypto Wallet Login & NFT Token Gating Plugin for WordPress (up to version 2.6.0) Improper Privilege Management Vulnerability in Dell PowerScale OneFS 8.2x-9.5x Sensitive Information Disclosure Vulnerability in Dell PowerScale OneFS 9.5.0.x SNMPv3 Default Permissions Vulnerability in Dell PowerScale OneFS 9.5.0.x Dell PowerScale OneFS 9.5.0.x Protection Mechanism Bypass Vulnerability Insufficient Privileges Elevation Vulnerability in Dell PowerScale OneFS Unauthorized Access to Sensitive Information in Dell PowerScale OneFS Stored Cross-Site Scripting (XSS) Vulnerability in Bill Minozzi Block Bad Bots Plugin Stored XSS Vulnerability in Supersoju Block Referer Spam Plugin Stored XSS Vulnerability in Easy Form by AYS Plugin (<= 1.2.0) Unauthenticated Reflected XSS Vulnerability in Tony Zeoli, Tony Hayes Radio Station Plugin CSRF Vulnerability in WoodMart - Multipurpose WooCommerce Theme CSRF Vulnerability in VikBooking Hotel Booking Engine & PMS Plugin CSRF Vulnerability in Sybre Waaijer Pro Mime Types Plugin Unauthenticated Reflected XSS Vulnerability in GTmetrix for WordPress Plugin <= 0.4.6 CSRF Vulnerability in Kainex Wise Chat (Versions n/a - 3.1.3) Arshid Easy Hide Login Plugin <= 1.0.7 - Stored XSS Vulnerability SQL Injection vulnerability in Rolf van Gelder Order Your Posts Manually plugin Unauthenticated Reflected XSS Vulnerability in Rolf van Gelder Order Your Posts Manually Plugin <= 2.2.5 Pass-back Vulnerability in Nessus: Unauthorized Access to Stored SMTP Credentials Unauthenticated Reflected XSS Vulnerability in Rolf van Gelder Order Your Posts Manually Plugin <= 2.2.5 Unauthenticated Reflected XSS Vulnerability in Booking Ultra Pro Plugin <= 1.1.8 CSRF Vulnerability in ShortPixel Adaptive Images Plugin Deserialization of Untrusted Data Vulnerability in GiveWP Plugin CSRF Vulnerability in Himanshu Parashar Google Site Verification Plugin using Meta Tag Stored Cross-Site Scripting (XSS) Vulnerability in Matt Gibbs Custom Field Suite Plugin <= 2.6.2.1 Unauthenticated Reflected XSS Vulnerability in GloriaFood Restaurant Menu Plugin Open Redirect Vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder Unauthenticated Reflected XSS Vulnerability in Ono Oogami WP Chinese Conversion Plugin Arbitrary File Write Vulnerability in Logging System Path Traversal Vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 Allows Remote File Deletion Path Traversal Vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 Allows Remote File Deletion Authentication Bypass Vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 Authentication Bypass Vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 Arbitrary File Creation Vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 Arbitrary File Creation Vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 Remote Code Execution Vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 Remote Code Execution Vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 SQL Injection Vulnerability in Trend Micro Apex Central (On-Premise) Allows Remote Code Execution User Enumeration Vulnerability SQL Injection Vulnerability in Trend Micro Apex Central (On-Premise) Allows Remote Code Execution Vulnerability Title: Cross-Site Scripting (XSS) in Trend Micro Apex Central Dashboard Widgets Vulnerability Title: Cross-Site Scripting (XSS) in Trend Micro Apex Central Dashboard Widgets Cross-Site Scripting (XSS) Vulnerability in Trend Micro Apex Central Dashboard Widgets Vulnerability Title: Cross-Site Scripting (XSS) in Trend Micro Apex Central Dashboard Widgets Vulnerability Title: Cross-Site Scripting (XSS) in Trend Micro Apex Central Dashboard Widgets Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro Apex Central (on-premise) Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro Apex Central (on-premise) Stack-based Buffer Overflow Vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 via Crafted SIM2 File Out-of-Bounds Write Vulnerability in Project File Parsing of CScape_EnvisionRV Cross-Site Request Forgery Vulnerability in Widgets for Google Reviews Plugin for WordPress Arbitrary File Overwrite Vulnerability in Advantech WebAccess/SCADA v9.1.3 and Prior Use-After-Free Vulnerability in Hancom Office 2020 HWord 11.0.0.7520's Footerr Functionality Out-of-bounds Read Vulnerability in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0 Privilege Escalation Vulnerability in Intel(R) ITS Software Improper Access Control in Intel HotKey Services for Windows 10: Potential Denial of Service Vulnerability Out-of-Bounds Read Vulnerability in Cscape!CANPortMigration Chatwork Desktop Application (Mac) 2.6.43 and earlier: Code Injection Allows Unauthorized Access to Audio and Image Data Default Permissions Vulnerability in MAVinci Desktop Software for Intel(R) Falcon 8+ WPS Office 10.8.0.6186 - Remote OS Command Injection Vulnerability Insecure Generation of Cryptographic Keys: A Vulnerability in Landscape Infinite Loop Denial of Service Vulnerability in QEMU VNC Server Server-Status Page Data Leak: Exposing Sensitive System Information and API Vulnerability Open Redirection Vulnerability in Landscape URL Handling Improper Access Control Vulnerability in Trend Micro Apex One and Apex One as a Service Allows Unauthorized Disclosure of Sensitive Information Improper Access Control Vulnerability in Trend Micro Apex One and Apex One as a Service Allows Unauthorized Disclosure of Sensitive Information Time-of-Check Time-Of-Use Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Agent Time-of-Check Time-Of-Use Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Agent Local Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Agent Arbitrary File Upload Vulnerability in Trend Micro Apex One and Apex One as a Service CVE-2022-12345: Path Traversal Bypass in Node.js Experimental Permission Model Privilege Escalation via Deprecated API in Node.js Experimental Policy Mechanism Local File Inclusion Vulnerability in Advantech R-SeeNet 2.4.22 Wavelink Avalanche Manager Message Handling Vulnerability Authentication Bypass Vulnerability in Artifact Access Unrestricted File Upload Vulnerability in Avalanche Versions 6.3.x and Below RemoteControl Server Code Execution Vulnerability Unrestricted File Upload Vulnerability in Avalanche Versions 6.4.1 and Below Sensitive Data Leakage and Resource-Based DoS Vulnerability in Version 6.4.1 Sensitive Data Leakage and Resource-Based DoS Vulnerability in Version 6.4.1 XML External Entity Processing Vulnerability in Ivanti Avalanche decodeToMap. Command Injection Vulnerability in Veritas InfoScale Operations Manager SQL Injection Vulnerability in Veritas InfoScale Operations Manager (VIOM) Race Condition in VideoLAN dav1d: Application Crash in thread_task.c Arbitrary Code Execution Vulnerability in Dynamic Linq Vulnerability: Retention Lock Bypass and SafeMode Disabling in FlashArray Purity Mishandled Initialization of QtSvg QSvgFont m_unitsPerEm Vulnerability Stored XSS Vulnerability in PI Websolution Product Page Shipping Calculator for WooCommerce Plugin Stored Cross-Site Scripting Vulnerability in Plainware Locatoraid Store Locator Plugin Stored XSS Vulnerability in Eji Osigwe DevBuddy Twitter Feed Plugin <= 4.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in Twinpictures Column-Matic Plugin <= 1.3.3 CSRF Vulnerability in Designs & Code Forget About Shortcode Buttons Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WPExperts Password Protected Plugin <= 2.6.2 Stored XSS Vulnerability in Kyle Maurer Don8 Plugin <= 0.4 CSRF Vulnerability in WP All Backup Plugin <= 2.4.3 Stored XSS Vulnerability in John Newcombe eBecas Plugin <= 3.1.3 CSRF Vulnerability in WP Reactions Lite Plugin <= 1.3.8 CSRF Vulnerability in BRANDbrilliance Post State Tags Plugin CSRF Vulnerability in PingOnline Dyslexiefont Free Plugin Authentication Bypass Vulnerability in Dataprobe iBoot PDU Firmware Version 1.43.03312023 or Earlier SQL Injection Vulnerability in Subscribe to Category Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Cloud Primero B.V DBargain Plugin <= 3.0.0 CSRF Vulnerability in Palasthotel Sunny Search Plugin CSRF Vulnerability in Benedict B., Maciej Gryniuk Hyphenator Plugin <= 5.1.5 Stored Cross-Site Scripting (XSS) Vulnerability in Palasthotel Sunny Search Plugin <= 1.0.2 Stored XSS Vulnerability in Wolfgang Ertl weebotLite Plugin <= 1.0.0 Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Video Gallery Plugin <= 1.0.10 Unauthenticated Reflected XSS Vulnerability in A. R. Jones Featured Image Pro Post Grid Plugin <= 5.14 Command Injection Vulnerability in Dataprobe iBoot PDU Firmware 1.43.03312023 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Rank Math SEO Plugin <= 1.0.119 CSRF Vulnerability in LOKALYZE CALL ME NOW Plugin <= 3.0 Versions Unauthenticated Reflected XSS Vulnerability in RedNao Donations Made Easy – Smart Donations Plugin <= 4.0.12 Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro Apex Central (on-premise) Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro Apex Central (On-Premise) Stored Cross-Site Scripting Vulnerability in Pleasanter (Community and Enterprise Editions) 1.3.39.2 and Earlier Arbitrary File Alteration Vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and Earlier Improper Access Control in Intel Unite Android App: Potential Information Disclosure Buffer Overflow Vulnerability in Dataprobe iBoot PDU Firmware Version 1.43.03312023 or Earlier Remote Unauthenticated Denial-of-Service Vulnerability in Mailform Pro CGI 4.3.1.2 and Earlier GLib GVariant Deserialization Slowdown Vulnerability Client-side enforcement bypass vulnerability in WL-WN531AX2 firmware versions prior to 2023526 Unauthenticated Access to Functions in WL-WN531AX2 Firmware Accusoft ImageGear 20.1 Heap-Based Buffer Overflow Vulnerability Arbitrary File Creation and Overwrite Vulnerability in Open Automation Software OAS Platform v18.00.0072 Use-after-free vulnerability in Foxit Reader 12.1.2.15356 allows arbitrary code execution Privilege Escalation Vulnerability in Intel NUC Rugged Kit, NUC Kit, and Compute Element BIOS Firmware Uncontrolled Search Path Vulnerability in Intel(R) oneAPI Toolkit and Component Software Installers Hard-coded Credentials Vulnerability in Archer C50 and C55 Routers Hard-coded Credentials Vulnerability in Dataprobe iBoot PDU Firmware Authentication Bypass Vulnerability in WL-WN531AX2 Firmware Arbitrary File Upload and Command Execution Vulnerability in WL-WN531AX2 Firmware Root Privilege Escalation in WL-WN531AX2 Firmware Snow Monkey Forms v5.1.1 Directory Traversal Arbitrary File Deletion Vulnerability Arbitrary Script Injection Vulnerability in TS Webfonts for SAKURA 3.1.0 and Earlier Cross-Site Request Forgery (CSRF) Vulnerability in TS Webfonts for SAKURA 3.1.2 and Earlier Hidden Functionality Vulnerability in LAN-W300N/RS and LAN-W300N/PR5: Unauthorized Access and Command Execution Floating Point Exception Vulnerability in Sox's read_samples Function Arbitrary File Upload Vulnerability in Advantech WebAccess/SCADA v9.1.3 and Prior Ubuntu Kernels Overlayfs Privilege Escalation Vulnerability Authentication Bypass Vulnerability in Dataprobe iBoot PDU Firmware 1.43.03312023 and Earlier Command Execution Vulnerability in Yifan YF325 v1.0_20221108's validate.so diag_ping_start Functionality CVE-2023-32633 Local Man-in-the-Middle Authentication Bypass Vulnerability in SoftEther VPN XML External Entity (XXE) Vulnerability in XBRL Data Create Application Version 7.0 and Earlier Denial of Service Vulnerability in glib's GVariant Deserialization Arbitrary Code Execution Vulnerability in GBrowse Privilege Escalation Vulnerability in Intel Arc RGB Controller Software XML External Entity (XXE) Vulnerability in Applicant Programme Ver.7.06 and Earlier Hard-coded Credentials Vulnerability in Dataprobe iBoot PDU Firmware Improper Input Validation in Intel(R) QAT Firmware: Privilege Escalation and Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software Heap Buffer Overflow Vulnerability in GLib's GVariant Deserialization Code Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software: Denial of Service via Adjacent Access Authentication Bypass Vulnerability in Yifan YF325 v1.0_20221108's httpd Debug Credentials Functionality Uncontrolled Search Path Element Vulnerability in Intel(R) VROC Software Improper Access Control in Intel(R) XTU Software: Local Privilege Escalation Vulnerability Denial of Service Vulnerability in Nozomi Networks Guardian and CMC Authentication Bypass Vulnerability in CyberPower PowerPanel Enterprise Integer Overflow Vulnerability in GTKWave 3.3.115 Allows Memory Corruption via Specially Crafted .fst File Denial of Service Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software PiiGAB M-Bus Vulnerability: Cross-Site Scripting (XSS) Attack Accusoft ImageGear 20.1: Out-of-Bounds Write Arbitrary Code Execution Vulnerability Improved State Management Fixes User Information Leakage Vulnerability in macOS Ventura 13.5 Path Traversal Vulnerability in Intel(R) NUC Kits & Mini PCs Buffer Overflow Vulnerability in Intel(R) RealSense(TM) ID Software for Intel(R) RealSense(TM) 450 FA (Version 0.25.0) Brute Force Attack Vulnerability in Weintek Weincloud v0.13.6 Unquoted search path vulnerability in Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software Cross-Site Scripting Vulnerability in SUBNET PowerSYSTEM Center Versions 2020 U10 and Prior Bypassing Authentication via Hidden LDAP Authentication in CyberPower PowerPanel Enterprise Uncontrolled Search Path Vulnerability in Intel NUC Kit NUC6i7KYK Thunderbolt 3 Firmware Update Tool Vulnerability: Privilege Escalation in Intel NUC Kits Realtek SD Card Reader Driver Installation Software Privilege Escalation Vulnerability in Intel Battery Life Diagnostic Tool Installation Software Privilege Escalation Vulnerability in Intel(R) RealSense(TM) SDKs v2.53.1 Type Confusion Vulnerability in Foxit Reader 12.1.2.15332's checkThisBox Method Allows Remote Code Execution Exponential Blowup Vulnerability in GLib GVariant Deserialization CVE-2023-32666 Arbitrary Network Request Vulnerability in LuaTeX BuddyBoss 2.2.9 Authorization Bypass Vulnerability: Unauthorized Access and Renaming of User Albums Arbitrary Code Execution Vulnerability in CyberPower PowerPanel Enterprise Server Persistent Cross-Site Scripting Vulnerability in BuddyBoss 2.2.9 Stored XSS Vulnerability in BuddyBoss Platform 2.2.9: Malicious JavaScript Payload Stored via Invitation POST Request SQLLab Authorization Bypass Vulnerability in Apache Superset Elevation of Privilege Vulnerability in HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware Buffer Overflow Vulnerability in HP PC Hardware Diagnostics Windows Vulnerability: Funds can be sent to nonpayable default functions in Vyper contracts prior to version 0.3.8 Tar Slip Vulnerability in Autolab's Install Assessment Functionality Improper User Invitation Stream Access Control in Zulip Server 6.1 and below Privileged User Retains Access to Edit and Delete Messages in Zulip Server Unrestricted File Extension Remote Code Execution in Craft CMS Linux Kernel RelayFS Out of Bounds Memory Access Vulnerability Unrestricted SQL Snippet Editing in Metabase Proxy-Authorization Header Leakage in Requests Library Vulnerability: Deactivated User Login Bypass in Synapse Matrix Homeserver Vulnerability: Bypassing URL Preview Blacklist in Synapse Matrix Homeserver Vulnerability: Unauthorized File Read in Lima Virtual Machines Arbitrary HTML Injection via Clipboard in Kanboard File Upload Vulnerability in Kiwi TCMS Allows for Arbitrary JavaScript Execution Information Disclosure Vulnerability in tgstation-server Invalid Push Notification Payload Crash in parse-server-push-adapter Phishing Attack Vulnerability in Parse Server Allows Upload of Malicious Files Linux Kernel Memory Management Subsystem Use-After-Free Vulnerability Unvalidated CTExponent in libspdm Requester allows for potential cryptographic vulnerability Timing Attack Vulnerability in GOST (GO Simple Tunnel) Arbitrary Code Execution Vulnerability in CodeIgniter's Validation Placeholders Cross-Site Scripting Vulnerability in Decidim External Link Feature Timing Attack Vulnerability in Saleor Core's `validate_hmac_signature` Function Uncaught Exception Vulnerability in Socket.IO Server Privilege Escalation and Arbitrary Code Execution in CKAN Remote Code Execution Vulnerability in SQLite JDBC Library Vulnerability: Insecure File Permissions in nfpm Packaging Denial of Service Vulnerability in MeterSphere 2.9.1 and Prior Versions Unauthorized Access to Sensitive Information in SICK ICR890-4 Arbitrary Shell Command Execution in LuaTeX Improper Input Validation in QNX SDP Networking Stack: Information Disclosure and Denial-of-Service Vulnerability XML Parser Denial of Service Vulnerability in Splunk Enterprise Privilege Escalation Vulnerability in Splunk Enterprise and Splunk Cloud Platform HTTP Response Splitting Vulnerability in Splunk Enterprise and Splunk Cloud Platform Information Disclosure Vulnerability: Hashed User Credentials Exposed in Splunk Enterprise and Splunk Cloud Unauthenticated Remote Information Disclosure in SICK ICR890-4 REST API Unauthorized Data Transfer Vulnerability in Splunk Enterprise and Splunk Cloud Platform Stored Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise Dashboard View ANSI Escape Code Injection Vulnerability in Splunk Enterprise and Universal Forwarder Privilege Escalation Vulnerability in Splunk App for Stream Path Traversal Vulnerability in Splunk App for Lookup File Editing Remote Code Execution Vulnerability in Splunk App for Lookup File Editing Denial of Service Vulnerability in Splunk Enterprise and Splunk Cloud Platform Unauthenticated Access to Splunk Search Results Overwrite Vulnerability Cleartext Transmission of Sensitive Information in SICK ICR890-4 Stored XSS Vulnerability in Zabbix Maps Element with Leading Spaces in URL Field Buffer Overflow Vulnerability in zbxjson Module: zbx_json_open Function LDAP Request Vulnerability Ducktape Object Memory Pointer Vulnerability Session Hijacking Vulnerability Buffer Overflow Vulnerability in DNS Server Response Handling Zabbix Server Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Zabbix Agent 2's smart.disk.get Item Key Unauthenticated Remote Access Control Vulnerability in SICK ICR890-4 gRPC HTTP2 Stack Header Size Exceeded Vulnerability Vulnerability: gRPC Connection Termination via Base64 Encoding Error Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, macOS, and watchOS Stored XSS Vulnerability in Alkaweb Eonet Manual User Approve Plugin <= 2.1.3 CSRF Vulnerability in Web_Trendy WP Custom Cursors Plugin Unrestricted Upload Vulnerability in Supplier Management System 1.0 Unauthenticated Reflected XSS Vulnerability in Kunal Nagar Custom 404 Pro Plugin <= 3.8.1 SQL Injection vulnerability in IT Path Solutions PVT LTD Contact Form to Any API VeronaLabs WP SMS Plugin <= 6.1.4 - Unauthenticated Reflected XSS Vulnerability SQL Injection vulnerability in WooCommerce AutomateWoo CSRF Vulnerability in WooCommerce Product Recommendations Plugin CSRF Vulnerability in WooCommerce AutomateWoo Plugin <= 5.7.1 Stored Cross-Site Scripting (XSS) Vulnerability in WooCommerce WooCommerce Brands Plugin <= 1.6.45 User-Controlled Key Authorization Bypass in WooCommerce Bookings Arbitrary Script Execution Vulnerability in Mitel MiVoice Connect Linux DVS Server Arbitrary Role Assignment Vulnerability in Pydio Cells Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System 1.0 SSRF Vulnerability in Pydio Cells Allows Unauthorized Remote Downloads Hardcoded Secret Exposes Cross-Site Scripting (XSS) Vulnerability in Pydio Cells Unrestricted File Upload Vulnerability in L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000 Unrestricted File Upload Vulnerability in OMICARD EDM Insufficient Validation in Thinking Software Efence Login Function Allows SQL Injection Information Disclosure Vulnerability in e-Excellence U-Office Force Website Service Path Traversal Vulnerability in e-Excellence U-Office Force Unrestricted File Upload Vulnerability in e-Excellence U-Office Force Regular Expression Denial of Service (ReDoS) Vulnerability in giturlparse Archer Platform Information Disclosure Vulnerability XML External Entity (XXE) Reference Vulnerability in Dromara HuTool up to 5.8.19 Archer Platform Vulnerability: Unauthorized Access to Sensitive Information via API Calls Archer Platform CSRF Vulnerability Allows Arbitrary Code Execution Insecure Connection Establishment in Qt Network due to HSTS Header Parsing Issue QTextLayout Buffer Overflow in SVG Image Rendering Privilege Escalation Vulnerability in Fabasoft Cloud Enterprise Client 23.3.0.130 XSS Vulnerability in Gitpod Prior to 2022.11.3 with Redirection for Untrusted Protocols Directory Traversal Vulnerability in Symcon IP-Symcon Web Interface Vulnerability: Unauthorized Account Access and Privilege Escalation in MStore API Plugin for WordPress Command Injection Vulnerability in PRTG HL7 Sensor Allows Remote Code Execution Command Injection Vulnerability in PRTG Dicom C-ECHO Sensor Bypassing Audit Detection in Zoho ManageEngine ADAudit Plus 7.1.1 via User Account Suffix Cleartext Master Password Recovery Vulnerability in KeePass 2.x Langchain through 0.0.155: Prompt Injection Vulnerability OPC UA Legacy Java Stack Vulnerability: Uncontrolled Resource Consumption Leading to Server Blockage Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure via Missing Permission Check LFI Vulnerability in WordPress Gallery Plugin Allows Admin Users to Perform Path Traversal Attacks NXLog Manager 5.6.5633 - Cross-Site Scripting (XSS) Vulnerability in 'Full Name' Field CSRF Vulnerability in NXLog Manager 5.6.5633: Unauthorized User Account Manipulation and Deletion NXLog Manager 5.6.5633 - Cross-Site Request Forgery (CSRF) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in WooCommerce Pre-Orders Plugin CSRF Vulnerability in WooCommerce Product Add-Ons Plugin Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons Critical Unauthenticated Stored XSS Vulnerability in MingoCommerce WooCommerce Product Enquiry Plugin Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Video Carousel Slider with Lightbox Plugin User-Controlled Key Authorization Bypass in WooCommerce Shipping Multiple Addresses Local User Exploit: Disabling Palo Alto Networks Cortex XDR Agent on Windows Devices Unauthenticated Reflected XSS Vulnerability in One Rank Math SEO PRO Plugin <= 3.0.35 Unauthenticated Reflected XSS Vulnerability in WooCommerce Composite Products Plugin Unauthenticated Reflected XSS Vulnerability in WooCommerce Pre-Orders Plugin Out-of-bounds Write Vulnerability in Arm GPU Userspace Drivers Insecure Default Value in Power Leads to Local Privilege Escalation Possible Out of Bounds Write Vulnerability in WLAN Driver Possible Out of Bounds Read Vulnerability in WLAN Service Improper Access Control in Bluetooth Driver Allows for Local Sensitive Information Leak Improper Access Control in Bluetooth Driver Allows for Local Sensitive Information Leak Bluetooth Driver Out of Bounds Read Vulnerability Out of Bounds Write Vulnerability in Connectivity System Driver Possible Out of Bounds Write Vulnerability in GNSS Service Possible Out of Bounds Write Vulnerability in GNSS Service Possible Out of Bounds Read Vulnerability in GNSS Service Possible Out of Bounds Read Vulnerability in GNSS Service Possible Out of Bounds Read Vulnerability in GNSS Service Possible Out of Bounds Read Vulnerability in GNSS Service Type Confusion Vulnerability in vdec: Local Privilege Escalation without User Interaction Potential Local Information Disclosure Vulnerability in Display Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XSOAR Engine Software Remote Denial of Service Vulnerability in WLAN Firmware Critical Vulnerability: Local Privilege Escalation via Permissions Bypass in Video Processing Out of Bounds Write Vulnerability in FTM (ALPS07994229) Memory Corruption Vulnerability in rpmb with Missing Bounds Check Double Free Vulnerability in rpmb with Improper Locking Bluetooth Service Out of Bounds Read Vulnerability Out of Bounds Write Vulnerability in Camera Middleware Out of Bounds Write Vulnerability in Camera Middleware Integer Overflow Vulnerability in VPU Allows for Local Privilege Escalation Integer Overflow Vulnerability in apusys: Local Privilege Escalation without User Interaction TVAPI Out of Bounds Write Vulnerability Insufficiently Random PIN Values in WLAN Driver: Local Information Disclosure Vulnerability Race Condition Vulnerability Allows Local Privilege Escalation without User Interaction Type Confusion Vulnerability in secmem: Local Privilege Escalation without User Interaction Type Confusion Vulnerability in keyinstall Allows for Local Privilege Escalation Integer Overflow Vulnerability in Display Module Critical Out-of-Bounds Write Vulnerability Allows Local Privilege Escalation Out of Bounds Write Vulnerability in dpe with Local Privilege Escalation Out of Bounds Write Vulnerability in dpe with Local Privilege Escalation CCCI Modem Out of Bounds Write Vulnerability (MSV-862) 5G Modem Remote Denial of Service Vulnerability 5G Modem Remote Denial of Service Vulnerability 5G Modem Remote Denial of Service Vulnerability 5G Modem Remote Denial of Service Vulnerability 5G Modem Remote Denial of Service Vulnerability 5G Modem Remote Denial of Service Vulnerability Audio Out of Bounds Write Vulnerability Allows Local Privilege Escalation Type Confusion Vulnerability in vdec: Local Privilege Escalation without User Interaction Out of Bounds Write Vulnerability in cmdq Integer Overflow Vulnerability in Decoder: Local Privilege Escalation with User Interaction Required Out of Bounds Write Vulnerability in Decoder CameraISP Information Disclosure Vulnerability Out of Bounds Write Vulnerability in rpmb Out of Bounds Write Vulnerability in RIL Missing Permission Check Vulnerability in aee Out of Bounds Read Vulnerability in Display Status Check Out of Bounds Read Vulnerability in Display with Local Information Disclosure Missing Data Erasing Vulnerability in GZ Critical Buffer Overflow Vulnerability Allows Local Privilege Escalation Potential Buffer Overflow Vulnerability in Display Component Out of Bounds Read Vulnerability in Display Component Out of Bounds Read Vulnerability in Display Component Out of Bounds Read Vulnerability in Display DRM Out of Bounds Write Vulnerability in Display DRM Out of Bounds Write Vulnerability in Display DRM Possible Memory Corruption Vulnerability with Incorrect Bounds Check Out of Bounds Write Vulnerability in Display DRM Out of Bounds Write Vulnerability in Display DRM Out of Bounds Write Vulnerability in Display DRM Out of Bounds Read Vulnerability in Display DRM CVE-2023-32871 Out of Bounds Write Vulnerability in keyInstall CVE-2023-32873 Remote Code Execution Vulnerability in Modem IMS Stack Potential Local Information Disclosure Vulnerability in keyInstall Potential Local Information Disclosure Vulnerability in keyInstall Critical Vulnerability: Out of Bounds Write in Battery Component Battery Vulnerability: Local Information Disclosure via Missing Bounds Check Critical Out of Bounds Write Vulnerability in Battery Component Battery Vulnerability: Local Information Disclosure via Missing Bounds Check Battery Vulnerability: Integer Overflow Leading to Local Information Disclosure Battery Vulnerability: Memory Corruption and Privilege Escalation Out of Bounds Write Vulnerability in Engineer Mode Possible Information Disclosure Vulnerability in netdagent Memory Corruption Vulnerability in Display DRM Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Modem IMS SMS UA Remote Denial of Service Vulnerability in Modem IMS Stack Out of Bounds Write Vulnerability in Modem IMS Call UA Out of Bounds Write Vulnerability in Modem IMS Call UA Remote Denial of Service Vulnerability in Modem EMM with Improper Input Validation Bluetooth Service Out of Bounds Write Vulnerability Heap-based Buffer Overflow in gpac/gpac prior to 2.2.2 Reflected Cross-Site Scripting Vulnerability in grid-kit-premium WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in SuiteCRM-Core GitHub Repository Cross-site Scripting (XSS) Vulnerability in saleor/react-storefront Arbitrary File Upload Vulnerability in Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin for WordPress OS Command Injection Vulnerability in Synology Router Manager (SRM) OS Command Injection Vulnerability in Synology Router Manager (SRM) Stored XSS Vulnerability in Dazzlersoft Team Members Showcase Plugin <= 1.3.4 Stored Cross-Site Scripting (XSS) Vulnerability in Nose Graze Novelist Plugin <= 1.2.0 CSRF Vulnerability in UpdraftPlus.Com Plugin Leads to Sitewide XSS Unauthenticated Reflected XSS Vulnerability in Zotpress Plugin <= 7.3.3 Stored XSS Vulnerability in HasTheme WishSuite – Wishlist for WooCommerce Plugin <= 1.3.4 CSRF Vulnerability in Made with Fuel Better Notifications for WP Plugin Unauthenticated Reflected XSS Vulnerability in CRUDLab Jazz Popups Plugin <= 1.8.7 CSRF vulnerability in CRUDLab Jazz Popups leads to Stored XSS Authentication Bypass Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems CVE-2023-32969 Use-After-Free Vulnerability in Ubuntu's Accountsservice Allows Local Attackers to Trigger Arbitrary Code Execution Title: Authenticated Administrators Vulnerable to Denial-of-Service Attack in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating System Versions Title: QNAP Operating System Path Traversal Vulnerability Allows Unauthorized Access to Sensitive Data Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Container Station OS Command Injection Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Pipeline: Job Plugin Jenkins LDAP Plugin CSRF Vulnerability: Unauthorized LDAP Server Connection Jenkins Email Extension Plugin Directory Existence Disclosure Vulnerability CSRF Vulnerability in Jenkins Email Extension Plugin Allows Unauthorized Job Manipulation Arbitrary File Write Vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and Earlier Unencrypted Storage of Extra Variables in Jenkins Ansible Plugin Unmasked Extra Variables in Jenkins Ansible Plugin Configuration Form Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins TestNG Results Plugin Jenkins Sidebar Link Plugin Path Restriction Bypass Vulnerability Arbitrary File Upload Vulnerability in Jenkins File Parameter Plugin Jenkins Reverse Proxy Auth Plugin CSRF Vulnerability Jenkins Azure VM Agents Plugin: Credential Enumeration Vulnerability Jenkins Azure VM Agents Plugin CSRF Vulnerability ACL Policy Block Labeling Vulnerability Unauthenticated Remote Code Execution in Jenkins Azure VM Agents Plugin Jenkins SAML Single Sign On (SSO) Plugin 2.0.2 and Earlier Cross-Site Request Forgery (CSRF) Vulnerability Unauthenticated XML Parsing Vulnerability in Jenkins SAML Single Sign On Plugin Jenkins SAML Single Sign On Plugin Vulnerability: Hostname Validation Bypass Unconditional SSL/TLS Certificate Validation Disabling in Jenkins SAML SSO Plugin 2.1.0 and Earlier CSRF Vulnerability in Jenkins SAML Single Sign On Plugin Allows Unauthorized Email Sending Vulnerability: Missing Permission Check in Jenkins SAML Single Sign On (SSO) Plugin Allows Unauthorized Email Sending Session Invalidation Vulnerability in Jenkins CAS Plugin 1.6.2 and Earlier CSRF Vulnerability in Jenkins AppSpider Plugin 1.0.15 and Earlier Unauthenticated Remote Code Execution in Jenkins AppSpider Plugin Unauthenticated Access to CSI Plugin Names in HashiCorp Nomad Unmasked Credentials Vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin Unmasked Credentials in Jenkins HashiCorp Vault Plugin Build Logs Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins TestComplete Support Plugin 2.8.1 and Earlier CSRF Vulnerability in Jenkins Tag Profiler Plugin Allows Resetting of Profiler Statistics Vulnerability: Unauthorized Reset of Profiler Statistics in Jenkins Tag Profiler Plugin Session Invalidation Vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and Earlier CSRF Vulnerability in Jenkins WSO2 Oauth Plugin Allows Account Hijacking Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins LoadComplete Support Plugin 1.0 and Earlier Deserialization of Untrusted Data vulnerability in Apache Johnzon 1.2.20 and earlier Buffer Overflow Vulnerability in Zyxel ATP, USG, and ZyWALL/USG Series Firmware Race Condition in QEMU's Hot-Unplug Feature Allows for Denial of Service Buffer Overflow Vulnerability in Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG Series Firmware Unauthenticated LAN-based OS Command Execution via Crafted PPPoE Configuration in Zyxel ATP and USG Series Firmware Command Injection Vulnerability in Zyxel ATP and USG Series Firmware Remote Command Execution Vulnerability in Zyxel NBG6604 Firmware V1.01(ABIR.1)C0 Core Services Diag Command Information Disclosure Vulnerability MBSSID IE Interpretation Vulnerability in WLAN Firmware WLAN Firmware Vulnerability: Transient DOS Exploit via MLO Parsing UEFI Menu ListVars Test Vulnerability: Memory Corruption in Boot UIM Diag Command Memory Corruption Vulnerability Transient Denial of Service (DoS) Vulnerability in WLAN Host during Channel Switch Announcement (CSA) with Invalid Channel CSV Injection Vulnerability in GitHub Repository Admidio/Admidio Prior to 4.2.9 Transient Denial of Service (DoS) Vulnerability in WLAN Host during Channel Switch Announcement Information Element (CSA IE) with Invalid Channel Graphics Command Packet Memory Corruption Vulnerability HLOS Memory Corruption Vulnerability via User-Space IOCTL Calls CVE-2023-33023 SMS Memory Corruption Vulnerability in AP Firmware Vulnerability: Memory Corruption in Data Modem during Non-Standard SDP Body in VOLTE Call NAN Management Frame Parsing Vulnerability Leads to Transient DOS in WLAN Firmware RSN IE Parsing Vulnerability Leads to Transient DOS in WLAN Firmware WLAN Firmware Vulnerability: Memory Corruption during PMK Cache Memory Copy Remote Code Execution Vulnerability in DSP Service GitHub Repository Access Control Vulnerability PlayReady Use-Case Memory Corruption Vulnerability Vulnerability: Memory Corruption in Automotive Audio Data Transfer Memory Corruption Vulnerability in TZ Secure OS during TA Region Memory Allocation Audio Playback Vulnerability: Memory Corruption with Speaker Protection ADSP Response Command Parsing Vulnerability AFE Callback Function Memory Corruption Vulnerability Untrusted VM Exploits PSCI Vulnerability to Permanently Deny Service in Hypervisor Insecure Key Unwrapping and RPMB Verification Vulnerability in Automotive Cryptography Bus Socket Transport Server Vulnerability: Memory Corruption in Message Reception Automotive Display Vulnerability: Memory Corruption during Image Handle Destruction GitHub Repository Access Control Vulnerability Transient Denial of Service (DoS) Vulnerability in Data Modem during DTLS Handshake WLAN Firmware Assertion Vulnerability: State Confusion in Peer ID Lookup RRC Setup Message Vulnerability: Transient DOS in Modem Transient Denial of Service (DoS) Vulnerability in Modem due to Non-Configured Beam Switch Request with Invalid Bandwidth Part (BWP) TLB Control Message Vulnerability: Transient DOS in Data Modem WLAN Firmware Vulnerability: Memory Corruption via NAN Management Frame Parsing Critical Memory Corruption Vulnerability in Trusted Execution Environment during License Validation Deinitialization Vulnerability: Transient Denial of Service in WLAN Firmware due to Parsing No-Inherit IES WLAN Firmware Vulnerability: Transient Denial of Service (DOS) via T2LM Buffer Parsing Heap Leakage Vulnerability in Multi-Mode Call Processor Leading to Transient Denial of Service (DoS) Critical Access Control Vulnerability in C-DATA Web Management System (CVE-2023-0607) Kernel Memory Corruption Vulnerability in Metadata Parsing GPS HLOS Driver Vulnerability: Cryptographic Issue in Qualcomm GNSS Assistance Data Download Audio Driver Callback Function Vulnerability Beacon-based Transient Denial of Service (DoS) Vulnerability in WLAN Firmware Transient Denial of Service Vulnerability in Multi-Mode Call Processor during UE Policy Container Processing Modem Information Disclosure Vulnerability in SIB5 Processing Vulnerability: Memory Corruption in Audio Processing of VOC Packet Data from ADSP Critical Remote Code Execution Vulnerability in Ruijie RG-EW1200G EW_3.0(1)B11P204 Transient Denial of Service (DoS) Vulnerability in Core due to Uninitialized DDR Memory Check WLAN Firmware Vulnerability: Transient Denial of Service (DOS) via Beacon or Probe-Response Frame Parsing WLAN Firmware Vulnerability: Transient Denial of Service (DoS) Exploit via BTM Request Parsing Remote Code Execution Vulnerability in DSP Services Audio Callback Function Vulnerability Audio Information Disclosure Vulnerability in ADSP Payload CVE-2023-33066 Audio Memory Corruption Vulnerability in START Command for Host Voice PCM Audio Processing Vulnerability: Memory Corruption in IIR Config Data Processing Audio Calibration Data Processing Vulnerability Critical SQL Injection Vulnerability in miniCal 1.0.0 (VDB-231803) Insecure Authentication Leads to Transient DOS Vulnerability in Automotive OS Critical Memory Corruption Vulnerability in Automotive OS Graphics Functionality Core Control Function Memory Corruption Vulnerability Audio Memory Corruption Vulnerability Triggered by SSR Event After Music Playback Vulnerability: Memory Corruption in Core during Rollback Version Update with TA and OTA Feature Enabled Authorization Token to HIDL Vector Conversion Vulnerability CVE-2023-33078 Audio Memory Corruption Vulnerability Deserialization Vulnerability in whaleal IceFrog 1.1.8's Aviator Template Engine (VDB-231804) Vendor Specific IE Parsing Vulnerability Transient Denial of Service Vulnerability in TWT Frame Parameter Conversion MBO IE Memory Corruption Vulnerability Critical Vulnerability: Memory Corruption in WLAN Host during RRM Beacon Processing CVE-2023-33084 AON Data Processing Vulnerability Leads to Memory Corruption in Wearables CVE-2023-33086 RX Intent Request Memory Corruption Vulnerability Vulnerability: Memory Corruption in Vdev Parsing of Command Parameters NULL Buffer Vulnerability in WLAN vdev Parsing Cross-Site Scripting (XSS) Vulnerability in SourceCodester Resort Reservation System 1.0 CVE-2023-33090 Bluetooth Pin Reply Memory Corruption Vulnerability VK Synchronization Vulnerability: Memory Corruption with KASAN Enabled CVE-2023-33095 CVE-2023-33096 FTMR Frame Processing Vulnerability Leads to Transient DOS in WLAN Firmware WPA IES Parsing Vulnerability: Transient Denial of Service (DoS) CVE-2023-33099 Critical SQL Injection Vulnerability in Agro-School Management System 1.0 (CVE-2021-231806) CVE-2023-33100 CVE-2023-33101 CVE-2023-33103 CVE-2023-33104 CVE-2023-33105 Memory Corruption Vulnerability in IOCTL_KGSL_GPU_AUX_COMMAND when Submitting Large Sync Point List Graphics Linux Vulnerability: Memory Corruption in IOCTL Call for Shared Virtual Memory Region Assignment Memory Corruption Vulnerability in Graphics Driver when Destroying Context with KGSL_GPU_AUX_COMMAND_TIMELINE Objects Queued WMI P2P Listen Start Command Vulnerability Cross-Site Scripting (XSS) Vulnerability in PuneethReddyHC Online Shopping System Advanced 1.0 Race Condition Vulnerability in PCM Host Voice Audio Driver CVE-2023-33111 Transient Denial of Service (DoS) Vulnerability in WLAN Firmware via Reassoc Response Frame with RIC_DATA Element Multiple Fragment Memory Corruption Vulnerability NPU Memory Corruption Vulnerability Triggered by Concurrent NETWORK_UNLOAD Commands CVE-2023-33115 Transient Denial of Service Vulnerability in WIN WLAN Driver when Parsing ieee80211_parse_mscs_ie Buffer Overflow Vulnerability in AVCS_LOAD_MODULE Command Response Handling Memory Corruption Vulnerability in Listen Sound Model Client Payload Buffer Processing CVE-2023-33119 Double Release Vulnerability in Linux Kernel's cpufreq Subsystem Consecutive Memory Map Command Execution Vulnerability in ADSP Audio Null Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Memory Corruption Vulnerability in JT2Go and Teamcenter Visualization Exploiting the .NET and Visual Studio Remote Code Execution Vulnerability Exploiting .NET and Visual Studio Elevation of Privilege Vulnerability Exploiting the .NET and Visual Studio Remote Code Execution Vulnerability SharePoint DoS Vulnerability: Disrupting Microsoft's Collaboration Platform ESM Certificate API OS Command Injection Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Outlook RCE Vulnerability: A Critical Security Flaw in Microsoft's Email Client Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel SharePoint Server Remote Code Execution Vulnerability Exploiting .NET and Visual Studio Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Azure DevOps Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Visual Studio Code Execution Vulnerability Zip File Command Injection Vulnerability Exploiting Microsoft OneNote Spoofing Vulnerability YARP Reverse Proxy Denial of Service Vulnerability Unauthenticated Elevation of Privilege Vulnerability in Microsoft SharePoint Server Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Visual Studio Code URL Spoofing Vulnerability Microsoft Edge (Chromium-based) Information Disclosure Vulnerability: Exposing Sensitive Data Exploiting the Microsoft Office Remote Code Execution Vulnerability Unpatched Microsoft Office Elevation of Privilege Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Unauthenticated File Path Disclosure in Jenkins Team Concert Plugin Office Security Feature Bypass Vulnerability: A Potential Breach in Microsoft Office Outlook Email Spoofing Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ActiveX Outlook RCE Vulnerability: A Critical Security Flaw in Microsoft's Email Client Windows Partition Management Driver Privilege Escalation Vulnerability Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Guardian Breached: Microsoft Defender Elevation of Privilege Vulnerability Exposed Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Vulnerability: NULL Pointer Dereference in TIFFClose() Due to Failed Output File Opening SharePoint Server Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Data Leakage Vulnerability Windows Network Load Balancing RCE Vulnerability RPC Runtime DoS Vulnerability SharePoint Server Security Feature Bypass Vulnerability RPC Runtime DoS Vulnerability RPC Runtime DoS Vulnerability RPC Runtime DoS Vulnerability RPC Runtime DoS Vulnerability Use-After-Free Vulnerability in mt7921_check_offload_capability in Linux Kernel ASP.NET and Visual Studio Security Feature Bypass Vulnerability: A Critical Flaw in Web Application Security Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) RPC Runtime DoS Vulnerability RPC Runtime DoS Vulnerability Windows Cryptographic Information Leakage Vulnerability ToUI Flask-Caching User Variable Storage Vulnerability BigBlueButton SSRF Vulnerability in Presentation Download Path Traversal Vulnerability in Xibo CMS Allows Remote Code Execution SQL Injection Vulnerability in Xibo CMS API Route SQL Injection Vulnerability in Xibo CMS: Exfiltration of Data via `nameFilter` Function Cross Site Scripting (XSS) Vulnerability in SourceCodester Resort Management System 1.0 (VDB-231937) SQL Injection Vulnerability in Xibo CMS API Route Sensitive Information Disclosure in Xibo CMS API Routes Unsanitized SVG Conversion Vulnerability in Nextcloud Contacts App Disclosure of Internal Paths in Nextcloud Calendar App Blind SSRF Vulnerability in Nextcloud Mail App Flawed Signature Verification in Django-SES SESEventWebhookView Cross-Site Scripting Vulnerability in Zulip Server's Message Feed Tooltips Vulnerability: Unintentional Password Recording via Show Password Button Insufficient Path Validation Vulnerability in Omni-notes Android App Pomerium Incorrect Authorization Decision Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in iDisplay PlatPlay DS (Version 3.14 and earlier) Improper RBAC Configuration in Sealos Allows Unauthorized Cluster Control Circumvention of Kyverno Seccomp Control in PodSecurity Validation (CVE-2021-12345) Improper Length Validation in ntpd-rs Allows Server Crash Emby Server Vulnerability Allows Unauthorized Administrative Access Unpatched XSS Vulnerability in Craft CMS Quick Post Validation Error Message XSS Vulnerability in Craft CMS 4.4.5 and Earlier Versions Cross Site Scripting (XSS) Vulnerability in Craft CMS 4.4.6 and Earlier Cross-Site Scripting (XSS) Vulnerability in Craft CMS Update Asset Index Utility (Patched in Version 4.4.6) Potential Chat Channel Cache Poisoning Vulnerability in tgstation-server Panic Vulnerability in Rekor's `intoto/v0.0.2` Type Entry Cross-Site Request Forgery Vulnerability in WP Sticky Social Plugin Improper GPU Processing Operations Exploit: Unauthorized Access to Freed Memory LDAP Injection Vulnerability in Bouncy Castle for Java (CVE-2021-29467) Denial of Service Vulnerability in Bouncy Castle's PEMParser Class Race condition and use-after-free vulnerability in Linux kernel drivers/net/ethernet/qualcomm/emac/emac.c Integer Overflow Vulnerability in sysstat 12.7.2 (Incomplete Fix for CVE-2022-39377) CSRF Vulnerability in Krzysztof Wielogórski Stop Referrer Spam Plugin Stored Cross-Site Scripting (XSS) Vulnerability in gsmith Cookie Monster Plugin <= 1.51 SQL Injection Vulnerability in CrawlSpider SEO Change Monitor – Track Website Changes Privilege Escalation Vulnerability in ABB Ability™ zenon nuajik Plugin <= 0.1.0 Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in André Bräkling WP-Matomo Integration (WP-Piwik) Plugin <= 1.0.27 CSRF Vulnerability in Crocoblock JetFormBuilder Plugin Stored XSS Vulnerability in gVectors Display Custom Fields – wpView Plugin CSRF Vulnerability in Tagbox UGC Galleries, Social Media Widgets, User Reviews & Analytics Stored XSS Vulnerability in WooDiscuz – WooCommerce Comments Plugin Firmware Upgrade Flaw: Terminal Bricking Vulnerability Stack Buffer Overflow Vulnerability in Parameter Zone Read and Write Handlers Retrofit Validation Command Buffer Overflow Vulnerability Privilege Escalation Vulnerability in ABB Ability™ zenon Stack-based Buffer Overflow in Firmware Copying Process Heap-based Buffer Overflow in DesFire Key Reading Function Contactless Card Vulnerability: Remote Code Execution via Stack-Based Buffer Overflow SolarWinds Platform: Incorrect Behavior Order Vulnerability SolarWinds Platform: Incorrect Comparison Vulnerability Directory Traversal Remote Code Execution Vulnerability in Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability in Network Configuration Manager SolarWinds Network Configuration Manager: Sensitive Information Exposure Vulnerability SolarWinds Platform: Incorrect Input Neutralization Vulnerability Privilege Escalation Vulnerability in ABB Ability™ zenon Insufficient Input Validation in DPA 2023.2 Leads to XSS Vulnerability Arbitrary Code Execution in Apache Airflow CNCF Kubernetes Provider Version 5.0.0 Command Injection Vulnerability in MXsecurity Version 1.0 SSH CLI Program Hardcoded Credential Vulnerability in MXsecurity Version 1.0 Allows Bypassing Authentication via Arbitrary JWT Tokens Improper-Authentication Vulnerability in TN-5900 Series Firmware v3.3 and Prior Command Injection Vulnerability in TN-4900 and TN-5900 Series Firmware Command Injection Vulnerability in TN-4900 and TN-5900 Series Firmware Privilege Escalation Vulnerability in ABB Ability™ zenon Local Privilege Escalation in Foxit PDF Reader and Editor Vulnerability: Extraction of ECDSA Private Key via Malicious Pallier Key Injection in GG18/GG20 TSS Protocol Vulnerability: Key Extraction in Crypto Wallets Implementing Lindell17 TSS Protocol Insecure Authentication Implementation in STARFACE Web Interface and REST API Unintended API Access Vulnerability in Obsidian before 1.2.2 Arbitrary File Overwrite and Possible Code Execution Vulnerability in Minecraft 1.19 and 1.20 Pre-releases Remote Command Execution Vulnerability in RocketMQ Versions 5.1.0 and Below Unauthenticated Remote WAR File Deployment in Talend Data Catalog Remote Harvesting Server Audio-based Command Injection Vulnerability in Amazon Alexa Software Authorization Bypass Vulnerability in CMS Commander WordPress Plugin Use-After-Free Vulnerability in Linux Kernel 6.3's iopt_unmap_iova_range Weak Permissions on Temporary Files in Akka HTTP File Uploads Double Spending Vulnerability in iden3 snarkjs (<=0.6.11) Due to Lack of PublicSignals Length Validation Remote Code Execution in LabCollector 6.0 through 6.15 via Insufficient File Validation in Message Function LDAP Bind Credentials Exposure on KACE Systems Deployment and Remote Site Appliances 9.0.146 Arbitrary JavaScript Code Injection in Papaya Viewer 1.0.1449 HTML Injection Vulnerability in Verint Engagement Management 15.3 Update 2023R2 Live Chat User Data Form Vulnerability: Trusting Invalid TGTs in pam_krb5 Authentication Openly Viewable User Credentials in WFTPD 3.25 Configuration File Improper Password Masking in Hazelcast Management Center Improper Client Permission Validation in Hazelcast Executor Services OS Command Injection Vulnerability in DTS Monitoring 3.57.0 OS Command Injection Vulnerability in DTS Monitoring 3.57.0 OS Command Injection Vulnerability in DTS Monitoring 3.57.0 OS Command Injection Vulnerability in DTS Monitoring 3.57.0 OS Command Injection Vulnerability in DTS Monitoring 3.57.0 OS Command Injection Vulnerability in DTS Monitoring 3.57.0 Unauthenticated Access to CGI Scripts in PowerShield SNMP Web Pro 1.1 Reflective Cross-Site Scripting (XSS) Vulnerability in Gira Giersiepen Gira KNX/IP-Router Web Interface Directory Traversal Vulnerability in Gira Giersiepen Gira KNX/IP-Router Web Interface Blind SQL Injection Vulnerability in Store Commander scexportcustomers Module for PrestaShop Blind SQL Injection Vulnerability in Store Commander scfixmyprestashop Module Stored Cross-Site Scripting Vulnerability in Custom Field For WP Job Manager WordPress Plugin Blind SQL Injection Vulnerability in Store Commander scquickaccounting Module for PrestaShop Vulnerability: Replay Attack on Nissan Sylphy Classic 2021 Remote Keyfob System Default Credentials Vulnerability in Marval MSM Static Encryption Key Vulnerability in Marval MSM through 14.19.0.12476 Remote Code Execution Vulnerability in Marval MSM Buffer Over-read Vulnerability in Qt's QDnsLookup Stored Cross-Site Scripting (XSS) Vulnerability in Inline Table Editing Application for Confluence Use-after-free vulnerability in bq24190_remove in Linux kernel before 6.2.9 Regular Expression Denial of Service (ReDos) Vulnerability in urlnorm crate for Rust Path Traversal Vulnerability in SpiderControl SCADA Webserver Regular Expression Denial of Service (ReDos) in git-url-parse crate through 0.4.4 for Rust Unvalidated OTP Generation in ebankIT 6 Local Web Server Vulnerability in KaiOS Allows App Enumeration and Manifest Disclosure Arbitrary Command Execution and Data Exposure in KaiOS 3.0 Incorrect Access Control Vulnerability in Cohesity DataProtect Bitcoin Core Denial of Service Vulnerability Local Privilege Escalation in Perimeter81 10.0.0.19 on macOS via Shell Metacharacters in usingCAPath Untrusted Data Deserialization Vulnerability in Fortinet FortiNAC Path Traversal Vulnerability in NEC Corporation Aterm Routers Improper Access Control Vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0: Unauthorized Access to Restricted Resource from Non-Trusted Host Insufficient Session Expiration Vulnerability in Fortinet FortiEDR 5.0.0 - 5.0.1 Static Credentials Bypass Vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 Denial of Service Vulnerability in Fortinet FortiOS and FortiProxy Denial of Service Vulnerability in Fortinet FortiOS and FortiProxy Denial of Service Vulnerability in Fortinet FortiOS and FortiProxy Stack-based Overflow Vulnerability in Fortinet FortiOS and FortiProxy Unauthenticated Reflected XSS Vulnerability in Awesome Motive Duplicator Pro Plugin <= 4.5.11 Path Traversal vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N, and WR8170N allows an attacker to delete specific files. Stored Cross-Site Scripting (XSS) Vulnerability in CRM Perks Contact Form Entries Plugin <= 1.3.0 Unauthenticated Reflected XSS Vulnerability in wppal Easy Captcha Plugin <= 1.0 CSRF Vulnerability in ThemeinProgress WIP Custom Login Plugin CSRF Vulnerability in realmag777 BEAR Plugin <= 1.1.3.1 CSRF Vulnerability in Smart App Banner Plugin CSRF Vulnerability in WooCommerce Follow-Up Emails (AutomateWoo) Plugin Unauthenticated Reflected XSS Vulnerability in WooCommerce Returns and Warranty Requests Plugin (<= 2.1.6) Unrestricted File Upload Vulnerability in WooCommerce AutomateWoo Unauthenticated Reflected XSS Vulnerability in WooCommerce Follow-Up Emails (AutomateWoo) Plugin Arbitrary Script Execution Vulnerability in NEC Corporation Aterm Routers Unauthenticated Reflected XSS Vulnerability in WP-Hijri Plugin <= 1.5.1 CVE-2023-33322 Stored XSS Vulnerability in Repute InfoSystems ARMember Plugin <= 4.0.2 Unauthenticated Reflected XSS Vulnerability in Teplitsa of Social Technologies Leyka Plugin <= 3.30.1 EventPrime Plugin <= 2.8.6 Unauthenticated Reflected XSS Vulnerability Stored XSS Vulnerability in PluginOps MailChimp Subscribe Form Plugin <= 4.0.9.1 Hijiri Custom Post Type Generator Plugin <= 2.4.2 - Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability Arbitrary OS Command Execution Vulnerability in NEC Corporation Aterm Routers SQL Injection vulnerability in WooCommerce AutomateWoo SQL Injection Vulnerability in WooCommerce Product Vendors Unauthenticated Reflected XSS Vulnerability in WooCommerce Product Vendors Plugin Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities in Really Simple Plugins Complianz and Complianz Premium Arbitrary Script Execution in Sophos Sophos iView (EOL: December 31st, 2020) via grpname Parameter Sophos Web Appliance v4.3.9.1 Reflected XSS Vulnerability SQL Injection Vulnerability in Old Age Home Management 1.0 Sensitive Information Exposure via Log Files in Hitachi Ops Center Administrator on Linux IceCMS v1.0.0 Insecure Permissions Vulnerability Cross Site Scripting (XSS) vulnerability in IceCMS v1.0.0 Piwigo 13.6.0 Cross Site Request Forgery (CSRF) Vulnerability in Add Tags Function User Enumeration Vulnerability in TN-5900 Series Version 3.3 and Prior SQL Injection Vulnerability in Piwigo 13.6.0 via /admin/permalinks.php Piwigo 13.6.0 SQL Injection Vulnerability in profile Function Authentication Bypass Vulnerability in Suprema BioStar 2: Unauthorized Access to Server Functionality OS Command Injection Vulnerability in Suprema BioStar 2 before V2.9.1 Path Traversal Vulnerability in Suprema BioStar 2: Unauthorized File Retrieval SQL Injection Vulnerability in Suprema BioStar 2 before 2.9.1 SQL Injection Vulnerability in Control ID IDSecure 4.7.26.0 and Prior: Remote Code Execution Sensitive Information and Password Exfiltration Vulnerability in Control ID IDSecure 4.7.26.0 and Prior Path Traversal Vulnerability in Control ID IDSecure 4.7.26.0 and Prior: Arbitrary File Deletion and Denial of Service Critical Remote Authentication Bypass Vulnerability in PuneethReddyHC Online Shopping System Advanced 1.0 Uncaught Exception Vulnerability in Control ID IDSecure 4.7.26.0 and Prior Hardcoded Cryptographic Key Vulnerability in Control ID IDSecure 4.7.26.0 and Prior Hard-coded Credentials and JWT Bypass Vulnerability in Connected IO v2.1.0 and Prior Clear-text Storage of Passwords and Credentials in Connected IO v2.1.0 and Prior Arbitrary Remote Command Execution in Connected IO v2.1.0 and Prior Stack-Based Buffer Overflow Vulnerability in Connected IO v2.1.0 and Prior Argument Injection Vulnerability in Connected IO v2.1.0 and Prior: Arbitrary OS Command Execution OS Command Injection Vulnerability in Connected IO v2.1.0 and Prior: Arbitrary Command Execution Argument Injection Vulnerability in Connected IO v2.1.0 and Prior Misconfiguration in Connected IO v2.1.0 and prior allows unauthorized device command impersonation Linux Kernel DECnet Networking Protocol Null Pointer Dereference Vulnerability Command Injection Vulnerability in MitraStar GPT-2741GNAC Router (Firmware Version AR_g5.8_110WVN0b7_2) Shelly 4PM Pro Smart Switch 0.11.0 BLE Out of Bounds Read Vulnerability Arbitrary File Upload Vulnerability in MarsCTF 1.2.1 Attachment Upload Interface Reflected XSS Vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 Allows for Login Data Theft Critical SQL Injection Vulnerability in Agro-School Management System 1.0 (VDB-232015) Cross Site Scripting (XSS) Vulnerability in skycaiji v2.5.4 Critical SQL Injection Vulnerability in SourceCodester Online School Fees System 1.0 (VDB-232016) Unrestricted Upload Vulnerability in BlogEngine.Net 3.3.8.0 and Earlier Open Redirect Vulnerability in BlogEngine.NET 3.3.8.0 and Earlier Versions Cross Site Scripting (XSS) vulnerability in Minical 1.0.0 CSRF Vulnerability in Minical 1.0.0 via company.php Recursive Packet Parsing Vulnerability in BIND 9 CSV Injection Vulnerability in Minical 1.0.0 and Earlier: Remote Code Execution via Customer Name Field Directory Traversal Vulnerability in Supermicro X11 and M11 BMC Implementation Arbitrary Command Execution Vulnerability in Supermicro X11 and M11 BMC Implementation Arbitrary Command Execution Vulnerability in Supermicro X11 and M11 BMC Implementation Arbitrary File Upload Vulnerability in User Registration Plugin for WordPress PHP Object Injection Vulnerability in User Registration Plugin for WordPress (up to version 3.0.1) via 'profile-pic-url' Parameter Deserialization Stored XSS Vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 SQL Injection Vulnerability in Sourcecodester Faculty Evaluation System v1.0 via /eval/admin/manage_task.php?id= Stored Cross-Site Scripting Vulnerability in Auto Location for WP Job Manager via Google WordPress Plugin Arbitrary Code Execution Vulnerability in Sourcecodester Faculty Evaluation System v1.0 Arbitrary Command Execution Vulnerability in BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 Sensitive User Information Leakage in LMS by Masteriyo WordPress Plugin Buffer-Overflow Vulnerability in Sogou Workflow v0.10.6 URIParser::parse Buffer Overflow Vulnerability in MITSUBSHI CNC Series Allows Remote Code Execution and DoS Critical Memory Leak Vulnerability in yajl 2.1.0: Exploiting yajl_tree_parse Function Leads to Server Crash NULL Pointer Dereference in iniparser_getlongint due to missing NULL check in iniparser_getstring's return Arbitrary File Overwrite and Remote Code Execution (RCE) in Orthanc before 1.12.0 Remote Manipulation Vulnerability in KramerAV VIA Connect (2) and VIA Go (2) Devices Remote Code Execution Vulnerability in KramerAV VIA Connect (2) and VIA Go (2) Devices Samba's SMB2 Packet Signing Bypass Vulnerability Privilege Escalation and Arbitrary Code Execution Vulnerability in Scada-LTS v2.7.5.2 Buffer Overflow in ReadyMedia (MiniDLNA) Versions 1.1.15 - 1.3.2 Source Code Disclosure Vulnerability in Harmonic NSG 9000-6G Devices SQL Injection Vulnerability in RemoteClinic 2.0's /medicines/stocks.php Endpoint SQL Injection Vulnerability in RemoteClinic Version 2.0's /staff/edit.php File Directory Traversal Vulnerability in Wrangler Command Line Tool Critical Privilege Escalation and Code Execution Vulnerabilities in RemoteClinic 2.0 Time-Based Blind SQL Injection Vulnerability in RemoteClinic 2.0 Post-Authentication Buffer Overflow in TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 via sPort/ePort Parameter in addEffect Function Command Injection Vulnerability in TOTOLINK X5000R Router (Versions V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113) Command Injection Vulnerability in TOTOLINK X5000R Router (CVE-2021-XXXX) IBERMATICA RPS 2019 Information Exposure Vulnerability Cross Site Scripting (XSS) Vulnerability in EyouCMS 1.6.2 Unrestricted File Upload Vulnerability in PrestaShop Ajaxmanager Module HTML Injection Vulnerability in Craft CMS through 4.4.9 Deserialization Vulnerability in xxl-rpc v1.7.0 via com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode Vulnerability: Incorrect Access Control in alist <=3.16.3 Allows Unauthorized File Upload Plaintext Password Retrieval Vulnerability in IBERMATICA RPS 2019 Unauthenticated Arbitrary File Read Vulnerability in KramerAV VIA GO² < 4.0.1.1326 Unauthenticated File Upload Vulnerability in KramerAV VIA GO² < 4.0.1.1326 Critical SQL Injection Vulnerability in KramerAV VIA GO² < 4.0.1.1326 Arbitrary File Read Vulnerability in Jeecg P3 Biz Chat 1.0.5 Cross Site Scripting (XSS) Vulnerability in SoftExpert Excellence Suite 2.1.9 Query Screens Arbitrary File Read Vulnerability in carRental 1.0 Information Disclosure Vulnerability in EmonCMS v11 and Later: Web Directory Path Leakage Directory Traversal Vulnerability in Advent/SSC Inc. Tamale RMS < 23.1 Exposes Contact Information CVE-2023-33528 Command Injection Vulnerability in Tenda G103 Gigabit GPON Terminal Firmware V1.0.0.5 Command Injection Vulnerability in Netgear R6250 Router Firmware Version 1.0.4.48 Command Injection Vulnerability in Netgear Routers CSRF Vulnerability in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G Software Version S10G_3.11.6 Buffer Overflow Vulnerability in TP-Link TL-WR940N, TL-WR841N, and TL-WR740N Routers Buffer Overflow Vulnerability in TP-Link TL-WR940N, TL-WR841N, and TL-WR740N Routers Command Injection Vulnerability in TP-Link TL-WR940N, TL-WR841N, and TL-WR740N Routers QEMU VNC Server NULL Pointer Dereference Denial of Service Vulnerability Hawtio 2.17.2 Path Traversal Vulnerability Denial of Service Vulnerability in Janino Expression Evaluator CVE-2023-33548 Linux Kernel NULL Pointer Dereference Vulnerability in msm_gem_submit.c Heap Buffer Overflow in erofsfsck_dirent_iter function in erofs-utils v1.6 Remote Code Execution Vulnerability in erofs-utils v1.6 via Crafted Filesystem Image Authentication Bypass and Privilege Escalation in Planet Technologies WDRT-1800AX v1.01-CP21 Command Injection Vulnerability in TOTOLink A7100RU V7.4cu.2313_B20191024 SQL Injection Vulnerability in Fuel CMS v1.5.2 via id parameter in Blocks.php Controller Information Disclosure Vulnerability in Ocomon Users-Grid-Data Component Local File Inclusion Vulnerability in OcoMon v4.0.1 via lang Parameter CSRF and Stored XSS Vulnerabilities in Subscribers Text Counter WordPress Plugin Cross Site Scripting (XSS) Vulnerability in PHPJabbers Time Slots Booking Calendar v3.3 Insecure Passwords Vulnerability in PHP Jabbers Time Slots Booking Calendar v 3.3 User Enumeration Vulnerability in PHP Jabbers Time Slots Booking Calendar v3.3 Account Takeover Vulnerability in PHP Jabbers Time Slots Booking Calendar 3.3 Cross Site Scripting (XSS) Vulnerability in PHPJabbers Time Slots Booking Calendar v3.3 Vulnerability: Denial-of-Service (DoS) Attacks in ROS2 Foxy Fitzroy Remote Injection of Malicious ROS2 Nodes in ROS2 Foxy Fitzroy ROS2 Foxy Fitzroy Unauthorized Access Vulnerability: Remote Node Compromise and Data Disclosure Unauthenticated Database Dump Vulnerability in Dolibarr 16.0.5 Arbitrary Code Execution Vulnerability in Sourcecodester Faculty Evaluation System v1.0 Linux Kernel AMD Sensor Fusion Hub Driver Local Denial of Service Vulnerability Server-Side Template Injection (SSTI) vulnerability in Bagisto v1.5.1 Linux Kernel ISH Driver Null Pointer Dereference Vulnerability Cross Site Scripting (XSS) Vulnerability in Phpgurukul Student Study Center Management System V1.0 SQL Injection Vulnerability in Sourcecodester Enrollment System Project V1.0 NULL Pointer Dereference in brcm_nvram_parse() function Cross-Site Scripting (XSS) Vulnerability in User Registration & Login and User Management System v1.0 SQL Injection Vulnerability in Lost and Found Information System v1.0 Heap Use-After-Free Vulnerability in CPython v3.12.0 alpha 7 via ascii_decode() Cross Site Scripting (XSS) Vulnerability in EasyImages2.0 ≤ 2.8.1 via viewlog.php Arbitrary File Upload Vulnerability in phpok v6.4.100 Arbitrary File Deletion Vulnerability in Imperial CMS v7.5 via DelspReFile Function Insecure Storage of S3 Credentials in Red Hat OpenShift Data Science Pipeline Export Heap Buffer Overflow in axTLS v2.1.5's bi_import Function Leads to Denial of Service (DoS) OS Command Injection Vulnerability in Parks Fiberlink 210 Firmware Version V2.1.14_X000 via /boaform/admin/formPing Target_addr Parameter GitLab CE/EE Information Disclosure Vulnerability: Unauthenticated Access to GitHub Import Error Information Insecure Protocol in GL.iNET GL-AR750S-Ext Firmware v3.215 Enables Eavesdropping via Man-in-the-Middle Attack Authentication Token Leakage in GL.iNET GL-AR750S-Ext Firmware v3.215 Command Injection Vulnerability in D-Link DIR-600 B5 Firmware 2.18 Stack Overflow Vulnerability in D-Link DIR-600 B5 Firmware 2.18 via gena.cgi Binary Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via UpdateSnat Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via DelvsList Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via DeltriggerList Interface Information Disclosure Vulnerability in Gitlab CE/EE: Webhook Tokens Exposed in Sidekiq Log Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via EditvsList Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via DelSTList Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via ipqos_lanip_dellist Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via UpdateWanParams Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via EdittriggerList Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via UpdateMacClone Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via ipqos_lanip_editlist Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via DelDNSHnList Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via Edit_BasicSSID_5G Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via SetMobileAPInfoById Interface Regular Expression Denial of Service in GitLab CE/EE via AutolinkFilter in preview_markdown endpoint Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via SetAPWifiorLedInfoById Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via AddMacList Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via Edit_BasicSSID Interface Stack Overflow Vulnerability in H3C Magic R300 Version R300-2100MV100R004 via AddWlanMacList Interface Arbitrary Shipment Deletion Vulnerability in MultiParcels Shipping For WooCommerce WordPress Plugin Bypassing Authorization Rules in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 to v13.0 Authenticated Remote Code Execution (RCE) Vulnerability in Sitecore Experience Platform (XP) v9.3 via /sitecore/shell/Invoke.aspx Authenticated Remote Code Execution (RCE) Vulnerability in Sitecore Experience Platform (XP) v9.3 via /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML Memory Leak Vulnerability in NanoMQ 0.17.2: Exploitable Denial of Service Attack in message.c Use-After-Free Vulnerability in NanoMQ 0.17.2: Denial of Service via nni_mqtt_msg_get_publish_property() Heap Buffer Overflow Vulnerability in NanoMQ 0.17.2: nni_msg_get_pub_pid() Function in message.c Heap Buffer Overflow Vulnerability in NanoMQ 0.17.2: Triggered by nmq_subinfo_decode() in mqtt_parser.c CSRF Vulnerability in MultiParcels Shipping For WooCommerce WordPress Plugin Heap Buffer Overflow Vulnerability in NanoMQ 0.17.2: Triggered by copyn_str() Function in mqtt_parser.c Multiple Cross-Site Scripting (XSS) Vulnerabilities in Church CRM v4.5.3 SQL Injection Vulnerability in ai-dev Module for PrestaShop (Version 0.2.0) SQL Injection Vulnerability in ai-dev aicombinationsonfly (before v0.3.1) via /includes/ajax.php SQL Injection Vulnerability in ai-dev aitable v0.2.2 via /includes/ajax.php SQL Injection Vulnerability in ai-dev aioptimizedcombinations v0.1.3 via /includes/ajax.php DigiExam v14.0.2 Vulnerability: Lack of Integrity Checks for Native Modules Stack Overflow Vulnerability in Tenda AC8V4.0-V16.03.34.06 via timeZone Parameter Stack Overflow Vulnerability in Tenda AC8V4.0-V16.03.34.06 Router Stack Overflow Vulnerability in Tenda AC8V4.0-V16.03.34.06 via deviceId Parameter Stack Overflow Vulnerability in Tenda AC8V4.0-V16.03.34.06 via shareSpeed Parameter Stack Overflow Vulnerability in Tenda AC8V4.0-V16.03.34.06 Firewall Configuration Stack Overflow Vulnerability in Tenda AC8V4.0-V16.03.34.06 via get_parentControl_list_Info Function CVE-2023-33676 CVE-2023-33677 Remote Code Execution in Chamilo LMS <= v1.11.20 via Command Injection in additional_webservices.php Session Hijacking Vulnerability in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Stored Cross-Site Scripting Vulnerability in About Me 3000 Widget Plugin for WordPress Authenticated Path Traversal Vulnerability in SonicJS v0.7.0 Buffer Overflow Vulnerability in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 via Crafted XML File Information Disclosure Vulnerability in Hutool v5.8.17 and Below via File.createTempFile() Function Indirect Object Reference (IDOR) Vulnerability in SysAid Allows Unauthorized Access to Ticket Data WordPress User Registration Plugin Vulnerability: Sensitive Information Exposure via Hardcoded Encryption Key Memory Leak Vulnerability in mp4v2 v2.1.3: MP4StringProperty in mp4property.cpp Memory Leak Vulnerability in mp4v2 v2.1.3 when Calling MP4File::ReadBytes() Memory Leak Vulnerability in mp4v2 v2.1.3 via MP4File::ReadString() Memory Leak Vulnerability in mp4v2 v2.1.3 via MP4SdpAtom::Read() Stored Cross-Site Scripting Vulnerability in Lana Shortcodes WordPress Plugin Memory Leak Vulnerability in mp4v2 v2.1.2 via MP4BytesProperty Authenticated Remote Code Execution Vulnerability in EDIMAX BR-6288ACL v1.12 via pppUserName Parameter Cross-Site Scripting (XSS) Vulnerability in Broadleaf Commerce 5.x and 6.x Predictable Exact Value Vulnerability in Mitsubishi Electric Corporation GOT2000 and GOT SIMPLE Series Privilege Escalation: Password Retrieval in Microworld Technologies eScan Management Console 14.0.1400.2281 Reflected Cross Site Scripting (XSS) in Microworld Technologies eScan Management Console 14.0.1400.2281 Arbitrary Code Injection via New Policy Form in Microworld Technologies eScan Management Console 14.0.1400.2281 Arbitrary Code Execution Vulnerability in Reportlab v3.6.12 SQL Injection Vulnerability in BlueCMS v1.6 via keywords Parameter at search.php Remote Command Execution Vulnerability in D-Link DIR-846 v1.00A52 via tomography_ping_address Parameter Stored XSS Vulnerability in Dcat-Admin v2.1.3-beta Allows Arbitrary Code Execution Privilege Escalation Vulnerability in Unisign Bookreen: Incomplete List of Disallowed Inputs Improper Access Control in Luowice V3.5.18 Allows Unauthorized Access to Cloud Source Code Information Macrovideo v380pro v1.4.97 Vulnerability: Device ID and Password Disclosure during Sharing Cleartext Storage of Sensitive Information: RSA Private Key in TeleAdapt RoomCast TA-2400 Update.exe Vulnerability: Improper Access Control in TeleAdapt RoomCast TA-2400 1.0 through 3.1 with Android Debug Bridge (adb) Availability TeleAdapt RoomCast TA-2400: Use of Hard-coded Password (PIN) Vulnerability Improper Privilege Management in TeleAdapt RoomCast TA-2400 1.0 through 3.1: Unauthenticated Root Access Path Traversal Vulnerability in CloudPanel v2.2.2 Unrestricted File Upload and OS Command Injection in Unisign Bookreen Stored XSS Vulnerability in mipjz v5.0.5 Allows Arbitrary Code Execution via Description Parameter Stored XSS Vulnerability in mipjz v5.0.5 via Crafted Payload in Name Parameter Unlimited Password Recovery Attempts in Inpiazza Cloud WiFi v4.2.17 and Earlier Directory Traversal Vulnerability in SpreadSheetPlugin of Foswiki v2.1.7 and below SSL Certificate Validation Vulnerability in Splicecom iPCS and iPCS2 Apps Cross-Site Scripting (XSS) Vulnerability in Splicecom Maximiser Soft PBX v1.5 and Earlier Unrestricted Authentication Attempts in SpliceCom Maximiser Soft PBX v1.5 and Earlier SQL Injection Vulnerability in Digital Strategy Zekiweb Default SSL Certificate Vulnerability in SpliceCom Maximiser Soft PBX v1.5 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in eMedia Consulting simpleRedak v2.47.23.05 SQL Injection Vulnerability in eMedia Consulting simpleRedak v2.47.23.05 via Activity Parameter Reflected Cross-Site Scripting (XSS) Vulnerability in eMedia Consulting simpleRedak v2.47.23.05 Stored Cross-Site Scripting (XSS) Vulnerability in eMedia Consulting simpleRedak up to v2.47.23.05 Firmware Signature Verification Bypass Vulnerability in Belkin Wemo Smart Plug WSP080 v1.2 SQL Injection Vulnerability in Veribilim Software Computer Veribase Directory Traversal Vulnerability in Prestashop Amazon v5.2.24 Hardcoded Encryption Key Vulnerability in Draytek Vigor Routers, Access Points, Switches, and Myvigor Firmware Lateral Privilege Escalation Vulnerability in XXL-Job v2.4.1 Stored XSS Vulnerability in TFDi Design smartCARS 3 v0.7.0 and Below via Crafted News Article Payload Arbitrary Command Execution Vulnerability in D-Link DIR-842V2 v1.0.3 Command Injection Vulnerability in D-Link DIR-842V2 v1.0.3 via iperf3 Diagnostics Function Stored XSS Vulnerability in Netbox v3.5.1's Create Rack Roles Function Stored XSS Vulnerability in Netbox v3.5.1 Create Circuit Types Function Stored XSS Vulnerability in Netbox v3.5.1's Create Tenant Groups Function Stored XSS Vulnerability in Netbox v3.5.1 Create Providers Function Stored XSS Vulnerability in Netbox v3.5.1 Contact Groups Creation Function Wago Web-Based Management Privilege Escalation Vulnerability Stored XSS Vulnerability in Netbox v3.5.1 Create Locations Function Stored XSS Vulnerability in Netbox v3.5.1 Create Provider Accounts Function Stored XSS Vulnerability in Netbox v3.5.1's Create Site Groups Function Stored XSS Vulnerability in Netbox v3.5.1's Create Power Panels Function Stored XSS Vulnerability in Netbox v3.5.1 Create Tenants Function Stored XSS Vulnerability in Netbox v3.5.1 Contact Roles Creation Function Unauthenticated Access to Sensitive Data in Netbox v3.5.1 via GraphQL Database Queries Stored XSS Vulnerability in Netbox v3.5.1 Create Sites Function Stored XSS Vulnerability in Netbox v3.5.1's Create Rack Function Stored XSS Vulnerability in Netbox v3.5.1 Create Contacts Function Critical Remote Code Injection Vulnerability in Wavlink WN579X3 (CVE-2023-6215) Stored XSS Vulnerability in Netbox v3.5.1 Create Regions Function Buffer Overflow Vulnerability in SumatraPDF Reader v3.4.6 Allows DoS via Crafted Text File CVE-2023-33806 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online School Fees System 1.0 Critical SQL Injection Vulnerability Found in hoteldruid v3.0.5 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Game Result Matrix System 1.0 Stored XSS Vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 Critical SQL Injection Vulnerability in SourceCodester Game Result Matrix System 1.0 FUXA 1.1.13 API Remote Command Execution Vulnerability Improper Time-of-Check to Time-of-Use Vulnerability in IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 Sensitive Information Exposure in IBM Security Verify Information Queue 10.0.4 and 10.0.5 Remote Information Disclosure Vulnerability in IBM Security Verify Information Queue 10.0.4 and 10.0.5 Remote Information Disclosure Vulnerability in IBM Security Verify Information Queue 10.0.4 and 10.0.5 Hard-coded Credentials Vulnerability in IBM Security Verify Governance 10.0 Unencrypted Storage and Transmission of Sensitive Information in IBM Security Verify Governance 10.0 Arbitrary Command Execution Vulnerability in IBM Security Verify Governance 10.0 Unvalidated Image Labels in Quay Registry Allow for Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify Governance 10.0 IBM SPSS Modeler on Windows SSL Key Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM TXSeries for Multiplatforms and CICS TX Insecure Cookie Handling Vulnerability in IBM TXSeries for Multiplatforms and CICS TX Debug Mode Vulnerability in IBM TXSeries for Multiplatforms and CICS TX Sensitive Information Exposure via Query Parameters in IBM TXSeries for Multiplatforms and CICS TX Arbitrary File Read Vulnerability in GitLab Timing-based side channel vulnerability in IBM GSKit-Crypto allows remote attackers to obtain sensitive information IBM PowerVM Hypervisor Vulnerability: Sensitive Partition Data Disclosure SQL Injection Vulnerability in IBM Security Guardium 11.4 CVE-2023-33855 Remote Information Disclosure Vulnerability in IBM InfoSphere Information Server 11.7 SQL Injection Vulnerability in a2 Camera Trap Tracking System Integer Overflow and Buffer Overflow in SerialiseValue Function in RenderDoc Integer Overflow and Buffer Overflow in StreamReader::ReadFromExternal in RenderDoc Local Privilege Escalation Vulnerability in RenderDoc Use-After-Free Vulnerability in Foxit PDF Reader 12.1.2.15332 Buffer Overflow Vulnerability in Intel(R) RealSense(TM) ID Software for Intel(R) RealSense(TM) 450 FA (Version 0.25.0) Unlimited Login Attempts Vulnerability Command Injection Vulnerability in Enphase Envoy D7.0.88 Stored Cross-Site Scripting Vulnerability in Lana Text to Image Plugin for WordPress Insecure Inherited Permissions in Intel(R) Ethernet Tools and Driver Install Software: Privilege Escalation Vulnerability Directory Traversal Vulnerability in Iagona ScrutisWeb Versions 2.1.37 and Prior Intel Support Android Application: Local Access Information Disclosure Vulnerability Privilege Escalation Vulnerability: Complete Compromise of Target Machine Uncontrolled Search Path Vulnerability in Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver Improper Access Control in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software: Local Denial of Service Vulnerability Use-After-Free Vulnerability in Foxit Reader 12.1.2.15332 Escalation of Privilege Vulnerability in Intel RealSense ID Software Path Traversal Vulnerability in Intel(R) NUC P14E Laptop Element Audio Install Package Software Music Service Vulnerability: Local Information Disclosure via Missing Permission Check Stored Cross-Site Scripting Vulnerability in Beautiful Cookie Consent Banner for WordPress Music Service Vulnerability: Local Information Disclosure via Missing Permission Check Telephony Service Vulnerability: Local Information Disclosure via Missing Permission Check Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Use-After-Free Vulnerability in Linux Kernel io_uring Subsystem Allows Local Privilege Escalation Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Missing Permission Check in fastDial Service Allows Local Information Disclosure Missing Permission Check in fastDial Service Allows Local Information Disclosure Missing Permission Check in fastDial Service Allows Local Information Disclosure Missing Permission Check in fastDial Service Allows Local Information Disclosure Out of Bounds Write Vulnerability in libimpl-ril Out of Bounds Write Vulnerability in libimpl-ril Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Use-after-free vulnerability in Linux kernel's netfilter subsystem in nf_tables_api.c Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Bluetooth Service Vulnerability: Local Information Disclosure without Execution Privileges Bluetooth Service Vulnerability: Local Information Disclosure without Execution Privileges Possible Local Denial of Service Vulnerability in FM Service with System Execution Privileges Out of Bounds Read Vulnerability in hci_server Allows for Local Denial of Service Possible Out of Bounds Write Vulnerability in iwnpi Server Local Information Disclosure Vulnerability in Contacts Service Missing Permission Check in Contacts Service: Local Information Disclosure Vulnerability IMS Service Vulnerability: Local Information Disclosure without Additional Execution Privileges Local Information Disclosure Vulnerability in Contacts Service Critical SQL Injection Vulnerability in SourceCodester Human Resource Management System 1.0 (CVE-2021-232288) Local Information Disclosure Vulnerability in Contacts Service Local Information Disclosure Vulnerability in VoWiFi Service Local Information Disclosure Vulnerability in Contacts Service Out of Bounds Write Vulnerability in DRM/OEMCrypto: Remote Privilege Escalation Potential Remote Information Disclosure Vulnerability in NIA0 Algorithm in Security Mode Command LTE Protocol Stack Vulnerability: Remote Information Disclosure via Missing Permission Check Possible Local Information Disclosure Vulnerability in Vowifiservice Possible Local Information Disclosure Vulnerability in Vowifiservice Possible Local Information Disclosure Vulnerability in Vowifiservice Command Injection Vulnerability in CP-8031 and CP-8050 MASTER MODULEs PHP Object Injection Vulnerability in Read More & Accordion WordPress Plugin Hard-coded Root Password Hash Vulnerability in CP-8031 and CP-8050 Master Modules Exposed UART Console Login Interface Vulnerability CVE-2023-33923 SQL Injection Vulnerability in Felix Welberg SIS Handball Unauthenticated Reflected XSS Vulnerability in PluginForage WooCommerce Product Categories Selection Widget Plugin CSRF Vulnerability in Supsystic Easy Google Maps Plugin SQL Injection vulnerability in Themeisle Multiple Page Generator Plugin – MPG Stored XSS Vulnerability in Joaquín Ruiz Easy Admin Menu Plugin <= 1.3 Code Injection Vulnerability in fossbilling/fossbilling prior to 0.5.1 CSRF Vulnerability in Ciprian Popescu YouTube Playlist Player Plugin Apache Traffic Server Sensitive Information Exposure Vulnerability Improper Input Validation in Apache Traffic Server (CVE-2021-26691) Stored Cross-Site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP Arbitrary Script Injection in Liferay Portal's App Builder Custom Object Name Field Arbitrary Script Injection in Liferay Portal Modified Facet Widget Session Fixation Vulnerability in fossbilling/fossbilling prior to 0.5.1 Arbitrary Script Injection in Liferay Portal and Liferay DXP Remote Apps Cross-Site Scripting (XSS) Vulnerabilities in Liferay Portal's OAuth2ProviderApplicationRedirect Class Arbitrary Script Injection in Liferay Portal's Web Content Display Widget Arbitrary Script Injection in Liferay Portal and Liferay DXP Account Module Arbitrary Script Injection in Liferay Portal and Liferay DXP SQL Injection Vulnerability in Liferay Portal and Liferay DXP Upgrade Process Cross-Virtual Instance Object Isolation Vulnerability in Liferay Portal and Liferay DXP Cross-Virtual Instance Object Definition Leakage in Liferay Portal 7.4.3.4 through 7.4.3.60 and Liferay DXP 7.4 Unrestricted File Download Vulnerability in Liferay Portal 7.4.3.67 and Liferay DXP 7.4 Update 67 Unverified Email Address Account Creation Vulnerability in Liferay Portal Plaintext Password Storage Vulnerability in TWinSoft Configuration Tool Excessive Resource Consumption Vulnerability in Liferay Portal and Liferay DXP Race Condition Vulnerability in Linux Kernel's vmwgfx Driver Allows Privileged User to Disclose Kernel Information Double-Free Vulnerability in Linux Kernel's vmwgfx Driver gRPC Vulnerability: HPACK Table Accounting Errors Leading to Unwanted Disconnects Unicode RIGHT-TO-LEFT OVERRIDE Character Filename Masking Vulnerability in Minio Console Insecure Direct Object Reference (IDOR) Vulnerability in Kanboard Software Allows Unauthorized File Access Denial of Service Vulnerability in Notation CLI Tool Denial of Service Vulnerability in Notation CLI Tool Insecure Artifact Verification in Notation CLI Tool Critical SQL Injection Vulnerability in Campcodes Retro Cellphone Online Store 1.0 OpenProject Vulnerability: Exposed Project Identifiers in Public Robots.txt Cross-Site Scripting (XSS) Vulnerability in Leantime Project Management System JStachio HTML Injection Vulnerability DataEase Deserialization Vulnerability in Datasource Invalid Transaction Processing Vulnerability in mx-chain-go Drive-By Command Injection Vulnerability in Brook's `tproxy` Server Outbound HTTP Requests Bypass Network Permission Allow List in Deno 1.34.0 and deno_runtime 0.114.0 SQL Injection Vulnerability in EaseProbe before 2.1.0 Missing Access Control Vulnerability in Kanboard Software (Versions < 1.2.30) Stored Cross Site Scripting (XSS) Vulnerability in Kanboard 1.2.30 and below Race Condition Vulnerability in JFS File System of Linux Kernel Kanboard Access Control Vulnerability: Unauthorized Task and Project Title Leakage Stored Cross-Site Scripting Vulnerability in Formcreator Plugin (Versions 2.13.5 and prior) via `##FULLFORM##` Rendering Privilege Escalation Vulnerability in ScyllaDB NULL Pointer Dereference Vulnerability in RIOT-OS Network Stack Race condition vulnerability in RIOT-OS network stack leads to denial of service Out of Bounds Write Vulnerability in RIOT-OS Network Stack Arbitrary JavaScript Execution Vulnerability in Kiwi TCMS Information Disclosure Vulnerability in gpt_academic 3.37 and Prior: Sensitive Information Leakage via Configuration File Handler Critical Denial of Service Vulnerability in GitHub Repository jgraph/drawio (prior to 18.1.3) Denial of Service Vulnerability in Bramble Synchronisation Protocol (BSP) Message Spoofing Vulnerability in Briar before 1.4.22 Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure Lack of Out-of-Band Verification in Briar Introduction Client Allows Man-in-the-Middle Attacks SAP NetWeaver (Design Time Repository) - Version 7.50 Unfavorable Content Type Cross-Site Scripting Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal 7.50 SAP CRM ABAP (Grantor Management) Cross-Site Scripting (XSS) Vulnerability Unauthenticated Remote Code Execution in SAP Web Dispatcher Unauthenticated Reflected Cross-Site Scripting Vulnerability in SAP Enable Now Directory Traversal Vulnerability in SAP NetWeaver (BI CONT ADD ON) Versions 707, 737, 747, 757 Unauthorized Access to CI/CD Variables via Custom Project Templates in GitLab EE SAP SQL Anywhere 17.0 Windows Denial of Service Vulnerability Stored Cross-Site Scripting (Stored XSS) Vulnerability in SAP UI5 Variant Management Unauthorized Cell Value Exposure in SAP BW BICS Communication Layer SQL Injection Vulnerability in B1i Module of SAP Business One - Version 10.0 Unauthenticated Reflected XSS Vulnerability in Robin Wilson BBP Style Pack Plugin <= 5.5.5 Critical Unauthenticated IDOR Vulnerability in WooCommerce Stripe Payment Gateway Plugin CSRF Vulnerability in WP Inventory Manager Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WooCommerce Box Office Plugin CSRF Vulnerability in Etoile Web Design Front End Users Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Marco Milesi Telegram Bot & Channel Plugin <= 3.6.2 Unrestricted File Upload Vulnerability in WPChill Download Monitor Unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability in weDevs WP ERP Plugin <= 1.12.3 Vulnerability: Arbitrary Code Execution via Specially Named Main Branch in GitLab Unauthenticated Reflected XSS Vulnerability in David Lingren Media Library Assistant Plugin ShopConstruct Plugin <= 1.1.2 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Unauthenticated Reflected XSS Vulnerability in Premium Addons for Elementor Premium Addons PRO Plugin Server-Side Request Forgery (SSRF) Vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin CSRF Vulnerability in WooCommerce Shipping Plugin Unauthenticated Reflected XSS Vulnerability in Five Star Restaurant Reservations Plugin Stored Cross-Site Scripting Vulnerability in SoundCloud Shortcode CVE-2023-34020 Unauthenticated Reflected XSS Vulnerability in Andy Moyle Church Admin Plugin (<= 3.7.29) Unauthenticated Reflected XSS Vulnerability in Rakib Hasan Dynamic QR Code Generator Plugin Unauthenticated Reflected XSS Vulnerability in Miled WordPress Social Login Plugin (<= 3.0.4) CSRF Vulnerability in WP Full Auto Tags Manager Plugin CSRF Vulnerability in LWS Hide Login Plugin <= 2.1.6 Unauthenticated Reflected XSS Vulnerability in BrokenCrust This Day In History Plugin <= 3.10.1 Deserialization of Untrusted Data Vulnerability in Recently Viewed Products CSRF Vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional Plugin <= 1.0.7 CSRF Vulnerability in Prem Tiwari Disable WordPress Update Notifications Plugin Unauthenticated User Data Modification Vulnerability in ProfileGrid WordPress Plugin CSRF Vulnerability in Really Simple Plugins Complianz and Complianz Premium CSRF Vulnerability in Pascal Casier bbPress Toolkit Plugin <= 1.0.12 Unauthenticated Reflected XSS Vulnerability in Pascal Casier bbPress Toolkit Plugin <= 1.0.12 CSRF Vulnerability in Malinky Ajax Pagination and Infinite Scroll Plugin Potential Security Bypass in Spring Security and Spring WebFlux Pattern Matching Authorization Rule Misconfiguration in Spring Security with Multiple Servlets Vulnerability: Exposed Forwarded Headers in Reactive Web Applications using Spring HATEOAS HTTP Request Smuggling Vulnerability in VMware Horizon Server VMware Horizon Server Information Disclosure Vulnerability: Exposing Internal Network Configuration Authentication Bypass Vulnerability in Aria Operations for Networks: Exploiting Weak Cryptographic Key Generation Hardcoded Encryption Key Vulnerability in ProfileGrid WordPress Plugin Possible Deserialization Attack Vector in Spring for Apache Kafka Cloud Foundry Routing Release Prior to 0.278.0 Vulnerability: Abuse of HTTP Hop-by-Hop Headers World-writable spring-security.xsd file vulnerability Local Privilege Escalation Vulnerability in VMware Aria Operations Out-of-Bounds Read Vulnerability in VMware Workstation and Fusion Bluetooth Device Sharing VMware Fusion Local Privilege Escalation Vulnerability Privilege Escalation Vulnerability in VMware Fusion (13.x prior to 13.5) Exposure of GraphQL Context Values in Spring for GraphQL vCenter Server DCERPC Protocol Out-of-Bounds Write Vulnerability Unauthenticated Denial of Service Vulnerability in M-Files Server Vulnerability: Unrestricted Deserialization of Data in Spring AMQP Authentication Bypass Vulnerability in VMware Aria Operations for Logs Deserialization Vulnerability in VMware Aria Operations for Logs Allows Authentication Bypass Denial-of-Service (DoS) Vulnerability in Spring Framework 6.0.0 - 6.0.13 with Micrometer Integration Denial-of-Service (DoS) Vulnerability in Reactor Netty HTTP Server with Micrometer Integration Denial-of-Service (DoS) Vulnerability in Spring Boot Actuator Partial Information Disclosure Vulnerability in vCenter Server VMware Tools Local Privilege Escalation Vulnerability SAML Token Signature Bypass Vulnerability in VMware Tools File Descriptor Hijack Vulnerability in open-vm-tools' vmware-user-suid-wrapper Path Traversal Vulnerability in M-Files Classic Web Versions Below 23.6.12695.3 and LTS Service Release Versions Before 23.2 LTS SR3 Authentication Bypass Vulnerability in VMware Cloud Director Appliance 10.5 Cloud Foundry Routing Release Vulnerability: Route Pruning Denial-of-Service (DOS) Attack Directory Traversal Vulnerability in Reactor Netty HTTP Server Missing Access Control in Aria Automation: Unauthorized Access to Remote Organizations and Workflows Privilege Escalation Vulnerability in Workspace ONE Launcher: Exploiting Edge Panel for Unauthorized Access Cross-Site Request Forgery Vulnerability in Subscribe2 WordPress Plugin User Attribute Leakage in AWS DynamoDB Privilege Escalation Vulnerability in Intel(R) NUC BIOS Firmware Improper Array Index Validation Vulnerability in GTKWave 3.3.115 Allows Arbitrary Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in Collabora Online Cross-site Scripting Vulnerability in Decidim's Processes Filter Unauthenticated Remote Data Exfiltration in Decidim's Ransack Library Kyverno Prior to 1.10.0 Allows Bypassing Policies on Resources with deletionTimestamp Field Bypassing Vite Server Options to Read Files from Application Root Unintended Public Attribute Exposure in Strapi Content Types Unauthenticated Access to Config.json in ChuanhuChatGPT Buffer Overflow Vulnerability in cpdb-libs via Improper Use of `scanf(3)` Path Traversal Vulnerability in Thruk's panorama.pm Allows Unauthorized File Upload Database Password Exposure in Hoppscotch Logs Shopware Open Source E-commerce Software: Version Disclosure Vulnerability Multiple Account Sharing Vulnerability in Shopware's Mail Validation Out-of-bounds Read Vulnerability in Contiki-NG OS Out-of-bounds read vulnerability in Contiki-NG ICMP DAO packet processing Polymorphic Field Type Vulnerability in Avo Cross Site Scripting (XSS) Vulnerability in Avo Denial of Service (DoS) Vulnerability in fast-xml-parser Drive-by Command Injection Vulnerability in SRS's `api-server` Server Improper Access Control in GLPI Allows Unauthorized User Data Access Improper Access Control in GLPI Allows Unauthorized Access to KnowbaseItems Vulnerability in mailcow Allows Manipulation of Dovecot Variables via Crafted Passwords Unbounded Resource Consumption Vulnerability in zxcvbn-ts Cross-Site Request Forgery Vulnerability in Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite Plugin for WordPress Flask-AppBuilder User Form Database Error Disclosure Vulnerability Command Injection Vulnerability in `Release PR Merged` Workflow of taosdata/grafanaplugin GitHub Repository Command Injection Vulnerability in JavaCPP Presets Authentication Bypass Vulnerability in Zoom for Windows Clients (CVE-2021-28133) Information Disclosure Vulnerability in Zoom for Windows and MacOS Clients Buffer Overflow Vulnerability in Zoom Meeting SDK (pre-5.13.0) Allows for Denial of Service Privilege Escalation Vulnerability in Zoom Desktop Client for Windows Zoom Client SDK Relative Path Traversal Vulnerability Privilege Escalation Vulnerability in Zoom Rooms for Windows Insecure Temporary File Vulnerability in Zoom Rooms Installer for Windows Stored Cross-Site Scripting Vulnerability in Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite WordPress Plugin Privilege Escalation Vulnerability in Zoom for Windows Clients Privilege Escalation Vulnerability in Zoom for Windows Clients Privilege Escalation Vulnerability in Zoom for Windows Clients Hard-coded Cryptographic Key Vulnerability in SonicWall GMS and Analytics Authentication Bypass Vulnerability in SonicWall GMS and Analytics Web Services Root Privilege Path Traversal Vulnerability in GMS and Analytics Root Privilege File Upload Vulnerability in SonicWall GMS and Analytics OS Command Injection vulnerability in SonicWall GMS and SonicWall Analytics allows arbitrary code execution with root privileges Hardcoded Credentials Vulnerability in SonicWall GMS and Analytics Configuration Files Path Traversal Vulnerability in SonicWall GMS and Analytics GitLab Vulnerability: Unauthorized Source Code Access via Fork Visibility Change Outdated Encryption Vulnerability in SonicWall GMS and Analytics Unauthorized Access to Restricted Web Pages in SonicWall GMS and Analytics Pass-the-Hash Vulnerability in SonicWall GMS and Analytics SQL Injection vulnerability in SonicWall GMS and Analytics allows unauthorized data extraction Unauthorized Access to Administrator Password Hash in SonicWall GMS and Analytics Path Traversal Vulnerability in SonicWall GMS and Analytics Allows Remote File Read Unauthenticated File Upload Vulnerability in SonicWall GMS and Analytics Authentication Bypass Vulnerability in SonicWall GMS and Analytics CAS Web Services Hotspot Management Command Injection Vulnerability Command Injection Vulnerability in Zyxel USG FLEX and VPN Series Firmware Cross-Site Request Forgery Vulnerability in Jenkins Plug-in for ServiceNow DevOps (Versions < 1.38.1) Buffer Overflow Vulnerability in Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, NXC2500, and NXC5500 Firmware Command Injection Vulnerability in Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, NXC2500, and NXC5500 Firmware Cleartext Transmission of Sensitive Information Vulnerability in Hitachi Device Manager Certificate Host Mismatch Vulnerability in Hitachi Device Manager Untrusted Search Path Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Untrusted Search Path Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Privilege Escalation and Arbitrary Value Write Vulnerability in Trend Micro Apex One and Apex One as a Service Security Agent Privilege Escalation and Arbitrary Value Write Vulnerability in Trend Micro Apex One and Apex One as a Service Security Agent Privilege Escalation and Arbitrary Value Write Vulnerability in Trend Micro Apex One and Apex One as a Service Security Agent Unbounded Resource Allocation Vulnerability in Apache Struts Excessive Memory Usage Vulnerability in Apache Any23's TikaEncodingDetector Vulnerability in ImageMagick: Undefined Behavior in SVG, MVG, and Other Coders (CVE-2022-32546) Remote Code Execution Vulnerability in ImageMagick's OpenBlob with --enable-pipes Configuration Shell Command Injection Vulnerability in ImageMagick via VIDEO Encoding/Decoding Options Arbitrary Window Creation Vulnerability in HUAWEI VR Screen Projection Unauthenticated Calling Vulnerability on HUAWEI Devices: Impact on Availability HarmonyOS Products Vulnerable to Service Denial via Early Fingerprint APIs HwWatchHealth Hijacking Vulnerability: App Pop-up Exploitation Huawei Desktop Trustlist Spoofing Vulnerability Privilege Escalation Vulnerability in Notepad App Huawei Desktop Trustlist Spoofing Vulnerability Unauthorized Access Vulnerability in SettingsProvider Module User Profile Module Version Update Determination Vulnerability Window Management Module Permission Control Vulnerability Incomplete Input Parameter Verification in Communication Framework Module: A Gateway to Availability Exploitation Critical Unauthorized Access Vulnerability in AI Touch's Save for Later Feature Abnormal Callbacks Exploit: Triggering System Restart Vulnerability Huawei Desktop Trustlist Spoofing Vulnerability SQL Injection vulnerability in Alex Raven WP Report Post allows unauthorized database access CSRF Vulnerability in SAKURA Internet Inc. TS Webfonts for ??????????? Plugin <= 3.1.2 Thunderbird Filename Spoofing Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 CSRF Vulnerability in Alex Raven WP Report Post Plugin Stored XSS Vulnerability in Miled WordPress Social Login Plugin <= 3.0.4 Stored Cross-Site Scripting (XSS) Vulnerability in Yandex Metrica Counter Plugin <= 1.4.3 Unauthenticated Reflected XSS Vulnerability in BBS e-Theme BBS e-Popup Plugin <= 2.4.5 Unauthenticated Reflected XSS Vulnerability in GrandSlambert Login Configurator Plugin <= 2.1 Unauthenticated Reflected XSS Vulnerability in Chilexpress Woo Official Plugin <= 1.2.9 CSRF Vulnerability in WP-Cache.Com Plugin <= 1.1.1 CSRF Vulnerability in Groundhogg Inc. Groundhogg Plugin <= 2.7.11 SQL Injection Vulnerability in Groundhogg Inc. Groundhogg: from n/a through 2.7.11 Stored Cross-Site Scripting Vulnerability in Querlo Chatbot WordPress Plugin Unauthenticated Reflected XSS Vulnerability in KAPlugins Google Fonts For WordPress Plugin CSRF Vulnerability in WP-Cirrus Plugin <= 0.6.11 CSRF Vulnerability in Peter Shaw LH Password Changer Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Valiano Unite Gallery Lite Plugin <= 1.7.61 Unauthenticated Reflected XSS Vulnerability in Bhavik Patel Woocommerce Order Address Print Plugin <= 3.2 CSRF Vulnerability in NextGen GalleryView Plugin <= 0.5.5 for WordPress Stored XSS Vulnerability in Alan Tien Call Now Icon Animate Plugin <= 0.1.0 Denial of Service Vulnerability in Mongoose HTTP Server Apache InLong Vulnerability: Unauthorized Access to Admin Operations Arbitrary Code Execution via Cross Site Scripting in Zimbra ZCS v.8.8.15 Arbitrary Code Execution and Information Disclosure Vulnerability in Zimbra ZCS 8.8.15 Reachable Assertion and Application Exit in TiXmlDeclaration::Parse in TinyXML Arbitrary Code Execution Vulnerability in InsydeH2O System Firmware Management Runtime Authentication Bypass and Information Disclosure Vulnerability in Keyfactor EJBCA Privilege Escalation Vulnerability in Zoho ManageEngine ServiceDesk Plus and SupportCenter Plus CVE-2023-34198 Type Confusion Vulnerability in V8 Engine: Remote Heap Corruption in Google Chrome URL Injection Vulnerability in Progress OpenEdge OEM and OEE Predictable Paths Vulnerability in imapsync Signature Wrapping Vulnerability in Moov signedxml through 1.0.0 Arbitrary System Command Execution via Unrestricted File Upload in EasyUse MailHunter Ultimate 2023 and Earlier Arbitrary File Extraction Vulnerability in EasyUse MailHunter Ultimate 2023 and Earlier Sensitive System Information Exposure in EasyUse MailHunter Ultimate 2023 and Earlier Use after free vulnerability in Media in Google Chrome prior to 114.0.5735.198 SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier Remote Code Execution via JNDI Deserialization in Apache NiFi Command-Injection Vulnerability in TN-5900 Series Firmware v3.3 and Prior: Remote Code Execution Command-Injection Vulnerability in TN-4900 and TN-5900 Series Firmware Command-Injection Vulnerability in TN-5900 Series Firmware v3.3 and Prior Command-Injection Vulnerability in TN-4900 and TN-5900 Series Firmware Versions v1.2.4 and Prior, v3.3 and Prior Command-Injection Vulnerability in TN-4900 and TN-5900 Series Firmware Bypassing Permission Checks in JetBrains TeamCity (Pre-2023.05) Allows Unauthorized Admin Actions Improper Permission Checks in JetBrains TeamCity Allow Unauthorized Editing of Build Configuration Settings via REST API Use After Free Vulnerability in Google Chrome's Guest View Stored XSS Vulnerability in JetBrains TeamCity Commit Status Publisher Stored XSS Vulnerability in JetBrains TeamCity Show Connection Page Cross-Site Scripting (XSS) Vulnerability in JetBrains TeamCity Plugin Vendor URL (pre-2023.05) Sensitive Password Logging Vulnerability in JetBrains TeamCity Open Redirect Vulnerability in JetBrains TeamCity OAuth Configuration Stored XSS Vulnerability in JetBrains TeamCity NuGet Feed Page Reflected XSS Vulnerability in JetBrains TeamCity Subscriptions Page (Before 2023.05) Brute Force Vulnerability in JetBrains TeamCity Endpoint (pre-2023.05) Authentication Bypass Vulnerability in JetBrains TeamCity Prior to 2023.05 Stored XSS Vulnerability in JetBrains TeamCity GitLab Connection Page Insecure Password Requirements in GitHub Repository CloudExplorer-Dev/CloudExplorer-Lite (prior to v1.2.0) Command Injection Vulnerability in Snowflake Connector for .NET (prior to version 2.0.18) via SSO URL Authentication Command Injection Vulnerability in Snowflake Golang Driver via SSO Browser URL Authentication Command Injection via SSO Browser URL Authentication in Snowflake Connector NodeJS Command Injection via SSO Browser URL Authentication in Snowflake Connector for Python (Versions prior to 3.0.2) Frontrunning Vulnerability in OpenZeppelin Contracts v4.9.0 and v4.3.0 Vulnerability: Leakage of Private Fields in Strapi CMS (Versions prior to 4.10.8) Information Disclosure Vulnerability in Weave GitOps Terraform Controller Remote Code Execution Vulnerability in SABnzbd Local File Inclusion vulnerability in Gatsby framework prior to versions 4.25.7 and 5.9.1 Improper File Access and URL Proxying in Gradio (CVE-2021-XXXX) Regular Expression Denial of Service Vulnerability in GitLab CE/EE Weak Password Vulnerability in Cloudexplorer-lite Use-after-free vulnerability in OpenPrinting CUPS prior to version 2.4.6 Unrestricted Namespace Access in Cilium Gateway API Username Enumeration Vulnerability in TGstation Server (TGS) Reflected XSS Vulnerability in GLPI Versions 9.4.0 to 10.0.7 Unsanitized URL Vulnerability in @udecode/plate-link Doorkeeper Vulnerability: Unauthorized Authorization Requests for Public Clients Open Redirect Vulnerability in Keystone CMS SQL Injection Vulnerability in benjjvi/PyBB M-Files Server Out-of-Bounds Read Vulnerability Information Disclosure Vulnerability in Discourse's New Topics Dismissal Endpoint Server Side Template Injection in Grav CMS (Versions < 1.7.42) Allows Remote Code Execution Arbitrary Code Execution via Template Injection in Grav CMS Insufficient Denylist in Grav CMS Allows Remote Code Execution Command Injection Vulnerability in GLPI Agent 1.5 and Earlier Out-of-Bounds Read Vulnerability in Linux Kernel Remote Code Execution in BMC Patrol Agent Configuration Remote Code Execution via BMC Patrol Agent Configuration Query Arbitrary File Read Vulnerability in Kyocera TASKalfa 4053ci Printers Unauthenticated Access to Organization List in Liferay Portal 7.4.3.81-7.4.3.85 and Liferay DXP 7.4 Update 81-85 Denial of Service Vulnerability in Kyocera TASKalfa 4053ci Printers Username Enumeration Vulnerability in Kyocera TASKalfa 4053ci Printers CVE-2023-34262 CVE-2023-34263 CVE-2023-34264 CVE-2023-34265 CVE-2023-34266 CVE-2023-34267 CVE-2023-34268 CVE-2023-34269 Vulnerability: Cross-Site Request Forgery in Salon Booking System WordPress Plugin CVE-2023-34270 CVE-2023-34271 CVE-2023-34272 CVE-2023-34273 CVE-2023-34274 CVE-2023-34275 CVE-2023-34276 CVE-2023-34277 CVE-2023-34278 CVE-2023-34279 Heap-based Buffer Overflow Vulnerability in ImageMagick's coders/tiff.c CVE-2023-34280 CVE-2023-34281 CVE-2023-34282 CVE-2023-34283 CVE-2023-34284 CVE-2023-34285 CVE-2023-34286 CVE-2023-34287 CVE-2023-34288 CVE-2023-34289 CVE-2023-34290 CVE-2023-34291 CVE-2023-34292 CVE-2023-34293 CVE-2023-34294 CVE-2023-34295 CVE-2023-34296 CVE-2023-34297 CVE-2023-34298 CVE-2023-34299 Heap Buffer Overflow in OpenImageIO's gifinput.cpp File CVE-2023-34300 CVE-2023-34301 CVE-2023-34302 CVE-2023-34303 CVE-2023-34304 CVE-2023-34305 CVE-2023-34306 CVE-2023-34307 CVE-2023-34308 CVE-2023-34309 GitHub Repository PlantUML/PlantUML: Improper Access Control Vulnerability CVE-2023-34310 CVE-2023-34311 Pointer Validation Bypass in Tencent QQ and TIM: Exploiting Write-What-Where Vulnerability Insecure Inherited Permissions in Intel(R) Simics Simulator Software: Potential Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Intel(R) VROC Software Vulnerability: File Retrieval Bypass in Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) Improper Input Validation Vulnerability in Open Automation Software OAS Platform v18.00.0072 Heap Buffer Overflow Vulnerability in Sox's startread Function Buffer Overrun Vulnerability in Linux Netback Driver SSRF Vulnerability in GitHub Repository plantuml/plantuml prior to 1.2023.9 Erratum 1508412: Deadlock Vulnerability in Cortex-A77 Cores Cache Cleaning/Invalidation Vulnerability in Arm Helpers Insufficient Time Window for Precautionary Tearing Down of Shadow Root Page Table Vulnerability C Xenstored Crash Vulnerability due to Negative Quota Assertion Deadlock Vulnerability in Linux Kernel Event Channel Closing Stack Buffer Overflow in libfsimage Inadequate Caching Invalidation in AMD-Vi Specification Leads to Stale DMA Mappings and Unauthorized Memory Access Vulnerabilities in Xen's Handling of AMD CPU Debugging Extensions Vulnerabilities in Xen's Handling of AMD CPU Debugging Extensions Authentication Bypass Vulnerability in AMI MegaRAC SPx12 BMC Vulnerability: Denial of Service in Jami Application due to Special Characters in Nickname Field BMC Code Injection Vulnerability in AMI SPx: Threatening Confidentiality, Integrity, and Availability BMC Pointer Dereference Vulnerability in AMI’s SPx BMC Vulnerability: Untrusted Pointer Dereference in AMI's SPx Arbitrary Shell Command Injection Vulnerability in AMI BMC SPX REST API AMI BMC IPMI Handler Vulnerability: Bypassing Secure Boot Protections AMI BMC IPMI Handler Buffer Overflow Vulnerability Inadequate Encryption Strength Vulnerability in AMI SPx BMC Hard-coded cryptographic key and certificate vulnerability in AMI SPx BMC Authentication Data Leakage in JetBrains Ktor before 2.3.1 HTML Anchor Tag Injection Vulnerability in Jami Messenger on Windows Improper Authentication Vulnerability in Apache Accumulo 2.1.0 AMI BMC SPX REST API Memory Context Vulnerability Arbitrary File Upload and Download Vulnerability in AMI BMC IPMI Handler Arbitrary Shell Command Injection Vulnerability in AMI BMC SPX REST API AMI BMC IPMI Username Oracle Vulnerability AMI BMC SPX REST API Arbitrary File Access Vulnerability Stack-Based Buffer Overflow in Yifan YF325 v1.0_20221108 HTTPD gwcfg.cgi Get Functionality Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Remote Denial-of-Service Vulnerability in AVEVA PI Server Race Condition Vulnerability in Intel(R) NUC BIOS Firmware Allows Privilege Escalation via Local Access SQL Injection Vulnerability in User Activity Log WordPress Plugin Uncontrolled Search Path Element Vulnerability in Intel(R) XTU Software Buffer Underflow Vulnerability in Intel(R) PCM Software: Potential Denial of Service via Network Access Improved Redaction of Sensitive Information in macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5, and watchOS 9.5 Authentication Bypass Vulnerability in Open Automation Software OAS Platform v18.00.0072 Stored Cross-Site Scripting (XSS) Vulnerability in peplink Surf SOHO HW1 v6.3.5 (QEMU) Uncontrolled Search Path Element Vulnerability in Intel(R) Server Board M10JNP2SB Integrated BMC Video Drivers OS Command Injection Vulnerability in peplink Surf SOHO HW1 v6.3.5 (QEMU) Insecure Password Recovery Mechanism in Soar Cloud Ltd. HR Portal Allows Account Takeover Unauthenticated DoS Vulnerability in ASUS RT-AX88U's httpd Unauthenticated DoS Vulnerability in ASUS RT-AX88U's httpd Deadlock Vulnerability in Xpdf 4.04 with PDF Object Stream Length Field Stored Cross-Site Scripting (XSS) Vulnerability in ASUS RT-AX88U Firmware MOVEit Transfer Web Application SQL Injection Vulnerability Insecure Random Number Generator in Progress DataDirect Connect for ODBC for Oracle Buffer Overflow Vulnerability in Progress DataDirect Connect for ODBC Stack-based Buffer Overflow in libutils.so nvram_restore Functionality of Yifan YF325 v1.0_20221108 Use-After-Free Vulnerability in Ichitaro 2023 1.0.1.59372 Figure Stream Parsing Functionality Windows 7 Vulnerability: Full Blind TCP/IP Hijacking Attack Stored Cross-Site Scripting (XSS) Vulnerability in Kanban for WordPress Kanban Boards Plugin GrandSlambert Login Configurator Plugin <= 2.1 Auth. (admin+) Stored Cross-Site Scripting (XSS) Vulnerability CVE-2023-34370 CSRF Vulnerability in Didier Sampaolo SpamReferrerBlock Plugin <= 2.22 Stored Cross-Site Scripting (XSS) Vulnerability in Didier Sampaolo SpamReferrerBlock Plugin <= 2.22 CSRF Vulnerability in Dylan James Zephyr Project Manager Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Rahul Aryan AnsPress Plugin <= 4.3.0 Unauthenticated Reflected XSS Vulnerability in 10Web SEO by 10Web Plugin (<= 1.2.9) Stored Cross-Site Scripting (XSS) Vulnerability in Joseph C Dolson My Content Management Plugin <= 1.7.6 CSRF Vulnerability in WP Hide Post Plugin <= 2.0.10 Unauthenticated Access to MagneticOne Cart2Cart: Magento to WooCommerce Migration Unquoted Windows Search Path Vulnerability in MOVE 4.10.x and Earlier Windows Install Service (mvagtsce.exe) Deserialization of Untrusted Data Vulnerability in Dokan – Best WooCommerce Multivendor Marketplace Solution SQL Injection vulnerability in weDevs WP Project Manager CSRF Vulnerability in Kebo Kebo Twitter Feed Plugin Unrestricted Upload of Dangerous File Type in Akshay Menariya Export Import Menus CSRF Vulnerability in WPClever WPC Smart Wishlist for WooCommerce Plugin Session Hijacking and Authentication Bypass Vulnerability in SEL-451 Resource Exhaustion Vulnerability in SEL-451 Use-after-free vulnerability in MCTP protocol in Linux kernel leads to denial of service Input Validation Vulnerability in SEL-451: Remote Attackers Can Cause Denial of Service and Service Lockout Insecure Inherited Permissions Vulnerability in SEL-5033 AcSELerator RTAC Software: Leveraging/Manipulating Configuration File Search Paths Arbitrary Command Execution Vulnerability in SEL-5037 SEL Grid Configurator Improper Path Validation in Keysight Geolocation Server v2.4.2 and Prior Command Injection Vulnerability in Apache Airflow ODBC Provider Unbounded Resource Allocation Vulnerability in Apache Struts Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation Directory Traversal Vulnerability in Harbinger Offline Player 4.0.6.0.2 Cross-Site Scripting (XSS) Vulnerability in DokuWiki before 2023-04-04a via RSS Titles Path Traversal and Privilege Escalation in Percona Monitoring and Management (PMM) Server 2.x Inadequate Certificate Validation in Qt TLS Implementation Denial of Service Vulnerability in xml-rs Crate (Rust and Crab) Arbitrary JavaScript Payload Injection Vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200/REX 250 Devices Vulnerability: Clickjacking Exploit in TLS Certificate Error Page Firefox Vulnerability: Bypassing Site-Isolation Protections via Redirects to data: URLs Memory Corruption Vulnerabilities in Firefox and Thunderbird Critical Memory Corruption Vulnerability in Firefox 113 SQL Injection Vulnerability in LXCA Web API Allows Unauthorized Access to Events and Data Buffer Overflow Vulnerability in Lenovo Notebook SetupUtility Driver Missing Authorization Vulnerability in Jenkins Plug-in for ServiceNow DevOps (Versions < 1.38.1) Command Injection Vulnerability in LXCA Web API Filesystem Data Replacement Vulnerability Insufficient Input Validation Allows Deletion of LXCA Filesystem Folders CVE-2023-34423 Arbitrary Code Execution Vulnerability in Apple Operating Systems Stack-Based Buffer Overflow in Yifan YF325 v1.0_20221108's httpd manage_request Functionality Escalation of Privilege Vulnerability in Intel(R) RealSense(TM) ID Software Denial-of-Service Vulnerability in Weintek Weincloud v0.13.6 Guest User Emoji Vulnerability Uncontrolled Search Path Vulnerability in Intel Battery Life Diagnostic Tool Software Privilege Escalation Vulnerability in Intel(R) Server Board BIOS Firmware Heap Buffer Overflow Vulnerability in sox's lsx_readbuf Function Weak Hash Algorithm Used for Password Storage in PiiGAB M-Bus Apache InLong Deserialization of Untrusted Data Vulnerability Out-of-Bounds Write Vulnerability in GTKWave 3.3.115 Allows Arbitrary Code Execution Password Retrieval Vulnerability in Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 Race Condition Vulnerability in Intel(R) NUC BIOS Firmware Allows Privilege Escalation via Local Access Stored Cross-Site Scripting Vulnerability in Pleasanter 1.3.47.0 and Earlier Arbitrary Code Injection Vulnerability in GitLab CE/EE Cleartext Transmission Vulnerability in Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 Sensitive Information Exposure Vulnerability in Apache Camel Cross-Site Scripting (XSS) Vulnerability in iTop versions prior to 3.0.4 and 3.1.0 Cross-Site Scripting (XSS) Vulnerability in iTop versions prior to 3.0.4 and 3.1.0 Server-side template injection vulnerability in Grav prior to version 1.7.42 (CVE-2022-2073) allows for remote code execution. Incorrect decoding of return value in delegate call mechanics in ink! 4.0.0 to 4.2.0 Stored Cross-site Scripting (XSS) Vulnerability in Spina CMS GitHub Repository (spinacms/spina) prior to version 2.15.1 Deadlock Vulnerability in CometBFT's PeerState Serialization Vulnerability: Out-of-sync Mempool Data Structures in CometBFT Self-Reflected Cross-Site Scripting Vulnerability in Grav CMS 1.7.42 and Prior Integer Overflow in BitShuffle.java can Cause Fatal Errors Integer Overflow Vulnerability in Snappy-java Compression Algorithm Unrecoverable Fatal Error in Snappy-java Prior to 1.1.10.1 Due to Unchecked Chunk Length Arbitrary File Read Vulnerability in MechanicalSoup Nonce Increment Vulnerability in mx-chain-go Arbitrary Multiproof Forgery Vulnerability in OpenZeppelin Contracts Vulnerability Title: Denial of Service in OpenSSL DH Key Check Tauri 1.4.0 Regression Allows Implicit Access to Unix Dotfiles HTML Injection Vulnerability in PyBB Bulletin Board Server Heap Allocation Vulnerability in Netty's SniHandler Unauthorized Deletion Vulnerability in DataEase Stored Cross-Site Scripting Vulnerability in XWiki Platform Insecure Mail Configuration Access in XWiki Platform Tag Leakage and Document Reference Inference Vulnerability in XWiki Platform Mail Obfuscation Bypass Vulnerability in XWiki Platform H2 Driver Custom Code Execution Vulnerability in Apache NiFi AMI AptioV BIOS Vulnerability: Improper Access Control via Physical Network LDAP Injection Vulnerability in WordPress Active Directory Integration Plugin AMI AptioV BIOS Vulnerability: Improper Access Control via Local Network BMC Vulnerability in AMI SPx: HMAC Generation Missing Cryptographic Step Improper Neutralization of CRLF Sequences in HTTP Headers in AMI SPx BMC BMC Hard-Coded Credentials Vulnerability in AMI SPx Heap-based Buffer Overflow in ImageMagick's ReadTIM2ImageData() Function Heap Use After Free Vulnerability in ImageMagick's ReplaceXmpValue() Function SQL Injection Vulnerability SQL Injection Vulnerability Apache Shiro Path Traversal Authentication Bypass Vulnerability Cross Site Scripting (XSS) Vulnerability in itsourcecode Online Hotel Management System Project In PHP v1.0.0 SQL Injection Vulnerability in itsourcecode Online Hotel Management System Project In PHP v1.0.0 Heap-Buffer-Overflow Vulnerability in NanoMQ 0.17.5's conn_handler Function Critical SQL Injection Vulnerability in IBOS OA 4.5.5: Exploiting actionExport Function in Interview Management Export Component Heap-Use-After-Free Vulnerability in NanoMQ 0.16.5 Critical Remote Command Injection Vulnerability in Ruijie RG-BCR860 2.5.13 Remote File Inclusion Vulnerability in Canto Plugin for WordPress (up to version 3.0.4) via 'wp_abspath' Parameter ETIC Telecom RAS Web Management Portal Authentication Bypass Vulnerability Critical Reflected XSS Vulnerability in HotelDruid 3.0.5 Allows Remote Code Execution and Data Exfiltration CVE-2023-3454 Arbitrary Code Execution Vulnerability in Langchain before 0.0.225 via jira.run('other' substring Arbitrary Code Execution Vulnerability in Langchain 0.0.171's load_prompt Function CSZCMS 1.3.0 SQL Injection Vulnerability SQL Injection Vulnerability in Simple Customer Relationship Management 1.0 via Email Parameter Critical Key Management Vulnerability: Threatening Service Availability and Integrity Stack Buffer Overflow Vulnerability in EZVIZ Products Allows Remote Code Execution Remote Code Execution Vulnerability in EZVIZ Products Vulnerability: Code Replay Attack Exploit in WAFU Keyless Smart Lock v1.0 Kernel Raw Address Leakage Vulnerability in Hang Detector Module: A Threat to Service Confidentiality Critical Buffer Overflow Vulnerability in Geometry Dash v2.113 Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Netgear R6250 Firmware Version 1.0.4.48 Cross Site Scripting (XSS) Vulnerability in Netbox 3.5.1 Create Wireless LAN Groups Function Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn Critical SQL Injection Vulnerability in SourceCodester Shopping Website 1.0 (VDB-232674) Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn SQL Injection Vulnerability in PrestaShop OpartSaveCart Module Arbitrary SQL Command Execution Vulnerability in PrestaShop opartfaq through 1.0.3 SQL Injection Vulnerability in Prestashop OpartPlannedPopup Module Critical SQL Injection Vulnerability in SourceCodester Shopping Website 1.0 (VDB-232675) SQL Injection Vulnerability in Sourcecodester Service Provider Management System v1.0 Unauthenticated Modification of Data and Potential Administrator Account Takeover in Export and Import Users and Customers Plugin for WordPress Denial of Service (DoS) Vulnerability in Aeotec WallMote Switch Firmware v2.3 Denial of Service (DoS) Vulnerability in Fibaro Motion Sensor Firmware v3.4 via Crafted Z-Wave Message Local File Inclusion (LFI) vulnerability in Gibbon v25.0.0 allows arbitrary file inclusion Gibbon v25.0.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary User Account Creation Vulnerability in Ultimate Member WordPress Plugin SQL Injection Vulnerability in Adiscon LogAnalyzer v4.1.13 and Earlier Versions SQL Injection Vulnerability in Jeesite's ${businessTable} Component at /act/ActDao.xml SQL Injection Vulnerability in JeecgBoot v3.5.1 via queryTableDictItemsByCode Component SQL Injection Vulnerability in JeecgBoot v3.5.1 via queryFilterTableDictInfo Component Denial of Service Vulnerability in flexjson 3.3 Denial of Service and Unspecified Impacts in json-io through 4.14.0 Cyclic Dependency Denial of Service Vulnerability in mjson Cyclic Dependency Vulnerability in ph-json (thru 9.5.5) Cyclic Dependency Vulnerability in Sojo 1.1.1 Denial of Service Vulnerability in jmarsden/jsonij through 0.5.2 JSONUtil 5.0 Cyclic Dependency Denial of Service Vulnerability Cyclic Dependency Denial of Service Vulnerability in pbjson Denial of Service Vulnerability in Genson 1.6 via Crafted Object with Cyclic Dependencies User Enumeration Vulnerability in HashiCorp's Vault and Vault Enterprise Denial of Service Vulnerability in Hjson through 3.0.0 Cyclic Dependency Vulnerability in jtidy (r938) Cyclic Dependency Vulnerability in htmlcleaner (<= 2.28) Authentication Bypass Vulnerability in ShowMojo MojoBox Digital Lockbox 1.4 Piwigo 13.7.0 SQL Injection Vulnerability in Users Function Memory Corruption Vulnerabilities in GE Digital CIMPLICITY Arbitrary Code Execution Vulnerability in Greenshot 1.2.10 and Below SQL Injection Vulnerability in Wifi Soft Unibox Administration 3.0 and 3.1 Stored XSS Vulnerability in IsarFlow Portal Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in SimplePHPscripts Classified Ads Script 1.8 (CVE-2021-232710) Incomplete Blacklist Filter in KioWare for Windows Allows Unprivileged Command Prompt Access Incomplete Blacklist Filter in KioWare for Windows Allows Unauthorized Access via File Dialog Box Critical Remote Code Execution Vulnerability in Ruijie Networks Products: RG-EW, RG-NBS, RG-S1930, RG-EG, EAP, RAP, NBC Series Arbitrary File Read Vulnerability in jfinal CMS 5.1.0 Cross Site Scripting (XSS) Vulnerability in PHPgurukl Hostel Management System v.1.0 Cross Site Scripting (XSS) Vulnerability in PHPgurukl User Registration Login and User Management System v.1.0 Cross-Site Scripting (XSS) Vulnerability in SimplePHPscripts Classified Ads Script 1.8 Cross Site Scripting (XSS) Vulnerability in PHPgurukl Small CRM v.1.0 Cross Site Scripting (XSS) Vulnerability in PHPgurukl Hospital Management System v.1.0 Cross Site Scripting (XSS) Vulnerability in PHPgurukl Hostel Management System v.1.0 via Add New Course Cross Site Scripting (XSS) Vulnerability in taocms <=3.0.2 JSESSION ID Privilege Escalation Vulnerability in Xiamen Si Xin Communication Technology Video Management System 3.1-4.1 Stored XSS Vulnerability in Eyoucms v1.6.2 via Crafted Payload in web_recordnum Parameter UI Spoofing Vulnerability in Telegram v9.6.3 on iOS via SFSafariViewController SQL Injection Vulnerability in jeecg-boot 3.5.0 and 3.5.1 via /jeecg-boot/jmreport/show Interface's id Parameter Exploiting Reflected Cross-Site Scripting (XSS) Vulnerability Unauthorized Arbitrary File Upload Vulnerability in jjeecg-boot V3.5.0 Phpgurukul Cyber Cafe Management System 1.0 - Cross-Site Scripting (XSS) Vulnerability in Admin Username Parameter Denial of Service Vulnerability in TOTOLINK CP300+ V5.2cu.7594: RebootSystem Function Root Privilege Escalation Vulnerability in nsroot Account Privilege Escalation Vulnerability in Elenos ETG150 FM Transmitter (Version 3.12) via User Profile Elenos ETG150 FM Transmitter Version 3.12: Improper Access Control Vulnerability Critical Vulnerability: Elenos ETG150 FM Transmitter Version 3.12 Exposes SMTP Credentials and Sensitive Data via Publicly Accessible Memcached Service Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.2.0-beta.2 Deterministic Password Vulnerability in F5 BIG-IP Platforms with Cavium Nitrox FIPS HSM Cards Critical Buffer Overflow Vulnerability in Panasonic KW Watcher Versions 1.00-2.82: Risk of Arbitrary Code Execution Critical Use After Free Vulnerability in Panasonic KW Watcher Versions 1.00-2.82 Allows Arbitrary Code Execution Sensitive Information Disclosure in TechView LA-5570 Wireless Gateway 1.0.19_T53 UART Interface Privilege Escalation Vulnerability in TECHView LA5570 Wireless Gateway Privilege Escalation Vulnerability in TechView LA-5570 Wireless Gateway 1.0.19_T53 Critical SQL Injection Vulnerability in Campcodes Retro Cellphone Online Store 1.0 Vulnerability: Denial of Service (DoS) in Volkswagen Discover Media Infotainment System Software Version 0876 via Crafted Media Files Stored Cross-Site Scripting (XSS) Vulnerability in Annet AC Centralized Management Platform 1.02.040 Error-Based SQL Injection Vulnerability in Property Cloud Platform Management Center 1.0 Arbitrary File Upload Vulnerability in Guantang Equipment Management System v4.12 Arbitrary File Upload Vulnerability in Chemex through 3.7.1 Cross-Site Scripting Vulnerability in SimplePHPscripts Simple Blog 3.2 (VDB-232753) File Upload Vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload Cross-Site Scripting Vulnerability in SimplePHPscripts Event Script 2.1 (VDB-232754) SQL Injection Vulnerability in bloofox v0.5.2.1 via cid Parameter at admin/index.php?mode=settings&page=projects&action=edit SQL Injection Vulnerability in bloofox v0.5.2.1 via gid parameter at admin/index.php?mode=user&page=groups&action=edit SQL Injection Vulnerability in bloofox v0.5.2.1 via lid parameter at admin/index.php?mode=settings&page=lang&action=edit SQL Injection Vulnerability in bloofox v0.5.2.1 via tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit SQL Injection Vulnerability in bloofox v0.5.2.1 via pid Parameter at admin/index.php?mode=settings&page=plugins&action=edit SQL Injection Vulnerability in bloofox v0.5.2.1 via userid parameter at admin/index.php?mode=user&action=edit SQL Injection Vulnerability in bloofox v0.5.2.1 via cid Parameter at admin/index.php?mode=settings&page=charset&action=edit Improper Cryptographic Implementation in Sliver v1.5.x to v1.5.39 Allows Man-in-the-Middle Attacks Cross-Site Scripting Vulnerability in SimplePHPscripts GuestBook Script 2.2 (VDB-232755) Remote Bypass of Chat Censor Filter in 7-Eleven LED Message Cup App Cross Site Scripting (XSS) Vulnerability in RocketSoft Rocket LMS 1.7 Critical SQL Injection Vulnerability in IBOS OA 4.5.5 Reflected Cross-site Scripting (XSS) Vulnerability in Hestia Control Panel (HestiaCP) Uninitialized Pointer Vulnerability in xlsxioread_sheetlist_close() Function Arbitrary Code Execution via XSS in dmarcts-report-viewer Dashboard Broken Access Control in Registration Page of Termenos CWX v8.5.6: Unauthorized Access to Sensitive Information Arbitrary File Upload Vulnerability in eOffice v9.5: Remote Code Execution Command Injection Vulnerability in D-Link Go-RT-AC750 revA_v101b03 Cross-Site Scripting (XSS) Vulnerability in Critters Versions 0.0.17-0.0.19 Firefox LocalStorage Bypass Vulnerability: Unauthorized Tracking Data Storage Stack Overflow in read_callback function in fdkaac before 1.0.5 Heap Buffer Overflow in caf_info function in fdkaac before 1.0.5 Plaintext User Credential Exposure in TP-Link Tapo (v3.1.315 and earlier) Reflected Cross-Site Scripting (XSS) Vulnerability in i-doit Open v24 Login Page HTML Injection Vulnerability in Turnitin LTI Tool/Plugin Version 1.3 Buffer Overflow Vulnerability in TP-Link Archer AX10(EU)_V1.2_230220 Firmware Arbitrary Code Execution via File Upload in ThinkAdmin v6 Directory Browsing Vulnerability in MCL-Net 4.3.5.8788 Webserver Allows Information Disclosure Cross Site Scripting Vulnerability in Microworld Technologies eScan Management Console v.14.0.1400.2281 Cross Site Scripting Vulnerability in Microworld Technologies eScan Management Console v.14.0.1400.2281 Cross Site Scripting Vulnerability in Microworld Technologies eScan Management Console v.14.0.1400.2281 Cross Site Scripting Vulnerability in Microworld Technologies eScan Management Console v.14.0.1400.2281 CSRF Vulnerability in Issabel Issabel-PBX v.4.0.0-6 Allows Remote Privilege Escalation GitLab EE Vulnerability: Unauthorized Name/Path Modification of Public Top-Level Group Cross-Site Scripting (XSS) Vulnerability in angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 DedeCMS Remote Code Execution Vulnerability in tpl.php Directory Traversal Vulnerability in Traggo Server 0.3.0 Insecure CAP_SYS_ADMIN Privileged Mode in Play With Docker < 0.0.2 Arbitrary File Upload Vulnerability in Bludit v3.14.1 Unauthorized Command Injection Vulnerability in Ikuai Router OS ActionLogin Function Insecure Default Vulnerability in Temporal Server Allows Unauthorized Namespace Access Insecure Permissions Vulnerability in PublicCMS <=V4.0.202302 Buffer Overflow Vulnerability in Supermicro Motherboard X12DPG-QR 1.4b: Hijacking Control Flow via SmcSecurityEraseSetupVar Manipulation Arbitrary Code Execution via Cross Site Scripting (XSS) in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 Arbitrary Code Execution via Cross Site Scripting (XSS) in D-Link DI-7500G-CI-19.05.29A Authentication Bypass Vulnerability in PaperCut NG Allows Arbitrary File Upload Directory Traversal Vulnerability in ujcms 6.0.2: File Movement via Rename Feature Assertion Failure in Jerryscript 3.0 (commit 05dbbd1) at ecma_property_hashmap_create Assertion Failure in Jerryscript 3.0 (commit 05dbbd1) at parser_parse_for_statement_start in jerry-core/parser/js/js-parser-statm.c Cross-Site Scripting (XSS) Vulnerability in PHPJabbers Catering System v1.0 Unbounded Memory Access Vulnerability in Silicon Labs Gecko Bootloader Denial of Service (DoS) Vulnerability in Outline.cc for Poppler prior to 23.06.0 Sensitive Information Disclosure in Ujcms v6.0.2 via dir Parameter Uninitialized Buffer Vulnerability in Silicon Labs GSDK v4.3.0 and Earlier: Data Leakage via Malformed GBL File Path Traversal and Local File Inclusion Vulnerability in cmseasy v7.7.7.7 20230520 via add_action Method Clear text password logging vulnerability in Brocade Fabric OS v9.2.0 during downgrade SQL Injection Vulnerability in fossbilling/fossbilling prior to 0.5.3 Unrestricted File Upload Vulnerability in fossbilling/fossbilling prior to 0.5.3 Open Redirect Vulnerability in Fuge CMS v1.0 via /front/ProcessAct.java Open Redirect Vulnerability in Fuge CMS v1.0's member/RegisterAct.java Vulnerability: Stored XSS via CSRF in WP Shopping Pages WordPress Plugin XML Signature Wrapping (XSW) Vulnerability in TOPdesk v12.10.12 SAML-based Single Sign-on Stack Overflow Vulnerability in H3C Magic B1STW B1STV100R012: SetAPInfoById Function Denial of Service (DoS) Cross-Site Request Forgery (CSRF) vulnerability in Casdoor v1.331.0 and below allows arbitrary password changes Stack Overflow Vulnerability in H3C Magic B1STV100R012 Edit_BasicSSID Function Allows DoS via Crafted POST Request Stack Overflow Vulnerability in H3C Magic B1STV100R012's AddMacList Function Allows DoS via Crafted POST Request CSV Injection Vulnerability in fossbilling/fossbilling prior to 0.5.3 Stack Overflow Vulnerability in EditMacList Function of H3C Magic B1STV100R012: DoS via Crafted POST Request Stack Overflow Vulnerability in EditWlanMacList Function of H3C Magic B1STV100R012: Denial of Service (DoS) via Crafted POST Request Stack Overflow Vulnerability in H3C Magic B1STV100R012: Denial of Service (DoS) via Crafted POST Request in UpdateWanMode Function Stack Overflow Vulnerability in H3C Magic B1STV100R012: Denial of Service via Crafted POST Request in UpdateWanParams Function Stack Overflow Vulnerability in H3C Magic B1STV100R012: Denial of Service (DoS) via Crafted POST Request in Edit_BasicSSID_5G Function Stack Overflow Vulnerability in H3C Magic B1STV100R012's AddWlanMacList Function Allows DoS via Crafted POST Request Stack Overflow Vulnerability in H3C Magic B1STV100R012: Exploiting a Denial of Service (DoS) via Crafted POST Request Stack Overflow Vulnerability in H3C Magic B1STV100R012 UpdateSnat Function Allows DoS via Crafted POST Request Remote Code Execution (RCE) Vulnerability in Onlyoffice Community Server via UploadProgress.ashx Buffer Overflow Vulnerability in fwctl Driver Allows Code Execution on Host Stack Overflow Vulnerability in Asus RT-N10LX Router v2.0.0.39 (No Longer Supported) Stored XSS Vulnerability in Asus RT-N10LX Router v2.0.0.39 Stack Overflow Vulnerability in Asus RT-N10LX Router v2.0.0.39 (No Longer Supported) Arbitrary Code Execution via Crafted SVG File Upload in Chamilo 1.11.* up to v1.11.18 Out-of-bounds Write Vulnerability in Unsupported Hitachi EH-VIEW (KeypadDesigner) Allows Arbitrary Code Execution Improper Access Control Allows Unauthorized Document Download in Chamilo 1.11.* up to 1.11.18 Chamilo v1.11.* up to v1.11.18 SSRF Vulnerability in Social and Links Tools Command Injection Vulnerability in Chamilo v1.11.* up to v1.11.18 via wsConvertPpt Component Cross-Site Scripting (XSS) Vulnerability in Chamilo v1.11.x up to v1.11.18 via /feedback/comment Field Arbitrary Access and Modification of Personal Notes in Chamilo v1.11.x up to v1.11.18 Unrestricted Access to /link/ Interface in SSPanel-Uim 2023.3 Leads to User Information Leak Infinite Loop Denial of Service Vulnerability in Samba's mdssvc RPC Service for Spotlight Type Confusion Vulnerability in Samba's mdssvc RPC Service for Spotlight Samba Path Disclosure Vulnerability D-Bus Denial-of-Service Vulnerability Denial of Service Vulnerability in Google Security Processor Firmware in Google Chrome on Chrome OS Improper GPU Processing Operations and Memory Access Vulnerability Inadequate Encryption Strength Vulnerability in QNAP Operating Systems Title: Cleartext Transmission Vulnerability in QNAP Operating Systems Allows Unauthorized Access to Sensitive Data Insufficient Entropy Vulnerability in QNAP Operating Systems Title: Video Station SQL Injection Vulnerability Allows Authenticated Users to Inject Malicious Code Title: Video Station SQL Injection Vulnerability Allows Authenticated Users to Inject Malicious Code Video Station XSS Vulnerability Allows Injection of Malicious Code CVE-2023-34980 Information Leak Vulnerability in Apache Tomcat Local OS-Authenticated User Privilege Escalation Vulnerability Denial of Service Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software Remote Code Execution Vulnerability in Fortinet FortiWeb OS Command Injection Vulnerability in Fortinet FortiWLM OS Command Injection Vulnerability in Fortinet FortiWLM OS Command Injection Vulnerability in Fortinet FortiWLM OS Command Injection Vulnerability in Fortinet FortiWLM OS Command Injection Vulnerability in Fortinet FortiWLM Stored Cross-Site Scripting Vulnerability in Rbs Image Gallery WordPress Plugin SQL Injection Vulnerability in Fortinet FortiWLM OS Command Injection Vulnerability in Fortinet FortiSIEM OS Command Injection Vulnerability in Fortinet FortiWLM Arbitrary Directory Creation Vulnerability in Open Automation Software OAS Platform v18.00.0072 Weak Password Policy in PiiGAB M-Bus Posing Brute Force Vulnerability Insecure Inherited Permissions in Intel Server Configuration Utility Installer: Privilege Escalation Vulnerability Authentication Bypass Vulnerability in Open Automation Software OAS Platform v18.00.0072 Command Injection Vulnerability in RTS VLink Virtual Matrix Software Reflected XSS Vulnerability in GitLab CE/EE Versions 10.0 to 16.2.2 Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability Accusoft ImageGear 20.1 Heap-Based Buffer Overflow Vulnerability Path Traversal Vulnerability in Intel(R) VROC Software Integer Overflow Vulnerability in GTKWave 3.3.115 Allows Arbitrary Code Execution via Crafted .vzt File Sensitive Value Disclosure in Apache Airflow Unauthenticated Information Disclosure Vulnerability in IBM Cognos Analytics Stored Cross-Site Scripting Vulnerability in FormCraft WordPress Plugin Server-Side Request Forgery (SSRF) Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Stack-based Buffer Overflow in IBM Db2 for Linux, UNIX and Windows 11.5 with Federated Configuration Local Privileged User Information Disclosure Vulnerability in IBM Security Verify Governance 10.0 Identity Manager Directory Traversal Vulnerability in IBM Security Verify Governance, Identity Manager 10.0 Arbitrary File Upload Vulnerability in IBM Security Verify Governance 10.0 Arbitrary Command Execution Vulnerability in IBM Security Verify Governance, Identity Manager 10.0 Critical SQL Injection Vulnerability in SourceCodester Shopping Website 1.0 (VDB-232950) Directory Traversal Vulnerability in IBM Sterling Control Center 6.3.0 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Business Automation Open Redirect Vulnerability in Liferay Portal and Liferay DXP Critical Unrestricted Upload Vulnerability in SourceCodester Shopping Website 1.0 (VDB-232951) Arbitrary Code Execution via CSRF in Liferay Portal's Layout Module SEO Configuration Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager (OSFOURK-23554) Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager Remote Code Execution in Atos Unify OpenScape 4000 Assistant and Manager (OSFOURK-24033) Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager SQL Injection Vulnerabilities in MOVEit Transfer Web Application CSRF Vulnerability in WP PDF Generator Plugin <= 1.2.2 Authentication Abuse Vulnerability in Password Reset with Code for WordPress REST API Unrestricted File Upload Vulnerability in SmartWeb Infotech Job Board 1.0 CSRF Vulnerability Exploiting Local File Inclusion in Webpushr Web Push Notifications Plugin Remote Code Execution in GeoServer 2 via wps:LiteralData in wps:Execute Request Unauthenticated Stored XSS Vulnerability in Neha Goel Recent Posts Slider Plugin CSRF Vulnerability in Drew Phillips Securimage-WP Plugin CSRF Vulnerability in AREOI All Bootstrap Blocks Plugin <= 1.3.6 Stored XSS Vulnerability in MagePeople Team Booking and Rental Manager for Bike Plugin Cross-Site Scripting (XSS) Vulnerability in Onest CRM 1.0 Denial of Service Vulnerability in JetBrains YouTrack Helpdesk Forms Stored XSS Vulnerability in JetBrains YouTrack Markdown-Rendering Engine Buffer Overflow Vulnerability in Yifan YF325 v1.0_20221108's httpd next_page Functionality Buffer Overflow Vulnerability in Yifan YF325 v1.0_20221108's httpd next_page Functionality Integer Overflow Vulnerability in GTKWave 3.3.115's LXT2 File Parsing Functionality Cross-Site Scripting (XSS) Vulnerability in Active It Zone Active eCommerce CMS 6.5.0 Uncontrolled Search Path Vulnerability in Intel(R) Battery Life Diagnostic Tool Software Improper Initialization in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software: Adjacent Access Information Disclosure Vulnerability Privilege Escalation Vulnerability in Intel(R) DSA Software SQL Injection Vulnerability in Satos Satos Mobile SQL Injection Vulnerability in Osoft Paint Production Management SQL Injection Vulnerability in Infodrom Software E-Invoice Approval System Insecure Password Storage Vulnerability in Infodrom Software E-Invoice Approval System SQL Injection Vulnerability in BMA Personnel Tracking System Path Traversal Vulnerability in Bullwark: BLW-2016E-960H CSRF Vulnerability in WooCommerce Pre-Orders WordPress Plugin Allows Arbitrary Pre-Order Cancellation SQL Injection Vulnerability in VegaGroup Web Collection SQL Injection Vulnerability in MRV Tech Logging Administration Panel SQL Injection Vulnerability in Coyav Travel Proagent Arbitrary Code Execution Vulnerability in Apple Devices HTML Injection Vulnerability in Mattermost Channel Autocomplete Windows Out-of-Bounds Write Vulnerability in Ivanti AntiVirus Product Unauthenticated Access to Restricted Functionality in Ivanti EPMM CSRF Vulnerability in WooCommerce Pre-Orders WordPress Plugin Allows Unauthorized Actions Title: Ivanti Secure Access Windows Client Vulnerability: Local Privilege Escalation and Security Risks Path Traversal Vulnerability in Ivanti EPMM Allows Arbitrary File Write Title: Authentication Bypass Vulnerability in Ivanti EPMM 11.10 and Older (CVE-2023-35078) Arbitrary File Read Vulnerability in Endpoint Manager (2022 SU3 and earlier): Potential Leakage of Sensitive Information Remote Code Execution via Unsafe Deserialization in Ivanti Endpoint Manager 2022 su3 and earlier versions Remote Code Execution Vulnerability in UniFi Access Points and Switches with SNMP Monitoring Format String Vulnerability in ASUS RT-AX56U V2 & RT-AC86U Title: Format String Vulnerability in ASUS RT-AX56U V2 & RT-AC86U SQL Injection vulnerability in Apache InLong: from 1.4.0 through 1.7.0 CSRF Vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 Privilege Escalation: Unauthorized Title Modification of Deploy Keys in GitLab Stored Cross-Site Scripting (XSS) Vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin CSRF Vulnerability in StoreApps Stock Manager for WooCommerce Plugin Abhay Yadav Breadcrumb Simple Plugin <= 1.3 Authenticated Stored XSS Vulnerability Broken Access Control Vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin Allows Unauthorized Access to Orders Stored Cross-Site Scripting (XSS) Vulnerability in MPEmbed WP Matterport Shortcode Plugin Flothemes Flo Forms Plugin <= 1.0.40 - Authenticated Stored XSS Vulnerability CSRF Vulnerability in myCred Plugin <= 2.5 Versions Unauthenticated Reflected XSS Vulnerability in Internet Marketing Dojo WP Affiliate Links Plugin Unauthenticated Reflected XSS Vulnerability in John Brien WordPress NextGen GalleryView Plugin <= 0.5.5 Vulnerability: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in FTP Access WordPress Plugin Unauthorized Forking and Merge Request Submission in GitLab EE Cyclic Dependency Denial of Service Vulnerability in jjson Denial of Service Vulnerability in Jackson-databind through 2.15.2 Arbitrary File Download Vulnerability in Setelsa Security's ConacWin CB Cross-Site Request Forgery (CSRF) Vulnerability in PiiGAB M-Bus Privilege Escalation Vulnerability in Intel(R) oneAPI DPC++/C++ Compiler Software Information Disclosure Vulnerability in Open Automation Software OAS Platform v18.00.0072 Ichitaro 2023 1.0.1.59372 Out-of-Bounds Write Vulnerability in DocumentViewStyles and DocumentEditStyles Parsers Stack-based Buffer Overflow in Fuji Electric Tellus Lite V-Simulator Integer Overflow Vulnerability in GTKWave 3.3.115: Memory Corruption via Specially Crafted .fst File RazerCentralService Named Pipe Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in Moodle Versions 3.11 to 4.2 Limited SQL Injection Vulnerability in Mnet SSO Access Control Page SSRF Vulnerability in Moodle Versions 4.2 and Earlier Password Reset Vulnerability in Weintek Weincloud v0.13.6 Improper Input Validation Vulnerability in Zyxel ATP and USG Series Firmware Unauthenticated Information Disclosure Vulnerability in Zyxel NAS326 and NAS542 Firmware Command Injection Vulnerability in Zyxel NAS326 and NAS542 Firmware Versions V5.21(AAZF.14)C0 and V5.21(ABAG.11)C0 Stored Cross-Site Scripting (XSS) Vulnerability in Zyxel ATP and USG Series Firmware Privilege Escalation via RazerCentralService Named Pipe in Razer RazerCentral <=7.11.0.558 Privilege Escalation Vulnerability in Zyxel GS1900-24EP Switch Firmware Jenkins LTS Context Menu URL Injection Vulnerability Default SSL/TLS Validation Disabled in Jenkins Checkmarx Plugin 2022.4.3 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Maven Repository Server Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Maven Repository Server Plugin Stored Cross-Site Scripting Vulnerability in Jenkins Sonargraph Integration Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Template Workflows Plugin Arbitrary File Disclosure in Jenkins AWS CodeCommit Trigger Plugin CSRF Vulnerability in Jenkins Digital.ai App Management Publisher Plugin Allows Credential Theft Vulnerability: Missing Permission Check in Jenkins Digital.ai App Management Publisher Plugin Open Redirect Vulnerability in GitHub Repository go-gitea/gitea prior to 1.19.4 Remote Code Execution Vulnerability in XWiki Platform Obfuscated Password Disclosure Vulnerability in XWiki Platform Arbitrary Code Execution via User First Name Field in XWiki Platform Stored Cross-Site Scripting Vulnerability in XWiki Platform Unauthenticated Account Activation Vulnerability in Knowage XSS Vulnerability in XWiki Platform Allows Injection of JavaScript XSS Vulnerability in XWiki Platform's Delete Template XSS Vulnerability in XWiki Platform: Delete Attachment Action XWiki Platform XSS Vulnerability in Restore Template XWiki Platform XSS Vulnerability in Deletespace Template XWiki Platform Resubmit Template XSS Vulnerability XWiki Platform DeleteApplication XSS Vulnerability XWiki Platform XSS Vulnerability in Previewactions Template Vulnerability: Re-processing of Ethereum events in Vega's Ethereum bridge Unauthorized Manipulation of DataEase Dashboards Overly Permissive Trust Policy in AWS CDK EKS Constructs Arbitrary Code Execution Vulnerability in XWiki Platform Unauthorized Access to Data via apiPrefilter Function in Remult Privilege Bypass Vulnerability in DataEase: Unauthorized Access to User Database Unsanitized Attachment Filename Remote Code Execution Vulnerability in PHP-IMAP Unrestricted JNDI Identifier Creation in Hitachi Vantara Pentaho Data Integration & Analytics URL Redirection Vulnerability in Nextcloud Server and Nextcloud Enterprise Server Brute Force Password Reset Vulnerability in NextCloud Server and NextCloud Enterprise Server Nextcloud End-to-end Encryption App Inaccessible Files Vulnerability Arbitrary Code Execution Vulnerability in Livebook Desktop on Windows HP LaserJet Pro Print Products Vulnerable to SSRF Exploitation for Remote Code Execution and Privilege Escalation Vulnerability: Buffer Overflow and Denial of Service in HP LaserJet Pro Print Products Stack-based Buffer Overflow in HP LaserJet Pro Print Products Buffer Overflow Vulnerability in HP LaserJet Pro Print Products during GET Request for Scan Jobs Title: Critical Vulnerability in Serv-U 15.4 Enables Bypass of Multi-Factor Authentication Improper Access Control in HashiCorp Consul and Consul Enterprise 1.16.0 with JWT Auth SolarWinds Access Rights Manager Remote Code Execution Vulnerability SolarWinds Access Rights Manager Privilege Escalation Vulnerability SolarWinds Access Rights Manager Remote Code Execution Vulnerability SolarWinds Access Rights Manager Privilege Escalation Vulnerability SolarWinds Access Rights Manager Remote Code Execution Vulnerability SolarWinds Access Rights Manager Directory Traversal Remote Code Vulnerability SolarWinds Access Rights Manager Remote Code Execution Vulnerability SolarWinds Access Rights Manager: Directory Traversal Remote Code Execution Vulnerability SolarWinds Platform SQL Injection Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Iagona ScrutisWeb Versions 2.1.37 and Prior Unauthenticated Remote Code Execution Vulnerability CVE-2023-35191 OS Command Injection Vulnerability in peplink Surf SOHO HW1 v6.3.5 (QEMU) - api.cgi cmd.mvpn.x509.write Functionality OS Command Injection Vulnerability in peplink Surf SOHO HW1 v6.3.5 (QEMU) Insecure Handling of Sensitive Cookies in GitHub Repository it-novum/openitcockpit prior to 4.6.6 Reflected Cross-site Scripting (XSS) Vulnerability in fossbilling/fossbilling prior to 0.5.4 SQL Injection Vulnerability in a2 License Portal System Out-of-bounds Read Vulnerability in gpac/gpac prior to 2.2.2 Reflected Cross-Site Scripting in WPCode WordPress Plugin before 2.0.13.1 Authorization Bypass Vulnerability in Getnet Argentina para Woocommerce Plugin for WordPress Unauthenticated Remote Code Execution via Reflective XSS in PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT CSV Injection Vulnerability in Avaya CMS Supervisor Web Application Critical SQL Injection Vulnerability in ThinuTech ThinuCMS 1.5 Information Exposure through Discrepancy in Rotem Dynamics Rotem CRM (VDB-233253) Microsoft Printer Driver Information Disclosure Vulnerability PGM Remote Code Execution Vulnerability in Windows HTTP.sys DoS Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability RPC Runtime RCE Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Silent Threat: USB Audio Class System Driver Remote Code Execution Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Windows MSHTML Platform Security Feature Bypass Vulnerability: A Critical Threat to System Security Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.10 Critical Remote Code Execution Vulnerability in Windows DNS Server Outlook Security Feature Bypass Vulnerability Vulnerability in Microsoft VOLSNAP.SYS Allows for Elevation of Privilege OCSP SnapIn Remote Code Execution Vulnerability in Windows RPC Runtime DoS Vulnerability Bridge Network Driver Remote Code Execution Vulnerability in Windows RPC Runtime Information Disclosure Vulnerability WSUS Privilege Escalation Vulnerability RPC Runtime DoS Vulnerability RPC Runtime DoS Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository outline/outline prior to 0.70.1 Telemetry Elevation of Privilege Vulnerability Windows Deployment Services DoS Vulnerability Exploiting the Windows Deployment Services Remote Code Execution Vulnerability Exploiting the Windows OLE Remote Code Execution Vulnerability Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Windows Print Spooler Information Disclosure Vulnerability Exposes Sensitive Data Windows CDP User Components Information Disclosure Vulnerability Windows Transaction Manager Privilege Escalation Vulnerability Windows Authentication DoS Vulnerability Arbitrary File Write and Stored XSS Vulnerability in Chamilo LMS <= v1.11.20 Windows Extended Negotiation Denial of Service Vulnerability Windows LSA Denial of Service Vulnerability: Disrupting Local Security Authority Windows Remote Desktop Protocol Security Vulnerability Exploiting the MediaWiki PandocUpload Extension for Remote Code Execution Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Windows MSHTML Platform Security Feature Bypass Vulnerability: A Critical Threat to System Security Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Peer Name Resolution Protocol Denial of Service Vulnerability Windows CryptoAPI Denial of Service Vulnerability: Disrupting Cryptographic Operations SQL Injection Vulnerability in SourceCodester Shopping Website 1.0 (VDB-233286) CNG Key Isolation Service Privilege Escalation Vulnerability Melody of Misfortune: Microsoft DirectMusic Information Disclosure Vulnerability Windows Image Acquisition Privilege Escalation Vulnerability GeoHack: Exploiting Windows Geolocation Service for Remote Code Execution Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Microsoft Install Service Privilege Escalation Vulnerability ADFS Security Feature Bypass Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Cross-Site Scripting (XSS) Vulnerability in SimplePHPscripts FAQ Script PHP 2.3 Critical Remote Code Execution Vulnerability in Windows Active Directory Certificate Services (AD CS) Critical Remote Code Execution Vulnerability in Windows Active Directory Certificate Services (AD CS) Windows Remote Desktop Security Bypass Vulnerability Telemetry Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in SimplePHPscripts Funeral Script PHP 3.1 Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Clip Service Privilege Escalation Vulnerability in Windows Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows RRAS Remote Code Execution Vulnerability Windows RRAS Remote Code Execution Vulnerability Windows RRAS Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Cross-Site Scripting (XSS) Vulnerability in SimplePHPscripts News Script PHP Pro 2.4 Exploiting the Microsoft Office Remote Code Execution Vulnerability Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Spoofing Vulnerability in Mono Authenticode Validation Exploiting the Paint 3D Remote Code Execution Vulnerability Microsoft Message Queuing DoS Vulnerability Microsoft Message Queuing DoS Vulnerability Windows Projected File System Privilege Escalation Vulnerability RACEng Elevation of Privilege Vulnerability Cross-Site Scripting Vulnerability in SimplePHPscripts Photo Gallery PHP 2.0 Windows Kernel Privilege Escalation Vulnerability Faxploit: Remote Code Execution Vulnerability in Windows Fax Service Windows Kernel Privilege Escalation Vulnerability Microsoft Message Queuing Data Exposure Vulnerability HTML Platform Security Bypass Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Windows Kernel Privilege Escalation Vulnerability Windows Bluetooth A2DP Driver Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 On-Premises Cross-Site Scripting (XSS) Vulnerability in SimplePHPscripts Simple Forum PHP 2.7 Exploiting the .NET and Visual Studio Remote Code Execution Vulnerability ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Azure Apache Hive Spoofing Vulnerability: Exploiting Trust in Data Processing Azure HDInsight Jupyter Notebook Spoofing Vulnerability Cross-Site Scripting (XSS) Vulnerability in SimplePHPscripts NewsLetter Script PHP 2.4 (VDB-233292) Cross-Site Scripting (XSS) Vulnerability in ThinuTech ThinuCMS 1.5 (CVE-2021-233293) Cross-Site Scripting (XSS) Vulnerability in ThinuTech ThinuCMS 1.5 (CVE-2021-233294) Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Availability Booking Calendar PHP 1.8 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Time Slot Booking Calendar PHP 1.8 Remote Code Execution via File Upload in Chamilo LMS <= v1.11.20 CSRF Vulnerability in All in One B2B for WooCommerce WordPress Plugin Brute Force Authentication Vulnerability in IQ Wifi 6 Versions Prior to 2.0.2 XML Namespace Validation Bypass in Mediawiki v1.40.0 Code Injection in TeamPass GitHub Repository Prior to Version 3.0.10 Unsanitized Output Vulnerability in GitHub Repository nilsteampassnet/teampass prior to 3.0.10 Unauthorized Access to Sensitive Information in GitHub Repository nilsteampassnet/teampass prior to 3.0.10 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts GZ Forum Script 1.8 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts PHP Vacation Rental Script 1.8 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Car Listing Script PHP 1.8 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Property Listing Script 1.0 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Event Booking Calendar 1.8 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts PHP GZ Appointment Scheduling Script 1.8 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Ticket Booking Script 1.8 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts PHP GZ Hotel Booking Script 1.8 Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Outlook for Mac Email Spoofing Vulnerability Cross-Site Scripting (XSS) Vulnerability in GZ Scripts PHP CRM Platform 1.8 Critical Denial of Service Vulnerability in Microsoft Dynamics 365 Finance and Operations DNS Cache Poisoning: Windows Vulnerability Exposes Users to Spoofing Attacks Azure Connected Machine Agent Privilege Escalation Vulnerability Azure Machine Learning Compute Instance Information Disclosure Vulnerability Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Critical Remote Code Execution Vulnerability in Microsoft USBHUB 3.0 Device Driver Cross-Site Scripting Vulnerability in GZ Scripts GZ E Learning Platform 1.8 (VDB-233357) ICS Remote Code Execution Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability WinSock Elevation of Privilege Vulnerability in Windows Ancillary Function Driver Windows Kernel Privilege Escalation Vulnerability BlueBleed: Exploiting the Windows Bluetooth Driver for Remote Code Execution Windows Kernel DoS Vulnerability Outlook Data Exposure Vulnerability DHCP Server Service DoS Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Cross-Site Scripting (XSS) Vulnerability in GZ Scripts GZ Multi Hotel Booking System 1.8 ICS Remote Code Execution Vulnerability ICS Denial of Service Vulnerability DHCP Server Service Information Leakage Vulnerability Windows Sysmain Service Elevation of Privilege Vulnerability Race Condition Vulnerability in TBD Stack Buffer Overflow Vulnerability in TBD of TBD Out of Bounds Read Vulnerability in ProtocolEmbmsGlobalCellIdAdapter::Init() Out of Bounds Read Vulnerability in ProtocolMiscLceIndAdapter::GetConfLevel() Exynos Modem Files Out of Bounds Write Vulnerability Cross-site Scripting (XSS) Vulnerability in GitHub Repository nilsteampassnet/teampass prior to 3.0.10 Out of Bounds Read Vulnerability in ProtocolEmergencyCallListIndAdapter::Init Location Information Disclosure Vulnerability Out of Bounds Read Vulnerability in stmvl53l1_module.c Heap Buffer Overflow in CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc Out-of-bounds Read Vulnerability in protocolembmsadapter.cpp Possible Privilege Escalation and Remote Code Execution Vulnerability in gatt_process_prep_write_rsp of gatt_cl.cc Resource Allocation Vulnerability in wallabag 2.5.4 Use After Free Vulnerability in lwis_transaction_client_cleanup of lwis_transaction.c Out-of-Bounds Read Vulnerability in ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp Critical Buffer Overflow Vulnerability Enables Remote Code Execution without User Interaction Possible Out of Bounds Read Vulnerability in Init of protocolnetadapter.cpp Out of Bounds Read Vulnerability in convertSubgraphFromHAL of ShimConverter.cpp Contact Import Vulnerability: Local Privilege Escalation without User Interaction Possible Use After Free Vulnerability in bta_av_rc_msg of bta_av_act.cc Unauthenticated Local Privilege Escalation via Hidden Notification Listeners Confused Deputy Vulnerability in visitUris of Notification.java Allows Unauthorized Image Display and Local Information Disclosure Unsafe Deserialization in checkKeyIntentParceledCorrectly of AccountManagerService.java Allows for Local Privilege Escalation Use-after-free vulnerability in vcs_read in Linux Kernel allows local users to crash the system or leak kernel information Path Traversal Vulnerability in computeValuesFromData of FileUtils.java Allows Unauthorized File Access NFC Card Data Leakage in Locked Screen Mode Integer Overflow Vulnerability in build_read_multi_rsp of gatt_sr.cc Possible Local Escalation of Privilege Vulnerability in WindowState.java Media Resumption Control Vulnerability: Unauthorized Access to Media Files on Shared Device Unsafe PendingIntent in createQuickShareAction of SaveImageInBackgroundTask.java allows for background activity launch and local escalation of privilege without additional execution privileges needed Unauthenticated Device Admin Addition Vulnerability Uninitialized Data Out-of-Bounds Read in MtpPropertyValue of MtpProperty.h Open Redirect Vulnerability in GitHub Repository alextselegidis/easyappointments prior to 1.5.0 Confused Deputy Vulnerability Allows Unauthorized Contact Import and Local Information Disclosure Integer Overflow in eatt_l2cap_reconfig_completed: Remote Code Execution without User Interaction Confused Deputy Vulnerability in PackageManagerHelper.java Allows Arbitrary Component Start SQL Injection Vulnerability in bindSelection of DatabaseUtils.java Allows Unauthorized File Access Integer Overflow Vulnerability in avdt_msg_asmbl of avdt_msg.cc Allows Escalation of Privilege without User Interaction Use-after-free vulnerability in MtpPropertyValue of MtpProperty.h allows for local privilege escalation without user interaction Insecure Default Value Allows Unauthorized ADB Access in DeviceVersionFragment.java Authenticated Remote Denial-of-Service Vulnerability in PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT Arbitrary Code Execution Vulnerability in RGXDestroyHWRTData Critical Out of Bounds Read Vulnerability Allows Remote Denial of Service Improper Input Validation in getLocationCache of GeoLocation.java Allows Mock Location Spoofing during Emergency Calls Use-after-free vulnerability in incfs_kill_sb in fs/incfs/vfs.c allows local attackers to escalate privileges via crafted use of the incfs module. Out of Bounds Read Vulnerability in DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp Trend Micro Mobile Security (Enterprise) 9.8 SP5 Log File Disclosure Vulnerability Unauthenticated Remote Information Disclosure in SICK ICR890-4 Brute-Force Vulnerability in SICK ICR890-4 Allows Remote Credential Guessing Username Enumeration Vulnerability in SICK ICR890-4 FTP Server Cleartext Storage Vulnerability in SICK ICR890-4: Unauthorized Access to Sensitive Information Remote Privilege Escalation Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels CVE-2023-35701 Stack-based buffer overflow vulnerabilities in GTKWave 3.3.115's FST LEB128 varint functionality can lead to arbitrary code execution Stack-based buffer overflow vulnerabilities in GTKWave 3.3.115's FST LEB128 varint functionality can lead to arbitrary code execution Stack-based buffer overflow in GTKWave 3.3.115's fstReaderVarint32WithSkip function allows arbitrary code execution via a specially crafted .fst file. SQL Injection Vulnerability in MOVEit Transfer Web Application (CVE-2021-XXXX) CVE-2023-35709 Remote Privilege Escalation Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels CVE-2023-35710 CVE-2023-35711 CVE-2023-35712 CVE-2023-35713 CVE-2023-35714 CVE-2023-35715 CVE-2023-35716 CVE-2023-35717 CVE-2023-35718 ManageEngine ADSelfService Plus GINA Client Authentication Bypass Vulnerability Unauthenticated Remote Access Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels CVE-2023-35720 CVE-2023-35721 CVE-2023-35722 CVE-2023-35723 CVE-2023-35724 CVE-2023-35725 CVE-2023-35726 CVE-2023-35727 CVE-2023-35728 CVE-2023-35729 Command Injection Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels CVE-2023-35730 CVE-2023-35731 CVE-2023-35732 CVE-2023-35733 CVE-2023-35734 CVE-2023-35735 CVE-2023-35736 CVE-2023-35737 CVE-2023-35738 CVE-2023-35739 GitHub Repository Authorization Bypass in pimcore/customer-data-framework prior to 3.4.1 CVE-2023-35740 CVE-2023-35741 CVE-2023-35742 CVE-2023-35743 CVE-2023-35744 CVE-2023-35745 CVE-2023-35746 CVE-2023-35747 CVE-2023-35748 CVE-2023-35749 Stored Cross-Site Scripting Vulnerability in Quiz And Survey Master WordPress Plugin CVE-2023-35750 CVE-2023-35751 CVE-2023-35752 CVE-2023-35753 CVE-2023-35754 CVE-2023-35755 CVE-2023-35756 CVE-2023-35757 Unsanitized Input in SNMP Endpoint Allows for XSS Attack in WhatsUp Gold Memory Leak Vulnerability in Libtiff's tiffcrop Utility Operating System Command Injection Vulnerability in INEA ME RTU Firmware 3.36b and Prior Cryptographic Vulnerability in Iagona ScrutisWeb Versions 2.1.37 and Prior: Password Decryption Exploit CVE-2023-35764 Insecure Storage of Credentials in PiiGAB M-Bus Unauthenticated Remote Denial of Service (DoS) Vulnerability in Helix Core Uncontrolled Search Path Vulnerability in Intel(R) CIP Software Blind SSRF Vulnerability in Mattermost Allows Unauthorized Requests to Localhost/Intranet Unauthenticated Reflected XSS Vulnerability in Alain Gonzalez Google Map Shortcode Plugin (<= 3.1.2) CSRF Vulnerability in ChubbyNinjaa Template Debugger Plugin CSRF Vulnerability in LWS Tools Plugin <= 2.4.1 Unauthenticated Reflected XSS Vulnerability in WP Backup Manager Plugin <= 1.13.1 Stored Cross-Site Scripting (XSS) Vulnerability in Beplus Sermon'e – Sermons Online Plugin <= 1.0.0 CSRF Vulnerability in Neha Goel Recent Posts Slider Plugin Stored XSS Vulnerability in Seed Webs Seed Fonts Plugin <= 2.3.1 Critical Server-Side Request Forgery Vulnerability in DedeCMS 5.7.109 (VDB-233371) CSRF Vulnerability in Andy Whalen Galleria Plugin <= 1.0.3 CSRF Vulnerability in LWS Cleaner Plugin <= 2.3.0 SQL Injection Vulnerability in ipandlanguageredirect Extension for TYPO3 Cross-Site Scripting (XSS) Vulnerability in ke_search Extension for TYPO3 Double Free or Use After Free Vulnerability in OpenBSD and LibreSSL Multiple Zoho ManageEngine Products 2FA Bypass Vulnerability XXE Vulnerability in Zoho ManageEngine ADManager Plus Allows Unauthorized File Access Out-of-Bounds Write Vulnerability in Linux Kernel's flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets Command Line Credential Exposure in RabbitMQ-C Library Cross-Site Request Forgery Vulnerability in HadSky 7.11.8 Integer Underflow Vulnerability in libjxl Patch Decoding Open Redirect Vulnerability in Vound Intella Connect 2.6.0.3 Stored Cross-site Scripting (XSS) Vulnerability in Vound Intella Connect 2.6.0.3 Cross Site Request Forgery (CSRF) Vulnerability in Cassia Access Controller 2.1.1.2303271039 Unauthenticated Access to Web SSH Terminal in Cassia Access Controller 2.1.1.2303271039 Stored Cross-Site Scripting (XSS) Vulnerability in SINEMA Server V14 (All versions) Improper Input Validation allows Remote Code Execution in Apache Airflow Hive Provider Input Validation Vulnerability in Apache Airflow ODBC and MSSQL Providers Insecure Permissions in Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2: Arbitrary File Creation with Local System Privileges GitHub Repository Squidex/Squidex Prior to 7.4.0 - Improper Handling of Additional Special Element Vulnerability Insecure Permissions in Stormshield Endpoint Security Evolution 2.0.0 - 2.4.2 Directory Traversal Vulnerability in Safe Software FME Server Allows Unauthorized File Access and Modification Buffer Overflow Vulnerability in IQ Engine on Extreme Network AP Devices Extreme Network AP Devices: Critical Buffer Overflow Vulnerability in IQ Engine Unrestricted File Upload Vulnerability in SugarCRM Enterprise Bean Manipulation Vulnerability in SugarCRM REST API WebSocket Origin Validation Bypass in Mattermost Second-Order PHP Object Injection Vulnerability in SugarCRM DocuSign Module SQL Injection Vulnerability in SugarCRM REST API CVE-2023-35812 Remote Code Execution Vulnerability in Multiple Sitecore Products EMFI Attack on ECO3 Enables Unauthorized Access to ROM Download Mode on Espressif ESP32 3.0 Devices Insecure Channel Membership Verification in Mattermost Allows Unauthorized Board Linking Use-after-free vulnerability in saa7134_finidev in Linux kernel Use-after-free vulnerability in dm1105_remove in Linux kernel before 6.3.2 Use-after-free vulnerability in cedrus_remove function in Linux kernel Use-after-free vulnerability in ravb_remove in Linux kernel through 6.3.8 Use-after-free vulnerability in renesas_usb3_remove in Linux kernel Use-after-free vulnerability in rkvdec_remove in Linux kernel Remote Code Execution and Root Privilege Escalation Vulnerability in STW TCG-4 and TCG-4lite Connectivity Modules Cleartext Credential Exposure in YSoft SAFEQ 6 Server Unsecured WiFi Network and Unauthenticated ModBus Interface in SolaX Pocket WiFi 3 SolaX Pocket WiFi 3: Cleartext Network Configuration Disclosure Vulnerability Unauthenticated WiFi AP Allows Default Password Bypass in SolaX Pocket WiFi 3 WireGuard Client 0.5.3 on Windows Vulnerability: LocalNet Attack Resulting in Traffic Blocking Deserialization of Untrusted Data Vulnerability in Solon before 2.3.3 Team Override Scheme ID Bypass Vulnerability in Mattermost Path Traversal Vulnerability in elFinder LocalFileSystem Connector Arbitrary File Access Vulnerability in NocoDB Insecure File Endpoints in Lightdash Before 0.510.3 Local Privilege Escalation in Anaconda 3 and Miniconda 2023.03-1-Linux Transport Layer Length Check Bypass in VirtualSquare picoTCP VirtualSquare picoTCP-NG Vulnerability: Lack of Minimum Segment Size (MSS) Bound Size Calculation Vulnerability in VirtualSquare picoTCP (aka PicoTCP-NG) 2.1 Header Size Check Bypass Vulnerability in VirtualSquare picoTCP Mattermost Boards Link Validation Vulnerability Insufficient Filtering in SUNNET WMPro Portal's File Management Function Allows for Arbitrary Command Execution SQL Injection Vulnerability in SUNNET WMPro Portal's FAQ Function Directory Traversal and Local File Write Vulnerability in Suricata Lua Code Execution Vulnerability in Suricata Authentication Bypass Vulnerability in Zoho ManageEngine ADSelfService Plus through 6113 Remote Code Execution Vulnerability in Counter-Strike through 8684 via Buffer Overflow Exploitable Buffer Overflow in Nintendo Mario Kart Wii Allows Arbitrary Code Execution Persistent Session Key Vulnerability Persistent Access to Public Boards in Mattermost Remote Command Execution Vulnerability in Supermicro Motherboard Email Notifications Buffer Over-read Vulnerability in libcoap 4.3.1 via coap_parse_oscore_conf_mem() Unprivileged Application Exploitation of MADEFORNET HTTP Debugger through 9.12 Unauthenticated Changes to Database Security Settings in KeePassXC Denial of Service (DoS) Vulnerability in Bosch BT Software Products Insecure UI Permissions in Mattermost Allow Unauthorized Board Access Vulnerability: Template Manipulation and Deletion in SAP S/4HANA Journal Entry Template Management Memory Corruption Vulnerability in SAP Web Dispatcher Unauthenticated Access to Technical Data in SAP NetWeaver Process Integration Unauthenticated Access to Technical Data in SAP NetWeaver Process Integration RWB Improper Authentication Checks in SAP NetWeaver Application Server ABAP and ABAP Platform User-Controlled Key Authorization Bypass Vulnerability in WooCommerce Square Stored XSS vulnerability in Vadym K. Extra User Details plugin Stored XSS Vulnerability in Vadym K. Extra User Details Plugin <= 0.5 SQL Injection Vulnerability in WooCommerce Product Vendors Stored Cross-site Scripting (XSS) Vulnerability in Teamwork Cloud (No Magic Release 2021x - 2022x) Allows Arbitrary Code Execution CSRF Vulnerability in WooCommerce Brands Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Team Heateor Super Socializer Plugin Open Redirect Vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster EventPrime Plugin <= 3.0.5: Unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability Insecure Cookie Authentication in CloudPanel 2 before 2.3.1 Sensitive Information Exposure via Parent Navigation and Symlinks in Apache MINA SSHD CVE-2023-35888 CSRF Vulnerability in Teamwork Cloud: Crafted Query Exploitation Improper Encoding Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 XML External Entity Injection (XXE) Vulnerability in IBM Financial Transaction Manager for SWIFT Services 3.2.4 Arbitrary Command Execution in IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 Remote Code Execution via JNDI Injection in IBM Informix JDBC Driver 4.10 and 4.50 IBM Content Navigator 3.0.13 SSRF Vulnerability DLL Hijacking Vulnerability in IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 Insecure Security Configuration in IBM InfoSphere Information Server 11.7 CVE-2023-35899 Card Attachment Deletion Vulnerability in Mattermost Boards Server Version Information Disclosure Vulnerability in IBM Robotic Process Automation for Cloud Pak Client Side Validation Bypass in IBM Robotic Process Automation Cross-Site Scripting (XSS) Vulnerability in IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 Remote Bypass of IP Restrictions in IBM Aspera Faspex 5.0.5 Unauthorized Read Access Vulnerability in Apache Airflow Uncontrolled Resource Consumption Vulnerability in Ninja Forms Contact Form Plugin for WordPress Mattermost Password Reset Tokens Not Invalidated Properly SQL Injection vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress SQL Injection Vulnerability in Creative Solutions Contact Form Generator CSRF Vulnerability in WP Zone Potent Donations for WooCommerce Plugin CSRF Vulnerability in OOPSpam Anti-Spam Plugin <= 1.1.44 User-Controlled Key Authorization Bypass in WooCommerce Woo Subscriptions SQL Injection Vulnerability in WooPayments – Fully Integrated Solution Built and Supported by Woo Authorization Bypass Through User-Controlled Key Vulnerability in WooPayments CSRF Vulnerability in WooCommerce PayPal Payments Plugin Unauthenticated Reflected XSS Vulnerability in WooCommerce Bulk Stock Management Plugin Memory Leak in Mosquitto v5 CONNECT Packet Handling Denial of Service Vulnerability in SIMATIC MV540 and MV550 Series Denial of Service Vulnerability in SIMATIC MV540 and MV550 Series SQL Injection Vulnerability in GLPI Inventory Endpoint Critical Vulnerability in FastAsyncWorldEdit (FAWE) Allows Arbitrary Code Execution and Server Crash Remote Code Execution Vulnerability in Backstage Scaffolder-Backend Plugin Vulnerability: Unauthorized Modification and Deletion of VCards in NextCloud Server User Account Takeover Vulnerability in Nextcloud Server Uncontrolled Code Execution in Tuleap Card Fields Markdown Validation Vulnerability in Mattermost Allows Server Crash Insecure Negative Authorization Decisions in SpiceDB 1.22.0 Shell Escape Vulnerability in Shescape Library Configuration Injection Vulnerability in jcvi Python Library Circular Relationship DoS Vulnerability in OpenFGA v1.1.0 and Earlier Cookie Leakage Vulnerability in yt-dlp Prior to 2023.07.06 Arbitrary File Write Vulnerability in Pandoc Unauthenticated User Privilege Escalation in Metersphere Vulnerability: Unauthorized Access for Restricted Users in Tuleap Vulnerability in GLPI Allows Unauthorized Access to Dashboard Data Unauthenticated Access to Dashboards Data in GLPI Vulnerability: Construction of Credentials with Permanent Validity in Envoy OAuth2 Filter Use-after-free vulnerability in Envoy gRPC access loggers CORS Filter Segfault Vulnerability in Envoy Case-sensitive scheme checks in Envoy prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 can lead to rejection or bypassing of requests with mixed-case schemes. Memory Leak Vulnerability in Envoy's HTTP/2 Codec Gradle Dependency Cache Path Traversal Vulnerability Path Traversal Vulnerability in Gradle Tar Archive Handling Open Redirect Vulnerability in Novu's Sign In with GitHub Functionality Remote Code Execution and Data Manipulation Vulnerability in Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix Communication Products Heap-based Buffer Overflow Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 VCDATA Parsing Functionality Heap-based Buffer Overflow Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 VCDATA Parsing Functionality Heap-based Buffer Overflow Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 VCDATA Parsing Functionality Heap-based Buffer Overflow Vulnerabilities in fstReaderIterBlocks2 VCDATA Parsing Functionality of GTKWave 3.3.115 OS Command Injection Vulnerabilities in GTKWave 3.3.115: Arbitrary Command Execution via Malicious .ghw File Denial of Service Vulnerability in Rockwell Automation 1756-EN4* Ethernet/IP Communication Products OS Command Injection Vulnerabilities in GTKWave 3.3.115's Legacy Decompression Functionality OS Command Injection Vulnerabilities in GTKWave 3.3.115's Decompression Functionality OS Command Injection Vulnerabilities in GTKWave 3.3.115's Decompression Functionality OS Command Injection Vulnerabilities in GTKWave 3.3.115's Decompression Functionality OS Command Injection Vulnerabilities in GTKWave 3.3.115's Decompression Functionality Heap-Based Buffer Overflow Vulnerabilities in Yifan YF325 v1.0_20221108's httpd manage_post Functionality Heap-based Buffer Overflow Vulnerabilities in Yifan YF325 v1.0_20221108's httpd manage_post Functionality Heap-Based Buffer Overflow Vulnerabilities in gwcfg_cgi_set_manage_post_data of Yifan YF325 v1.0_20221108 Heap-Based Buffer Overflow Vulnerabilities in gwcfg_cgi_set_manage_post_data of Yifan YF325 v1.0_20221108 Heap-based Buffer Overflow Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 Chain_Table Parsing Functionality CVE-2023-3597 Heap-based Buffer Overflow Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 Chain_Table Parsing Functionality ArubaOS Web-Based Management Interface Stored XSS Vulnerability ArubaOS Authenticated Remote Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerabilities ArubaOS Command Line Interface Authenticated Command Injection Vulnerabilities ArubaOS Command Line Interface Authenticated Path Traversal Vulnerability Allows Arbitrary File Deletion ArubaOS Command Line Interface Information Disclosure Vulnerability ArubaOS Command Line Interface Information Disclosure Vulnerability ArubaOS Reflected Cross-Site Scripting (XSS) Vulnerability ArubaOS Web-Based Management Interface Buffer Overflow Vulnerability Heap Corruption Vulnerability in ANGLE in Google Chrome Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerabilities Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Vulnerability: Unauthorized Modification of Protected File System Physical Proximity Exploit: Limited Out of Bounds Write Vulnerability Fixed in Apple Devices Arbitrary File Creation Vulnerability in Foxit Reader 12.1.3.15356 Stack-based Buffer Overflow in Sante DICOM Viewer Pro Hard-coded Credentials in PiiGAB M-Bus Authentication Integer Overflow Vulnerability in GTKWave 3.3.115 Allows Arbitrary Code Execution via Crafted .lxt2 File Critical Remote Code Execution Vulnerability in SourceCodester Best Fee Management System 1.0 App Privacy Vulnerability: Cross-App Identification Exploit Hidden Functionality Vulnerability in LOGITEC Wireless LAN Routers: Unauthorized Access and Command Execution Integer Overflow Vulnerability in GTKWave 3.3.115: Memory Corruption via Specially Crafted .fst File Arbitrary Code Execution Vulnerability in macOS and iOS Improper Array Index Validation Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 tdelta Initialization Improper Array Index Validation Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 tdelta Functionality Improper Array Index Validation Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 tdelta Functionality Improper Array Index Validation Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 tdelta Functionality Insider Threat Management Server SOAP Endpoints Missing Authorization Check Vulnerability Use-after-free vulnerability in Firefox and Thunderbird versions prior to 115.0.2 and Firefox ESR versions prior to 115.0.2 Unauthenticated Access to Sensitive Information in MacOS Agent Configuration Endpoint Insider Threat Management Server Vulnerability: Unauthorized Content Smuggling via DNS Lookups XAML Diagnostics Privilege Escalation Vulnerability Windows DPAPI Spoofing Vulnerability Windows Telephony Server Privilege Escalation Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Spoofing Vulnerability in Microsoft Send Customer Voice Survey from Dynamics 365 Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Exposed Secrets: Microsoft Word Information Disclosure Vulnerability Arbitrary User Information Disclosure in Simple Author Box WordPress Plugin Microsoft Defender DoS Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability DHCP Server Service Information Leakage Vulnerability Unprotected PowerShell Information Exposure Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Windows Scripting Engine Memory Corruption Vulnerability: A Critical Security Risk Jupyter Extension Spoofing Vulnerability in Visual Studio Code Power Platform Connector Spoofing Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Gateway Security Bypass Vulnerability in Microsoft On-Prem Data Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Exploiting Windows SmartScreen Security Feature Bypass Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Vulnerability: Missing Allocation Check in SFTP Server Processing Read Requests Microsoft Dynamics 365 Sales Spoofing Vulnerability: Exploiting Trust for Malicious Intent Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Windows DWM Core Library Privilege Escalation Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Excel Security Feature Bypass Vulnerability ASP.NET Core Denial of Service Vulnerability: Exploiting System Resource Exhaustion Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Disclosure of Hidden Login Page URL in Change WP Admin Login WordPress Plugin Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Visual Studio Remote Code Execution Vulnerability OMI Information Disclosure Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Windows Authentication DoS Vulnerability Windows Authentication Privilege Escalation Vulnerability Elevated Privilege Vulnerability in .NET Framework and Visual Studio Critical Remote Code Execution Vulnerability in PHPGurukul Online Shopping Portal 1.0 Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Azure CLI REST Command Information Leakage Vulnerability ReDoS Vulnerability in Django EmailValidator and URLValidator Uninitialized Pointer Vulnerability in MIT Kerberos 5 (krb5) Allows for Remote kadmind Crash Critical Remote Command Injection Vulnerability in TamronOS up to 20230703 (VDB-233475) Critical OS Command Injection Vulnerability in kodbox 1.26 SQL Injection Vulnerability in smanga version 3.1.9 and earlier: Remote Code Execution and Information Disclosure in php/history/add.php Critical Remote Command Injection Vulnerability in Ruijie BCR810W 2.5.10 (VDB-233477) Arbitrary Code Execution via Cross Site Scripting in GatesAir Flexiva FM Transmitter/Exciter v.FAX 150W Remote Privilege Escalation in GatesAir Flexiva FM Transmitter/Exiter Fax 150W Host Header Injection Vulnerability in sisqualWFM 7.1.319.103 - 7.1.319.111 for Android SSRF Vulnerability in NebulaGraph Studio 3.7.0 Allows Remote Information Disclosure Authentication Bypass Vulnerability in D-Link DIR-645 Firmware v1.03 (No Longer Supported) Use-after-free vulnerability in Linux kernel's net/sched: cls_u32 component allows local privilege escalation Authentication Bypass Vulnerability in Unsupported D-Link DIR-885L FW102b01 Allows Remote Privilege Escalation via phpcgi Authentication Bypass Vulnerability in D-Link DIR-895 FW102b07: Privilege Escalation via phpcgi_main in cgibin (Unsupported Products) Authentication Bypass Vulnerability in D-Link DIR-859 FW105b03: Privilege Escalation via phpcgi_main (Unsupported Products) Storage Type XSS Vulnerability in EyouCMS v1.6.3 Backend Management Page Arbitrary Code Execution Vulnerability in Harrison Chase Langchain v.0.0.194 Insecure File Upload Vulnerability in funadmin v3.3.2 and v3.3.3 via Plugins Install Use-after-free vulnerability in nf_tables component of Linux kernel's netfilter Privilege Escalation and Information Disclosure Vulnerability in IceCMS 2.0.1 Incorrect Access Control Vulnerability in PowerJob 4.3.2 and Earlier: Unauthorized Information Disclosure via /container/list Interface Buffer Overflow Vulnerability in JerryScript 3.0: Remote Code Execution via ecma_stringbuilder_append_raw Out-of-Bounds Write Vulnerability in Linux Kernel's sch_qfq Component Arbitrary Code Execution via Cross Site Scripting in Faculty Evaluation System Unprotected WebView Component in Govee Home App Allows for Remote Code Execution and Data Theft Arbitrary Code Execution via Cross Site Scripting in e107 v.2.3.2 SEO Project Hex-Dragon Plain Craft Launcher 2 Alpha 1.3.9 - Directory Traversal Arbitrary Code Execution and Information Disclosure Vulnerability Cross Site Scripting (XSS) Vulnerability in PHPJabbers Appointment Scheduler v3.0's preview.php theme Parameter User Enumeration Vulnerability in PHPJabbers Appointment Scheduler 3.0 Vulnerability in Mattermost WelcomeBot Plugin Allows Unauthorized Guest Account Access to Channels Incorrect Access Control Vulnerability in PHPJabbers Availability Booking Calendar 5.0 Vulnerability Alert: Incorrect Access Control in PHP Jabbers Availability Booking Calendar 5.0 User Account Takeover Vulnerability in PHPJabbers Availability Booking Calendar 5.0 Account Takeover Vulnerability in PHP Jabbers Class Scheduling System 1.0 User Enumeration Vulnerability in PHPJabbers Class Scheduling System v1.0 Unencrypted Password Vulnerability in PHPJabbers Class Scheduling System 1.0 Cross Site Scripting (XSS) Vulnerability in PHPJabbers Class Scheduling System 1.0's preview.php theme Parameter Cross Site Scripting (XSS) Vulnerability in PHPJabbers Cleaning Business Software 1.0 via preview.php Theme Parameter Account Takeover Vulnerability in PHPJabbers Cleaning Business Software 1.0 Mattermost GIF Image File Denial of Service Vulnerability Lack of Password Encryption in PHPJabbers Cleaning Business Software 1.0 User Enumeration Vulnerability in PHPJabbers Cleaning Business Software 1.0 OS Command Injection Vulnerability in Maxprint Maxlink 1200G v3.4.11E Diagnostic Tool Intelbras Switch SG 2404 MR Firmware 1.00.54 Authentication Bypass Vulnerability Stored XSS Vulnerability in Multilaser RE 170 Firmware 2.2.6733 TLS Certificate Validation Vulnerability in Mattermost iOS App Arbitrary Code Execution via XSS in Toll Tax Management System 1.0 Arbitrary Code Execution via XSS in Lost and Found Information System 1.0 SQL Injection Vulnerability in Mava Software Hotel Management System Qubo Smart Plug10A HSP02_01_01_14_SYSTEM-10 A UART Console Information Disclosure Vulnerability Qubo Smart Plug 10A - Denial of Service via Wi-Fi Deauthentication Vulnerability Cross Site Request Forgery Vulnerability in ZZCMS v.2023 and Earlier: Privilege Escalation via adminlist.php's add Function Arbitrary Code Execution via Cross Site Scripting in IP-DOT BuildaGate v.BuildaGate5 Critical SQL Injection Vulnerability in SourceCodester Best POS Management System 1.0 (CVE-2021-233565) Arbitrary Code Execution and Information Disclosure in badaix Snapcast 0.27.0 Buffer Overflow Vulnerability in libtiff's Fax3Encode Function Buffer Overflow Vulnerability in OpenImageIO v.2.4.12.0 and Earlier: Remote Code Execution and Information Disclosure via Crafted File Stack Overflow Vulnerability in CMysten Labs Sui Blockchain v1.2.0 via /spec/openrpc.json Component Remote Code Execution Vulnerability in NETGEAR R6400v2 Remote Code Execution Vulnerability in langchain v.0.0.64 via PALChain Parameter in Python exec Method SQL Injection Vulnerability in langchain v0.0.247: Remote Information Disclosure via SQLDatabaseChain SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 (VDB-233573) Heap Buffer Overflow in Sngrep v1.6.0 via capture_ws_check_packet function Heap Buffer Overflow in Gifsicle v1.9.3 via ambiguity_error in /src/clp.c Buffer Overflow Vulnerability in skalenetwork sgxwallet v.1.9.0: Denial of Service via trustedBlsSignMessage Function Denial of Service Vulnerability in skalenetwork sgxwallet v.1.9.0 and below via trustedGenerateEcdsaKey Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository amauric/tarteaucitron.js prior to v1.13.1 Sensitive Information Disclosure in Jerryscript v3.0.0 via Crafted Script Arrays Critical SQL Injection Vulnerability in IBOS OA 4.5.5 Server-Side Template Injection (SSTI) Vulnerability in MotoCMS Version 3.4.3 Store Category Template Stored Cross-Site Scripting (XSS) Vulnerability in Barebones CMS v2.0.2 Arbitrary Code Execution via File Upload in Total CMS v.1.7.4 Remote Privilege Escalation via SQL Injection in MotoCMS v.3.4.3 Arbitrary Code Execution via Cross Site Scripting in Xoops CMS v.2.5.10 Image Manager SolarWinds Platform Access Control Bypass Vulnerability: Unauthorized Reading of Arbitrary Resources Directory Traversal Vulnerability in Textpattern CMS v4.8.8 Plugin Upload Function Arbitrary Code Execution via Cross Site Scripting (XSS) in mlogclub bbs-go v. 3.5.5 and earlier Arbitrary Code Execution via Cross Site Scripting in mlogclub bbs-go v. 3.5.5 and earlier Unrestricted Upload Vulnerability in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Arbitrary Code Execution via Cross Site Scripting (XSS) in Netbox 3.5.1 Sensitive Information Disclosure in Webkul QloApps v1.6.0 Arbitrary Code Execution via Crafted SVG File Upload in Bagisto v.1.5.0 and Earlier CVE-2023-36237 CVE-2023-36238 Buffer Overflow Vulnerability in libming listswf 0.4.7's parseSWF_DEFINEFONTINFO() Function Critical SQL Injection Vulnerability in Nesote Inout Blockchain FiatExchanger 3.0 Buffer Overflow Vulnerability in FLVMeta v1.2.1 via xml_on_metadata_tag_only function at dump_xml.c Unrestricted Upload Vulnerability in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System CSV Injection Vulnerability in GNOME Time Tracker 3.0.2: Arbitrary Code Execution via Crafted .tsv File Remote Code Execution and Denial of Service Vulnerability in Ateme Flamingo XL and XS Remote Code Execution Vulnerability in Eramba Enterprise and Community Edition v.3.19.1 CSRF Vulnerability in Online Examination System Project 1.0: Unauthorized User Deletion Arbitrary Code Execution Vulnerability in langchain v.0.0.199 via PALChain Craft CMS Audit Plugin XSS Vulnerability Unrestricted File Upload Vulnerability in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Denial of Service (DoS) vulnerability in Feed Me plugin 4.6.1 for Craft CMS SQL Injection Vulnerability in Prestashop Opartlimitquantity 1.4.5 and Earlier Plaintext Password Storage Vulnerability in Keeper Password Manager CVE-2023-36268 CSRF Vulnerability in GitHub Repository salesagility/suitecrm-core prior to 8.3.1 Heap Buffer Overflow in LibreDWG v0.12.5: Exploiting bit_wcs2nlen in bits.c Heap Buffer Overflow in LibreDWG v0.12.5: bit_utf8_to_TU Vulnerability Heap Buffer Overflow in LibreDWG v0.12.5: bit_calc_CRC Function at bits.c Heap Buffer Overflow in LibreDWG v0.12.5: Vulnerability in bit_write_TF function at bits.c Insecure Access Control in Infinispan's REST Bulk Read Endpoints Remote Code Execution Vulnerability in langchain v.0.0.171 via JSON File Loading in load_prompt Unauthenticated Time-Based SQL Injection in Webkul QloApps 1.6.0 via GET Parameters Unauthenticated XSS Vulnerability in Webkul QloApps 1.6.0 Allows Session Cookie Theft and User Impersonation Unauthenticated Cross-Site Scripting (XSS) Vulnerability in Webkul QloApps 1.6.0 Allows Session Cookie Theft and User Impersonation Unauthenticated XSS Vulnerability in Webkul QloApps 1.6.0 Allows Session Cookie Theft and User Impersonation Insecure Access Control in Infinispan's REST Cache Retrieval Endpoints Arbitrary Code Execution via Cross Site Scripting in Maxsite CMS v.108.7 Remote Code Execution Vulnerability in wmanager v.1.0.7 and earlier versions DedeCMS v5.7.109 File Upload Vulnerability: Remote Code Execution (RCE) Arbitrary Code Execution via File Upload in Typecho v.1.2.1 Directory Traversal Vulnerability in Talend Data Catalog's HeaderImageServlet Cross Site Scripting (XSS) Vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 ZPLGFA 1.1.1 Integer Index Out of Range Vulnerability Integer Index Out of Range Vulnerability in disintegration Imaging 1.6.2 Cross Site Scripting (XSS) Vulnerability in PHPJabbers Document Creator v1.0 SQL Injection Vulnerability in Medart Health Services Medart Notification Panel Cross Site Scripting (XSS) Vulnerability in PHPJabbers Document Creator v1.0 SQL Injection Vulnerability in PHPJabbers Document Creator v1.0 PHPJabbers Callback Widget v1.0 - Cross Site Scripting (XSS) Vulnerability in index.php Cross Site Scripting (XSS) Vulnerability in PHPJabbers Document Creator v1.0 Cross Site Scripting (XSS) vulnerability in PHPJabbers Callback Widget v1.0 PHPJabbers Callback Widget v1.0 - Cross Site Scripting (XSS) Vulnerability in index.php Arbitrary Code Execution via Cross Site Scripting (XSS) in Student Study Center Desk Management System 1.0 Arbitrary Code Execution Vulnerability in Openupload Stable v.0.4.3 Hard-coded Cryptographic Key Vulnerability in Kunduz - Homework Helper App: Authentication Abuse and Bypass Buffer Overflow Vulnerability in COVESA v2.18.8 via /shared/dlt_common.c Component RELIC Integer Overflow Vulnerability in bn_grow Function Integer Overflow Vulnerability in RELIC: Arbitrary Code Execution and Denial of Service in bn_get_prime() Integer Overflow Vulnerability in mp_grow in libtom libtommath Bitdefender Engines Out-of-Bounds Write Vulnerability on Windows Access Control Issue in WebBoss.io CMS v3.7.0.1 Allows Unauthorized Access to Website Backup Tool Stack Overflow Vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via http_host Parameter in loginAuth Function Arbitrary Code Execution Vulnerability in Diebold Nixdorf Vynamic View Console v.5.3.1 and Earlier Privilege Escalation via Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 Reflected Cross-Site Scripting (XSS) Vulnerability in POS Codekop v2.0 via nm_member Parameter at print.php Unauthenticated Access to Selling Data in POS Codekop v2.0 Authenticated Remote Code Execution (RCE) Vulnerability in POS Codekop v2.0 via Filename Parameter Denial of Service Vulnerability in GzipSource Class Arbitrary Code Execution Vulnerability in Viatom Health ViHealth for Android Buffer Overflow Vulnerability in TP-Link Router Models TL-WR940N, TL-WR841N, TL-WR740N, TL-WR940N, and TL-WR941ND Buffer Overflow Vulnerability in TP-Link TL-WR940N V4 via ipStart Parameter Buffer Read Out-of-Bounds Vulnerability in TP-Link Routers Denial of Service (DoS) Vulnerability in TP-Link TL-WR940N, TL-WR841N, and TL-WR941ND Routers Buffer Overflow Vulnerability in TP-Link Routers Allows DoS Attacks Buffer Overflow Vulnerability in TP-Link Routers' QoSRuleListRpm Component Privilege Escalation Vulnerability in WP Project Manager Plugin (Versions up to 2.6.4) SQL Injection Vulnerability in Audimexee v14.1.7 via p_table_name Parameter Denial of Service (DoS) Vulnerability in MonetDB Server v11.45.17 and v11.46.0 Denial of Service (DoS) Vulnerability in MonetDB Server v11.45.17 and v11.46.0 Denial of Service (DoS) Vulnerability in MonetDB Server v11.45.17 and v11.46.0 SQL Injection Vulnerability in MonetDB Server v11.45.17 and v11.46.0 Denial of Service (DoS) Vulnerability in MonetDB Server v11.45.17 and v11.46.0 Denial of Service (DoS) Vulnerability in MonetDB Server's BLOBcmp Component CS_BIND_UBAT Component Denial of Service Vulnerability in MonetDB Server v11.45.17 and v11.46.0 Denial of Service (DoS) Vulnerability in MonetDB Server v11.45.17 and v11.46.0 Uncontrolled Resource Consumption Vulnerability in openstack-neutron Denial of Service (DoS) Vulnerability in MonetDB Server v11.45.17 and v11.46.0 Denial of Service (DoS) Vulnerability in MonetDB Server v11.45.17 and v11.46.0 Arbitrary Code Execution via Cross Site Scripting in Hostel Management System v2.1 XSS Vulnerability in Hostel Management System v.2.1: Arbitrary Code Execution via Add Course Section Buffer Overflow Vulnerability in mtrojnar osslsigncode v.2.3 and Earlier: Arbitrary Code Execution via Crafted Files Login Response Tampering Vulnerability in GeoVision GV-ADR2701 Cameras Hard-coded ID in SSH `authorized_keys` Configuration File Vulnerability Deserialization of Untrusted Data Vulnerability in Gesundheit Bewegt GmbH Zippy Stored Cross-Site Scripting (XSS) Vulnerability in Jeffrey-WP Media Library Categories Plugin <= 2.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce Plugin <= 3.9.5 CodePeople Booking Calendar Contact Form Plugin XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in WPXPO PostX Plugin <= 2.9.9 Title: Reflected Cross-Site Scripting (XSS) Vulnerability in RUGGEDCOM ROX Series Improper Default REST API Permission in Apache Superset 2.1.0 Allows Authenticated Gamma Users to Test Database Connections SSRF Vulnerability in Apache Superset 2.1.0 Reflected Cross-Site Scripting (XSS) Vulnerability in RUGGEDCOM ROX Series Title: Reflected Cross-Site Scripting (XSS) Vulnerability in RUGGEDCOM ROX Series Local Security Authority Subsystem Service Privilege Escalation Vulnerability DHCP Server Service DoS Vulnerability Windows UI Application Core Remote Code Execution Vulnerability Windows Search Service Privilege Escalation Vulnerability Windows Deployment Services DoS Vulnerability Zip Slip: Remote Code Execution Vulnerability in Windows Compressed Folders PGM Remote Code Execution Vulnerability in Windows Windows NTFS File System Information Disclosure Vulnerability Windows Storage Privilege Escalation Vulnerability Linux Kernel Vulnerability: Unauthorized Memory Access via CPU Entry Area Mapping Windows HMAC Key Derivation Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Microsoft Remote Registry Service Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Information Leakage Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Hyper-V Data Exposure Vulnerability Hyper-V Privilege Escalation Vulnerability in Windows Hyper-V Privilege Escalation Vulnerability in Windows Unveiling Sensitive Information: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in khodakhah NodCMS 3.4.1 Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Office Security Feature Bypass Vulnerability: A Potential Breach in Microsoft Office Azure Identity SDK Remote Code Execution Vulnerability Azure Identity SDK Remote Code Execution Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Exploiting the Microsoft SQL OLE DB Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Vacation Rental Website 1.8 Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server Windows Defender Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Microsoft Remote Registry Service Windows Common Log File System Driver Privilege Escalation Vulnerability DFS Remote Code Execution Vulnerability in Windows Hyper-V Privilege Escalation Vulnerability in Windows Microsoft LSASS Information Disclosure Vulnerability Unveiling Sensitive Data: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Critical File Inclusion Vulnerability in Boss Mini 1.4.0 Build 6221 (VDB-233889) Microsoft Message Queuing DoS Vulnerability Unveiling Sensitive Data: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Windows IIS Server Privilege Escalation Vulnerability QUIC DoS Vulnerability in Microsoft: Disrupting Network Communication Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Critical Remote Code Execution Vulnerability in Azure DevOps Server Windows TCP/IP Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-233890) Stored Cross-Site Scripting Vulnerability in Contact Form Builder by Bit Form WordPress Plugin Unverified Source IP Address Spoofing in authentik Identity Provider Command Injection Vulnerability in 1Panel v1.3.5 and earlier Command Injection Vulnerability in 1Panel v1.3.5 and earlier Arbitrary HTML Injection in Mastodon oEmbed Preview Cards Kernel Panic Vulnerability in Arista EOS with Mirroring to Multiple Destinations Arbitrary File Creation and Remote Code Execution Vulnerability in Mastodon Mastodon Server Denial of Service Vulnerability Crafted Verified Profile Link Vulnerability in Mastodon Server Cross-Site Scripting (XSS) Vulnerability in Meldekarten Generator Infinite Loop Vulnerability in pypdf Library Unrestricted Access to Templates in Decidim Administration Panel Title Bypass Vulnerability in Discourse Topic Editing Remote Code Execution Vulnerability in AWS data.all XWiki Platform Vulnerability: Remote Code Execution via Document History Arbitrary Script Execution and Remote Code Execution in XWiki Platform Stored Cross-Site Scripting Vulnerability in IURNY by INDIGITALL WordPress Plugin Remote Code Execution in XWiki Platform via Icon Set Injection Vulnerability: Remote Code Execution via HTML Sanitizer in XWiki User Reset Password Token Exposure in Strapi CMS CSP Nonce Reuse Vulnerability in Discourse Allows XSS Attacks to Bypass Protection Subdomain Takeover Vulnerability in Interactsh Server Remote Code Execution through MongoDB BSON Parser in Parse Server Vulnerability: Plaintext LUKS Key File in /boot for NixOS Installation with calamares-nixos-extensions Vulnerability: Unrestricted Editing and Potential XSS in XWiki Platform Integer Overflow in MetaDataBuilder.checkSize in Eclipse Jetty Command Injection Vulnerability in Eclipse Jetty's CgiServlet Kafka Dissector Denial of Service Vulnerability Deserialization Remote Code Execution in Aerospike Java Client Infinite Loop Vulnerability in Samsung Exynos Mobile and Wearable Processors Buffer Overflow Vulnerability in Samsung NFC Services CVE-2023-36483 Reflected Cross-Site Scripting (XSS) Vulnerability in ILIAS 7.21 and 8.0_beta1 through 8.2 Arbitrary Command Execution in ILIAS Workflow Engine Arbitrary Command Execution via Malicious Filename in ILIAS Workflow Engine Account Takeover Vulnerability in ILIAS Password Reset Function Stored Cross Site Scripting (XSS) Vulnerability in ILIAS 7.21 and 8.0_beta1 through 8.2 Arbitrary OS Command Execution Vulnerability in TP-LINK Products iSCSI Dissector Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.6 Improper Initialization in Intel(R) MAS Software: Local Access Denial of Service Vulnerability SHIRASAGI v1.18.0 and Earlier: Reflected Cross-Site Scripting Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) SDK for OpenCL(TM) Applications Software Undisclosed Sensitive Information Exposure in F5OS-A Audit Logs Arbitrary Code Execution Vulnerability in Apple Operating Systems Delegated Admin Privilege Virtual Attribute Provider Plugin Vulnerability Privilege Escalation Vulnerability in Dover Fueling Solutions MAGLINK LX Web Console Configuration Post-Authentication Command Injection Vulnerability in Tp-Link ER7206 Omada Gigabit VPN Router Multiple Buffer Overflows in Netgear XR300 v1.0.3.78: Exploiting wla_ssid and wlg_ssid Parameters at genie_ap_wifi_change.cgi Stored Cross-Site Scripting Vulnerability in Bubble Menu WordPress Plugin Unauthenticated Reflected XSS Vulnerability in teachPress Plugin <= 9.0.2 Cross-site Scripting Vulnerability in cththemes Balkon Plugin Cross-Site Scripting (XSS) Vulnerability in MaxButtons WordPress Plugin CVE-2023-36505 Sensitive Information Exposure to Unauthorized Actor in BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin SQL Injection vulnerability in Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress SQL Injection Vulnerability in Digital Ant E-Commerce Software (Versions before 11) CSRF Vulnerability in WooCommerce Order Barcodes Plugin CSRF Vulnerability in WooCommerce AutomateWoo Plugin <= 5.7.5 CSRF Vulnerability in WooCommerce Shipping Multiple Addresses Plugin CSRF Vulnerability in Kevon Adonis WP Abstracts Plugin <= 2.6.2 Reflected XSS Vulnerability in Digital Ant E-Commerce Software (before 11) User-Controlled Key Authorization Bypass in MarketingFire Editorial Calendar Denial of Service Vulnerability in SIMATIC MV500 Series Result Synchronization Server CSRF Vulnerability in WePupil Quiz Expert Plugin <= 1.5.0 Unauthorized Access to Sensitive Information in Gopi Ramasamy Email Download Link CSV Injection vulnerability in BestWebSoft Post to CSV by BestWebSoft SQL Injection vulnerability in Favethemes Houzez - Real Estate WordPress Theme Stored Cross-Site Scripting (XSS) Vulnerability in Digital Ant E-Commerce Software (before version 11) Stored Cross-Site Scripting (XSS) Vulnerability in Smartypants SP Project & Document Manager Plugin <= 4.67 Zoom Clients before 5.14.5 Vulnerability: Unauthenticated Remote Denial of Service via Buffer Overflow Unauthenticated Denial of Service Vulnerability in Zoom SDKs Zoom Desktop Client for Windows Path Traversal Vulnerability Information Disclosure Vulnerability in Zoom Clients (pre-5.14.10) Allows Unauthorized Access Untrusted Search Path Vulnerability in Zoom Rooms Installer for Windows Privilege Escalation Vulnerability in Zoom Rooms for Windows Privilege Escalation Vulnerability in Zoom Rooms for Windows Zoom Client Encryption Vulnerability Origin Bypass Vulnerability in cashIT! Devices Untrusted Search Path Vulnerability in Zoom Desktop Client Installer Authentication Bypass Vulnerability in Zoom Desktop Client for Windows Apache NiFi Remote Code Execution Vulnerability Apache Airflow < 2.6.3 Authenticated User Input Hang Vulnerability OS Command Injection Vulnerability in Fortinet FortiWLM OS Command Injection Vulnerability in Fortinet FortiWLM OS Command Injection Vulnerability in Fortinet FortiWLM Critical Database Leak Vulnerability in cashIT! Devices OS Command Injection Vulnerability in Fortinet FortiWLM Fortinet FortiSIEM Information Disclosure Vulnerability OS Command Injection Vulnerability in Fortinet FortiSIEM CVE-2023-36554 Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 FortiMail Webmail Unauthorized Account Access Vulnerability Remote Code Execution in PrintHTML API ASP.NET Core - Security Feature Bypass Vulnerability: Exploiting Weaknesses in Security Measures EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks CashIT! Remote Code Execution Vulnerability ASP.NET Security Feature Bypass Vulnerability: Exploiting Weaknesses in Security Measures Critical Elevation of Privilege Vulnerability in Azure DevOps Server Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) WordPad Information Disclosure Vulnerability Exposes Sensitive Data Windows Search Security Feature Bypass Vulnerability: A Gateway for Unauthorized Access Exploiting Microsoft Office Graphics for Privilege Escalation Microsoft Common Data Model SDK Denial of Service Vulnerability: Exploiting a Flaw in the SDK for Disruptive Attacks Windows Deployment Services Information Leakage Vulnerability Exploiting the Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Unpatched Microsoft Office Elevation of Privilege Vulnerability SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Windows Kernel Information Leakage Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Microsoft Message Queuing DoS Vulnerability SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Microsoft Message Queuing DoS Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Windows Mark of the Web Security Bypass Vulnerability Windows UPnP Host DLL Denial of Service Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Cross-Site Scripting (XSS) Vulnerability in SourceCodester AC Repair and Services System 1.0 Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Windows Graphics Component Privilege Escalation Vulnerability RPC Information Disclosure Vulnerability Exploiting the Microsoft WDAC ODBC Driver for Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in Campcodes Retro Cellphone Online Store 1.0 Windows TCP/IP Denial of Service Vulnerability: Disrupting Network Communication Windows TCP/IP Denial of Service Vulnerability: Disrupting Network Communication PipeFS Privilege Escalation Vulnerability in Windows Microsoft Message Queuing DoS Vulnerability Unauthorized API Commands in TBox RTUs Expose Sensitive Information Insecure Storage of Hashed Passwords in TBox RTUs Root Privilege Escalation via OpenVPN Configuration Scripts Remote SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Insufficient Entropy in TBox RTU Software Token Generation Privilege Escalation Vulnerability in TBox RTUs Directory Traversal and Server Response Redirection Vulnerability in Basecamp com.basecamp.bc3 for Android ReDoS Vulnerability in URI Component before 0.12.2 for Ruby Privilege Escalation Vulnerability in Atos Unify OpenScape Session Border Controller Unauthenticated Execution of Administrative Scripts in Atos Unify OpenScape Session Border Controller V10 R3.01.03 Execution of Binaries Vulnerability in CODESYS Development System Insecure Backup Vulnerability in Boomerang Parental Control App Safe Mode Bypass Vulnerability in Boomerang Parental Control Application Arbitrary OS Command Injection via Timezone Parameter in Loxone Miniserver Go Gen.2 Vulnerability: Hard-coded Secrets and MAC Address Calculation in Loxone Miniserver Go Gen.2 Privilege Escalation via Sudo Configuration in Loxone Miniserver Go Gen.2 through 14.0.3.28 Timezone Manipulation Vulnerability in FlashBlade Purity Privilege Escalation Vulnerability in VASA Allows Root Access on FlashArray Out-of-Bounds Read Vulnerability in ST54-android-packages-apps-Nfc Package Missing Integrity Check in CODESYS Notification Server Allows Remote Content Manipulation Insecure File Upload in CloudPanel before 2.3.1: Privilege Escalation and Authentication Bypass Vulnerability Bypassing Windows Firewall Restrictions via User Interface in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 RecursionError: maximum recursion depth exceeded vulnerability in Python's legacy email.utils.parseaddr function FortiMail Webmail Improper Authorization Vulnerability Command Injection Vulnerability in FortiAP-U Command Line Interpreter Improper Access Control Allows Remote Modification of Interface Settings in Fortinet FortiSwitchManager HTML Injection Vulnerability in FortiMail Calendar Improper Privilege Management Vulnerability in FortiManager and FortiAnalyzer API Externally-Controlled Format String Vulnerability in Fortinet Products Unrestricted Functionality in FileOrganizer WordPress Plugin Allows Server Takeover on Multisite Instances Numeric Truncation Denial of Service Vulnerability in Fortinet FortiProxy and FortiOS Command Injection Vulnerability in FortiTester Management Interface CVE-2023-36643 CVE-2023-36644 CVE-2023-36645 Privilege Escalation via Incorrect User Role Checking in ProLion CryptoSpike 3.0.15P2 REST API Endpoints Vulnerability: Impersonation via Hard-Coded Private Key in ProLion CryptoSpike 3.0.15P2 Unauthenticated Remote Data Access and Denial of Service in ProLion CryptoSpike 3.0.15P2 Authentication Bypass and User Impersonation via Sensitive Information Insertion in ProLion CryptoSpike 3.0.15P2 Logging System Trellix ENS 10.7.0 April 2023 Release and Earlier Code Injection Vulnerability Vulnerability: Command Execution via Forged Update Packages in ProLion CryptoSpike 3.0.15P2 Hidden and Hard-Coded Credentials Vulnerability in ProLion CryptoSpike 3.0.15P2 SQL Injection in Users Searching REST API Endpoint in ProLion CryptoSpike 3.0.15P2 Directory Traversal Vulnerability in ProLion CryptoSpike 3.0.15P2 Allows Unauthorized Access to SSH Private Keys Case-insensitive User Authentication Bypass in ProLion CryptoSpike 3.0.15P2 Arbitrary Code Execution via KeyValuesTable Component in Jaegertracing Jaeger UI Privilege Escalation via Windows Built-in Features in OPSWAT MetaDefender KIOSK 4.6.1.9996 Unquoted Service Path Vulnerability in OPSWAT MetaDefender KIOSK 4.6.1.9996 Denial of Service Vulnerability in OPSWAT MetaDefender KIOSK 4.6.1.9996 Memory Corruption Vulnerability in libnettle's OCB Feature SSRF Vulnerability in Shibboleth XMLTooling Stored XSS Vulnerability in TechTime User Management Components for Atlassian Products SQL Injection Vulnerability in it-novum openITCOCKPIT 4.6.4 Artifex Ghostscript Pipe Device Permission Validation Vulnerability Prototype Pollution vulnerability in protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 Cross-Site Scripting (XSS) Vulnerability in INEX IXP-Manager Directory Traversal Vulnerability in Couchbase Server 7.1.4 and 7.2.0 Remote Control Takeover Vulnerability in Kratos NGC Indoor Unit (IDU) Stored Cross-Site Scripting Vulnerability in Bit Assist WordPress Plugin Critical Command Injection Vulnerability in Kratos NGC-IDU 9.1.0.4 Allows Remote Root Access Insecure Configuration of Clario VPN Client Allows Deanonymization Insecure Configuration of Clario VPN Client Allows Leakage of Local Network Traffic in Plaintext Insecure Configuration in Avira Phantom VPN for macOS Allows Traffic Leakage Bypassing Bad Image List in MediaWiki via Thumb Parameter Vulnerability Cross-Site Scripting (XSS) Vulnerability in MediaWiki BlockLogFormatter SQL Injection Vulnerability in Smartypants SP Project & Document Manager Stored Cross-Site Scripting (XSS) Vulnerability in WP-buy WP Content Copy Protection & No Right Click Plugin <= 3.5.5 CVE-2023-36679 Cross-Site Scripting (XSS) Vulnerability in froxlor/froxlor prior to 2.0.21 Cross-Site Request Forgery (CSRF) Vulnerability in Schema Pro CSRF Vulnerability in CartFlows Pro: Allowing Cross-Site Request Forgery Unauthenticated Reflected XSS Vulnerability in CartFlows Pro Plugin <= 1.11.11 CSRF Vulnerability in Andrea Tarantini Menubar Plugin <= 5.8.2 Stored XSS Vulnerability in Michael Mann Simple Site Verify Plugin <= 1.0.7 Unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability in WPFactory WPFactory Helper Plugin <= 1.5.2 Unlimited Password Guessing Vulnerability in CODESYS Development System CSRF Vulnerability in VibeThemes WPLMS Theme <= 4.900 CSRF Vulnerability in Albert Peschar WebwinkelKeur Plugin <= 3.24 Stored Cross-Site Scripting (XSS) Vulnerability in WP-Cirrus Plugin <= 0.6.11 CSRF Vulnerability in Alain Gonzalez WP RSS Images Plugin <= 1.1 Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Windows Kernel Security Feature Bypass Vulnerability: A Critical Flaw Exploiting Kernel Security Measures Unsafe Directory Permissions in CODESYS Development System and CODESYS Scripting ReFS Elevation of Privilege Vulnerability Melody of Danger: Microsoft DirectMusic Remote Code Execution Vulnerability DHCP Server Service DoS Vulnerability Windows Setup Files Cleanup Remote Code Execution Vulnerability Windows Installer Privilege Escalation Vulnerability Windows Deployment Services Information Leakage Vulnerability Windows Deployment Services DoS Vulnerability Microsoft AllJoyn API Denial of Service Vulnerability: Disrupting Communication and Service Availability Reflected Cross-Site Scripting Vulnerability in MultiParcels Shipping For WooCommerce WordPress Plugin Windows Media Foundation Core Remote Code Execution Vulnerability: A Critical Security Flaw Windows Runtime C++ Template Library Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Common Log File System Driver Information Leakage Vulnerability Windows Virtual Trusted Platform Module Denial of Service Vulnerability Virtual Trusted Platform Module Remote Code Execution Vulnerability in Microsoft SAPI Elevation of Privilege Vulnerability DOM-based Cross-site Scripting (XSS) vulnerability in GitHub repository plaidweb/webmention.js prior to 0.5.5 Windows Mixed Reality Developer Tools DoS Vulnerability Windows Error Reporting Service Privilege Escalation Vulnerability Active Directory Domain Services Information Disclosure Vulnerability: Exposing Sensitive Data Windows Container Manager Service Privilege Escalation Vulnerability Windows Power Management Service Data Exposure Vulnerability Windows Kernel Privilege Escalation Vulnerability IKE Extension Elevation of Privilege Vulnerability in Windows EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks SQL Server Denial of Service Vulnerability: Disrupting Microsoft's Database System PipeFS Elevation of Privilege Vulnerability Critical SQL Injection Vulnerability in GitHub Repository pimcore/pimcore (prior to 10.5.24) Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Linux Broker Remote Code Execution Vulnerability in Microsoft Identity Azure Network Watcher VM Agent Privilege Escalation Vulnerability 3D Viewer RCE Vulnerability Keylime Attestation Verifier Vulnerability: Failure to Flag Faulty TPM Quotes 3D Viewer RCE Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Code Execution Vulnerability in Visual Studio Code Remote Access Windows Kernel Win32k Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Heap-based Buffer Overflow Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 fstWritex len Functionality Heap-based Buffer Overflow Vulnerabilities in GTKWave 3.3.115's fstReaderIterBlocks2 fstWritex len Functionality Title: Weak Cipher Vulnerability in RUGGEDCOM ROX and RX Series Devices (Versions < V2.16.0) Insecure TLS 1.0 Protocol Allows Man-in-the-Middle Attack on RUGGEDCOM ROX Devices CVE-2023-3675 Title: Command Injection Vulnerability in RUGGEDCOM ROX Series (All versions < V2.16.0) Title: Command Injection Vulnerability in RUGGEDCOM ROX Series (All versions < V2.16.0) Title: Command Injection Vulnerability in RUGGEDCOM ROX Series (All versions < V2.16.0) Title: Command Injection Vulnerability in RUGGEDCOM ROX Series (All versions < V2.16.0) Title: Command Injection Vulnerability in RUGGEDCOM ROX and RX Series Devices (CVE-XXXX-XXXX) Title: Command Injection Vulnerability in RUGGEDCOM ROX and RX Series Devices (CVE-XXXX-XXXX) Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Exploiting Visual Studio's Elevation of Privilege Vulnerability Exploiting Visual Studio's Elevation of Privilege Vulnerability Privilege Escalation Vulnerability on Kubernetes Windows Nodes 3D Viewer RCE Vulnerability Exposed Secrets: Microsoft Word Information Disclosure Vulnerability Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Outlook Data Exposure Vulnerability Unauthenticated Elevation of Privilege Vulnerability in Microsoft SharePoint Server Unpatched Microsoft Office Elevation of Privilege Vulnerability Excel Data Leakage Vulnerability Office Security Feature Bypass Vulnerability: A Potential Breach in Microsoft Office Exploiting Microsoft OneNote Spoofing Vulnerability SQL Injection Vulnerability in WooCommerce PDF Invoice Builder Plugin for WordPress (Versions up to 1.2.89) 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution Windows Kernel Win32k Elevation of Privilege Vulnerability Exposed: Microsoft Exchange Server Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Critical Remote Code Execution Vulnerability in Skype for Business Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server Critical Remote Code Execution Vulnerability in Skype for Business Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) .NET Framework Remote Code Execution Vulnerability: A Critical Security Threat Critical Remote Code Execution Vulnerability in Skype for Business SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability: Exploiting Software to Overwhelm and Disable Systems Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 (VDB-234225) Dynamics Finance and Operations XSS Vulnerability DHCP Server Service Information Leakage Vulnerability Proxy Elevation of Privilege Vulnerability in Microsoft Streaming Service Windows Kernel Information Leakage Vulnerability Windows GDI Privilege Escalation Vulnerability Windows MSHTML Platform Security Feature Bypass Vulnerability: A Critical Threat to System Security Contao CMS Untrusted Backend User Code Injection Vulnerability Infinite Loop Vulnerability in PyPDF2 2.10.5 SQL Injection Vulnerability in GLPI Versions 0.80 to 10.0.7 Improper Content-Type Handling and File Upload Vulnerability in Kiwi TCMS Cross-Site Scripting (XSS) Vulnerability in Campcodes Retro Cellphone Online Store 1.0 Quadratic Runtime Denial of Service Vulnerability in PyPDF Vulnerability in Cryptographic Authentication Scheme in BorgBackup Allows Fake Archives and Potential Data Loss OpenTSDB Remote Code Execution Vulnerability SQL Injection Vulnerability in Kanboard Project Management Software (Versions prior to 1.2.31) Unauthenticated Denial of Service Vulnerability in Products.CMFCore Permission Flaw in Sealos Billing System Allows Unauthorized Recharge of Resources Cross-Site Scripting (XSS) Vulnerability in 2FA Web App Exposure of Stripe API Key in Public Code Repository of `tktchurch/website` Denial of Service Vulnerability in Discourse Custom Sidebar Section Creation/Update Arbitrary File Download Vulnerability in Knowage Critical SQL Injection Vulnerability in Nesote Inout Blockchain EasyPayments 1.0 Insecure `aud` Claim Validation in Micronaut Security Remote Code Execution in Uptime Kuma via Malicious Plugin Installation Path Traversal Vulnerability in Uptime Kuma Allows Authenticated Attackers to Delete Files and Cause Data Loss Arbitrary HTML and CSS Injection in Sanitize (Versions 3.0.0 to 6.0.1) Heap Overflow Vulnerability in Redis 7.0.12 Remote Code Execution Vulnerability in Orchid Laravel Package Arbitrary Download of Debug/Artifact Bundles in Sentry Path Traversal Vulnerability in Fides Allows Remote File Access Unsanitized SVG Tag Cross-Site Scripting Vulnerability in Statamic Improper Access-Control-Allow-Credentials Header Handling in Sentry API Cross-Site Scripting (XSS) Vulnerability in LivelyWorks Articart 2.0.1 Arbitrary Code Execution via SQLFluff's library_path Configuration Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on SRX Series Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on MX Series Use After Free Vulnerability in Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202 Incomplete Internal State Distinction Vulnerability in Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series Improper Check for Unusual or Exceptional Conditions Vulnerability in Juniper Networks Junos OS on QFX10000 Series Uninitialized Resource Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Juniper Networks Junos OS SRX Series Flowd Out-of-bounds Read DoS Vulnerability Improper Validation of Specified Quantity in Input Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Open Redirect Vulnerability in LivelyWorks Articart 2.0.1 Reachable Assertion Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on MX Series with PPPoE and tcp-mss Enabled Denial of Service (DoS) Vulnerability in Juniper DHCP Daemon Denial of Service (DoS) Vulnerability in Junos Services Framework (jsf) Module PHP External Variable Modification Vulnerability in J-Web of Juniper Networks Junos OS on EX Series PHP External Variable Modification Vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series Unauthenticated File Upload Vulnerability in Juniper Networks Junos OS on SRX Series Unauthenticated File Upload Vulnerability in Juniper Networks Junos OS on EX Series Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on MX Series Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Cross-Site Scripting (XSS) Vulnerability in Nesote Inout Search Engine AI Edition 1.1 Improper Validation of Specified Index, Position, or Offset in Input Vulnerability in Juniper Networks Junos OS on MX Series Title: Unauthenticated File Upload and Download Vulnerability in Juniper Networks Junos OS on SRX Series Arbitrary DLL Loading Vulnerability in Keysight Geolocation Server v2.4.2 and Prior File Processing Vulnerability in macOS Monterey, Ventura, and Big Sur: Arbitrary Code Execution and App Termination Replay Vulnerability in Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 Insufficient Verification of Data Vulnerability in BIG-IP Edge Client for Windows and macOS Arbitrary Command Injection Vulnerability in PiiGAB M-Bus SoftwarePack 900S Critical SQL Injection Vulnerability in Bylancer QuickAI OpenAI 3.8.1 Intel Unison Software: Network Access Privilege Escalation Vulnerability Arbitrary Code Execution Vulnerability in GTKWave 3.3.115 via Malicious .vzt File Downgrade Vulnerability in Intel-based Mac Computers and Location Privacy Exploit Integer Overflow Vulnerability in GTKWave 3.3.115 Allows Arbitrary Code Execution via Crafted .fst File Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution VS Code GitHub Pull Requests and Issues Extension RCE Vulnerability Windows Information Disclosure Vulnerability in Azure Service Fabric Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Critical SQL Injection Vulnerability in Bylancer QuickVCard 2.1 Azure Active Directory Security Feature Bypass Vulnerability: Exploiting Weaknesses in Authentication and Authorization VP9 Video Extensions Information Leakage Vulnerability .NET Framework Version Spoofing Vulnerability Windows Error Reporting Service Privilege Escalation Vulnerability RacTask Elevation of Privilege Vulnerability Azure Apache Oozie Spoofing Vulnerability: Exploiting Trust in Workflow Management Edge (Chromium-based) Security Feature Bypass Vulnerability Critical SQL Injection Vulnerability in Bylancer QuickJob 6.1 Unveiling Sensitive Information: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Azure Apache Ambari Spoofing Vulnerability: Unauthorized Access and Data Manipulation Risk Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Edge for iOS URL Spoofing Vulnerability SearchRCE: Windows Search Remote Code Execution Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Edge for Android (Chromium-based) Tampering Vulnerability Windows Group Policy Security Feature Bypass Vulnerability: A Critical Flaw Exploiting Group Policy Settings Critical SQL Injection Vulnerability in Bylancer QuickQR 6.3.7 Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Outlook Email Spoofing Vulnerability Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server Outlook RCE Vulnerability: A Critical Security Flaw in Microsoft's Email Client Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Exploiting Visual Studio Tools for Office Runtime Spoofing Vulnerability Windows Tablet UI Application Core Remote Code Execution Vulnerability ASP.NET Elevation of Privilege Vulnerability: Unauthorized Access to Higher Privileges Critical SQL Injection Vulnerability in Bylancer QuickOrder 6.3.7 Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Runtime Remote Code Execution Vulnerability: A Critical Security Flaw Windows System Assessment Tool Privilege Escalation Vulnerability Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Windows WwanSvc Information Disclosure Vulnerability Windows Cryptographic Services Information Leakage Vulnerability Windows Cryptographic Services Information Leakage Vulnerability Windows Hyper-V Data Exposure Vulnerability Microsoft Message Queuing DoS Vulnerability Cross-Site Scripting (XSS) Vulnerability in layui up to v2.8.0-rc.16 Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Microsoft Message Queuing DoS Vulnerability Microsoft Message Queuing Data Exposure Vulnerability Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Integer Overflow Vulnerabilities in GTKWave 3.3.115's FST fstReaderIterBlocks2 Chain_Table Allocation Functionality Integer Overflow Vulnerabilities in GTKWave 3.3.115's FST fstReaderIterBlocks2 Chain_Table Allocation Unrestricted Rate Limit for Password Change in SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting (XSS) Vulnerability in SAP Enable Now Referrer Information Disclosure Vulnerability in SAP Enable Now Unrestricted File Upload Vulnerability in Admidio GitHub Repository Clickjacking Vulnerability in SAP Enable Now Header Tampering Vulnerability in SAP Solution Manager (Diagnostics Agent) 7.20 Arbitrary Operating System Command Injection Vulnerability in SAP IS-OIL Component Local Privilege Escalation Vulnerability in SAP SQLA for PowerDesigner 17 Arbitrary Data Modification Vulnerability in SAP ERP Defense Forces and Public Security Blind HTTP Request Execution Vulnerability in SAP Solution Manager (Diagnostics Agent) 7.20 Undocumented Parameter Read Vulnerability in SAP Host Agent 7.22 Critical SQL Injection Vulnerability in SourceCodester Life Insurance Management System 1.0 (VDB-234244) SQL Injection Vulnerabilities in MOVEit Transfer Web Application Unhandled Exception Vulnerability in MOVEit Transfer SQL Injection Vulnerability in MOVEit Transfer Web Application Arbitrary Code Execution through Cross-Site Scripting (XSS) in PHPGurukul Online Security Guards Hiring System XSS Vulnerability in Hostel Management System v2.1 via Crafted Payload in Search Booking Field Critical SQL Injection Vulnerability in SourceCodester House Rental and Property Listing 1.0 (VDB-234245) XSS Vulnerability in PHPGurukul Online Fire Reporting System v1.2 Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Online Fire Reporting System 1.2 Title: PHPGurukul Online Fire Reporting System 1.2 XSS Vulnerability: Arbitrary Script Execution via Website Title Field Stack Overflow Vulnerability in TOTOLINK X5000R and A7000R Routers via UploadCustomModule Function Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 Stack Overflow Vulnerability in TOTOLINK X5000R and A7000R Routers via http_host Parameter Stack Overflow Vulnerability in TOTOLINK CP300+ V5.2cu.7594_B20200910 Command Injection Vulnerability in TOTOLINK CP300+ V5.2cu.7594_B20200910 and earlier versions Command Injection Vulnerability in TOTOLINK CP300+ V5.2cu.7594_B20200910 and earlier versions Stack Overflow Vulnerability in TOTOLINK CP300+ <=V5.2cu.7594_B20200910 via UploadCustomModule Function Prototype Pollution in Mongoose GitHub Repository Prior to 7.3.4 Critical SQL Injection Vulnerability in Food Ordering System v1.0 Allows Remote Command Execution Remote Command Execution Vulnerability in CMS Made Simple v2.2.17 via File Upload Function Remote Directory Traversal Vulnerability in Printer Service Arbitrary Code Injection through File Upload in CMS Made Simple v2.2.17 Directory Traversal Vulnerability in Printer Service Zero Balance Vulnerability in Ethereum Blockchain v0.1.1+commit.6ff4cd6 Sensitive Data Exposure in LavaLite CMS v 9.0.0 Sensitive Data Exposure in LavaLite CMS v 9.0.0 ASUSTOR Data Master (ADM) Improper Privilege Management Vulnerability Remote Code Execution Vulnerability in TravianZ 8.3.4 and 8.3.3 Config Editor Cryptographically Insecure Random Number Generator in TravianZ Allows Account Takeover TravianZ 8.3.4 and 8.3.3: Installation Script Access Control Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in TravianZ 8.3.4 User-Controlled Key Authorization Bypass in easyappointments prior to 1.5.0 Relative Path Traversal Vulnerability in Aqua Drive 2.4 Vulnerability: Use of Default Credentials in Proscend Advice ICR Series Routers FW version 1.76 CP-Plus DVR Web Interface Allows Unauthorized Time Manipulation Arbitrary File Deletion Vulnerability in emlog 2.1.9 via admin\template.php Improper Input Handling in CP-Plus NVR Web Interface Allows for Remote Information Disclosure Arbitrary Post Title Disclosure Vulnerability in ActivityPub WordPress Plugin XSS Vulnerability in Chamilo 1.11.x up to 1.11.20 Language Management Section Chamilo 1.11.x up to 1.11.20 Course Categories XSS Vulnerability XSS Vulnerability in Chamilo 1.11.x up to 1.11.20 in Careers & Promotions Management Section Chamilo 1.11.x up to 1.11.20 XSS Vulnerability in Extra Fields Management XSS Vulnerability in Chamilo 1.11.x up to 1.11.20 Session Category Management Chamilo 1.11.x up to 1.11.20 Admin Privilege XSS Vulnerability XSS Vulnerability in Chamilo 1.11.x up to 1.11.20 Usergroups Management Section SQL Injection Vulnerability in Code-Projects Gym Management System V1.0 SQL Injection Vulnerability in Code-Projects Online Hospital Management System V1.0 Arbitrary Post Retrieval Vulnerability in ActivityPub WordPress Plugin Cross Site Scripting (XSS) Vulnerability in Code Projects Hospital Information System 1.0 Reflected Cross-Site Scripting Vulnerability in DeoThemes WordPress Themes Unauthenticated API Key Disclosure in Royal Elementor Addons Plugin for WordPress Command Injection Vulnerability in Honeywell PM43 Printer Web Page Modules Session Fixation Vulnerability in Honeywell PM43 Printer Web Page Modules Live555 Version 2023.05.10: Heap-Use-After-Free Vulnerability in SETUP Handling External Parties Accessing Files or Directories Vulnerability in Honeywell PM43 Printer Web Page Modules Stored Cross-Site Scripting (XSS) Vulnerability in Bagecms v3.1.0 Custom Settings Module Stored XSS Vulnerability in SEACMS v12.1 Site Setup Module Stored XSS Vulnerability in SEACMS v12.1 Management Custom Label Module Unauthenticated Privilege Escalation in ProfileGrid WordPress Plugin (up to v5.5.1) Arbitrary Password Change Vulnerability in YznCMS v1.1.0 Stored Cross-Site Scripting (XSS) Vulnerability in eYouCMS v1.6.3 Custom Variables Module Stored XSS Vulnerability in eyoucms v1.6.3 Column Management Module Stored XSS Vulnerability in eyoucms v1.6.3 Basic Information Module Stored XSS Vulnerability in Image Upload Module of eYouCMS v1.6.3 Stored XSS Vulnerability in eyoucms v1.6.3 Basic Website Information Module ChakraCore Branch Master Cbb9b Stack Overflow Vulnerability in Js::ScopeSlots::IsDebuggerScopeSlotArray() Unauthenticated Modification of Data in ProfileGrid WordPress Plugin (CVE-2021-12345) Segmentation Violation Vulnerability in ChakraCore's Js::DiagScopeVariablesWalker::GetChildrenCount() Function Segmentation Violation Vulnerability in ChakraCore's Js::ProfilingHelpers::ProfiledNewScArray() Function ChakraCore Branch Master Cbb9b Segmentation Violation Vulnerability ChakraCore Branch Master Cbb9b Segmentation Violation Vulnerability Command Injection Vulnerability in Tenda AC10 v15.03.06.26 via mac Parameter Command Injection Vulnerability in TOTOLINK LR350 V9.3.5u.6369_B20220309 via hostname Parameter in setOpModeCfg Function Command Injection Vulnerability in TOTOLINK LR350 V9.3.5u.6369_B20220309 via FileName Parameter in UploadFirmwareFile Function Command Injection Vulnerability in TOTOLINK LR350 V9.3.5u.6369_B20220309 via setUssd Function Command Injection Vulnerability in TOTOLINK LR350 V9.3.5u.6369_B20220309 via FileName Parameter in setUploadSetting Function Cross-site Scripting (XSS) Vulnerability in Sourcecodester Online Pizza Ordering System v1.0 Arbitrary File Upload Vulnerability in Projectworlds Online Art Gallery Project 1.0 Cross-Site Scripting (XSS) Vulnerability in KodExplorer 4.51 Light App Creation Description Field SQL Injection vulnerability in Oduyo Online Collection Software (before 1.0.1) allows unauthorized database access Reflected Cross-Site Scripting Vulnerability in Diafan CMS v6.0 via cat_id Parameter Remote Code Execution Vulnerability in Millhouse-Project v1.414 via /add_post_sql.php SQL Injection Vulnerability in Farmakom Remote Administration Console Unauthenticated Remote Code Execution (RCE) Vulnerability in TOTOLINK A3300R V17.0.0cu.557_B20221024 Command Injection Vulnerability in TOTOLINK A3300R V17.0.0cu.557_B20221024 Command Injection Vulnerability in TOTOLINK A3300R V17.0.0cu.557_B20221024 Command Injection Vulnerability in TOTOLINK A3300R V17.0.0cu.557_B20221024 Segmentation Violation Vulnerability in GPAC v2.3-DEV-rev381-g817a848f6-master Arbitrary Code Execution via SQL Injection in PMB Services PMB v.7.4.7 and Earlier AOS-CX Command Injection Vulnerability NULL Pointer Dereference in C-blosc2 before 2.9.3 via zfp_prec_decompress function NULL Pointer Dereference Vulnerability in C-blosc2 before 2.9.3 NULL Pointer Dereference in C-blosc2 before 2.9.3 via zfp_acc_decompress function NULL Pointer Dereference Vulnerability in C-blosc2 before 2.9.3 Stored XSS Vulnerability in Create New Rate Module of Issabel PBX Version 4 Stored XSS Vulnerability in Issabel Issabel-PBX v.4.0.0-6 via Crafted Payload in New Virtual Fax Feature Stored Cross-Site Scripting (XSS) Vulnerability in Issabel issabel-pbx v.4.0.0-6 Address Spoofing Vulnerability in Bitcoin Core v22: Redirecting Bitcoin Transactions Kernel Memory Exposure via DMA: Arbitrary Code Execution Vulnerability in SIMATIC CP Devices Title: Denial of Service Vulnerability in SIMATIC CP 1604/1616/1623/1626/1628 SQL Injection Vulnerability in DCE Alert Settings SQL Injection Vulnerability in DCE Mass Configuration Settings Code Injection Vulnerability in DCE Install Packages Code Injection Vulnerability in DCE Backup Restoration Process CSRF Vulnerability in Upload Media By URL WordPress Plugin CWE-611: XML External Entity Reference Vulnerability WebRTC Use-After-Free Vulnerability in Firefox and Thunderbird Use-after-free vulnerability in Cross-Compartment Wrappers in Firefox and Thunderbird Drag and Drop API Vulnerability in Firefox < 115 Allows Arbitrary Code Execution Fullscreen Notification Spoofing Vulnerability in Firefox < 115 URL Spoofing Vulnerability in Firefox < 115: Exploiting RTL Arabic Characters in Address Bar Symlink-based File Upload Vulnerability in Firefox < 115 Allows Data Submission to Malicious Websites URL Scheme Spoofing Vulnerability in Firefox and Thunderbird Lack of Warning for Malicious Diagcab Files in Firefox and Thunderbird Use-after-free vulnerability in NotifyOnHistoryReload in Firefox < 115 Stored Cross-Site Scripting Vulnerability in WP-EMail WordPress Plugin Full-Screen Mode Spoofing Vulnerability in Firefox < 115 Title: Critical Memory Safety Vulnerability in Firefox and Thunderbird Versions < 115 Critical Memory Corruption Vulnerability in Firefox 114 Command Injection in Synel SYnergy Fingerprint Terminals Height Telecom ERO1xS-Pro Dual-Band FW Version BZ_ERO1XP.025 Vulnerability JBL Soundbar Multibeam 5.1 Vulnerability: Use of Hard-coded Credentials Configuration Tool Denial of Service Vulnerability in AnaSystem SensMini M4 Tadiran Telecom Aeonix - Observable Response Discrepancy Vulnerability Tadiran Telecom Aeonix - Path Traversal Vulnerability CSV Injection Vulnerability in Tadiran Telecom Composit Avaya Aura Device Services Web Application Remote Code Execution Vulnerability Unverified Code Download Vulnerability in Synel Terminals Cross-site Scripting (XSS) Vulnerability in 7Twenty BOT Multiple XSS Vulnerabilities in Farsight Tech Nordic AB ProVide version 14.5 Archer Platform XSS Vulnerability Allows Remote Code Execution Archer Platform Log File Information Disclosure Vulnerability Preconfigured Links XSS Vulnerability in Pexip Infinity before Version 32 Insecure Permissions Allow Admin to Bypass Shell Restrictions in Veritas NetBackup Appliance Incomplete Verification of Apps' Permission to Access Wireless Projection API Format String Vulnerability in Distributed File System: Exploiting SELinux Bypass to Crash the Program Insecure Session Key Generation in TLS 1.3 Out-of-Bounds Read Vulnerability in Distributed File System due to Missing Input Length Verification WMS API Input Verification Vulnerability: Device Restart Exploitation Interception and Exploitation of Modem Commands in the atcmdserver Module Privilege Escalation via DLL Hijacking in C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe CVE-2023-37244 Modem Pinctrl Module Buffer Overflow Vulnerability Heap-based Buffer Overflow in Tecnomatix Plant Simulation V2201 and V2302 (ZDI-CAN-21109) Heap-based Buffer Overflow in Tecnomatix Plant Simulation PAR File Parsing (ZDI-CAN-21138) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation Infoblox NIOS through 8.5.1 Vulnerability: Unsanitized Input Allows Shell Access Zephyr CAN Bus Subsystem Buffer Overflow Vulnerability Privilege Escalation Vulnerability in Unity Parsec Loader Cross-Site Scripting (XSS) Vulnerability in GoogleAnalyticsMetrics Extension for MediaWiki Cross-Site Scripting (XSS) Vulnerability in Cargo Extension for MediaWiki HTML Injection Vulnerability in CheckUser Extension Vulnerability: Cargo Extension Allows Storage and Automatic Linking of javascript: URLs Stored Cross-Site Scripting Vulnerability in DataEase Panel and Dataset SQL Injection Vulnerability in DataEase v1.18.9 and Earlier Stored Cross-Site Scripting (XSS) in matrix-react-sdk Export Chat Feature Stored Cross-Site Scripting Vulnerability in OCSInventory Exposure of CryptKey in LogicException Message in league/oauth2-server OpenComputers Minecraft Mod Metadata Server Exposure Vulnerability Unrestricted Access to Metadata Services API Endpoints in CC: Tweaked Mod for Minecraft Field Level Permissions Bypass in Strapi Relationship Titles Vulnerability: Unauthorized Modification of Pipelines via Child TaskRuns CasaOS 0.4.4 Improper IP Address Verification Vulnerability Arbitrary JWT Crafting Vulnerability in CasaOS 0.4.3 and below Umbraco CMS Unauthorized Access Vulnerability Authentication Bypass Vulnerability in Warpgate Stored Cross-Site Scripting (XSS) Vulnerability in Winter CMS prior to v1.2.3 WebRTC Use After Free Vulnerability in Google Chrome SQL Injection Vulnerability in Piwigo Administrator Login Stack Frame Escape Vulnerability in RestrictedPython XSS Vulnerability in JS7 Job Scheduler's User-Generated Documentation Upload Docker-compose.yml File Write Vulnerability in Auto-GPT (Versions Prior to 0.4.3) Path traversal vulnerability in Auto-GPT allows arbitrary code execution Misleading Console Output Vulnerability in Auto-GPT v0.4.2 and earlier HTTP Request Smuggling Vulnerability in aiohttp HTTP Server Cross-Site Request Forgery (CSRF) Vulnerability in XWiki Platform SQL Injection Vulnerability in GLPI Dashboard Administration Denial of Service Vulnerability in Faktory Web Dashboard WebRTC Use After Free Vulnerability in Google Chrome Arbitrary Script Execution Vulnerability in Pimcore Admin Classic Bundle Out-of-Bound Read Vulnerability in Contiki-NG IPv6 Address Decompression Vulnerability Title: Arbitrary Code Execution via Out-of-Bounds Write in GTKWave 3.3.115 Authentication Bypass Vulnerability in PingFederate Identifier First Adapter Archer C20 Firmware Authentication Bypass Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS Hard-coded Machine Key Vulnerability in SmartSoft SmartBPM.NET Hard-coded Authentication Key Vulnerability in SmartBPM.NET Path Traversal Vulnerability in SmartBPM.NET Component Allows Unauthorized Access to System Files Unrestricted File Upload Vulnerability in InfoDoc Document On-line Submission and Approval System Use After Free Vulnerability in Splitscreen on Google Chrome for ChromeOS Unrestricted HTML Tag Vulnerability in InfoDoc Document On-line Submission and Approval System Hard-coded Encryption Key Vulnerability in Galaxy Software Services Vitals ESP OS Command Injection vulnerability in HGiga iSherlock 4.5 and 5.5 (iSherlock-user modules) Stack-based Buffer Overflow in AMI's SPx BMC: Threatening Confidentiality, Integrity, and Availability Heap Memory Corruption Vulnerability in AMI SPx BMC Heap Memory Corruption Vulnerability in AMI SPx BMC BMC Stack Memory Corruption Vulnerability in AMI's SPx Heap Memory Corruption Vulnerability in AMI's SPx BMC Joplin before 2.11.5 Vulnerability: Cross-Site Scripting (XSS) via SVG USE Element XSS Vulnerability in Joplin Image Map AREA Element Use After Free Vulnerability in Tab Groups in Google Chrome Incorrect Access Control for Visibility of Hidden Users in CheckUserLog API Lack of Interaction with AbuseFilter in SubmitEntityAction in Wikibase XSS Vulnerability in Wikibase SiteLinksView.php CheckUser Extension Vulnerability: User Blocking Failure and DBQueryDisconnectedError Cross-Site Scripting (XSS) Vulnerability in DoubleWiki Extension for MediaWiki Exposure of Hidden Users in ProofreadPage Extension for MediaWiki Sensitive Information Disclosure in MISP 2.4.172 Server Sync Improper Sanitization of title_for_layout in MISP before 2.4.172 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine ADAudit Plus before 7100 via Username Field Use After Free Vulnerability in Diagnostics in Google Chrome on ChromeOS CVE-2023-37310 CVE-2023-37311 CVE-2023-37312 CVE-2023-37313 CVE-2023-37314 CVE-2023-37315 CVE-2023-37316 CVE-2023-37317 CVE-2023-37318 CVE-2023-37319 Out of Bounds Memory Access Vulnerability in Mojo in Google Chrome CVE-2023-37320 CVE-2023-37321 CVE-2023-37322 CVE-2023-37323 CVE-2023-37324 CVE-2023-37325 CVE-2023-37326 CVE-2023-37327 CVE-2023-37328 CVE-2023-37329 Omnibox Spoofing Vulnerability in Google Chrome CVE-2023-37330 CVE-2023-37331 CVE-2023-37332 CVE-2023-37333 CVE-2023-37334 CVE-2023-37335 CVE-2023-37336 CVE-2023-37337 CVE-2023-37338 CVE-2023-37339 Spoofing Vulnerability in Picture In Picture Feature of Google Chrome CVE-2023-37340 CVE-2023-37341 CVE-2023-37342 CVE-2023-37343 CVE-2023-37344 CVE-2023-37345 CVE-2023-37346 CVE-2023-37347 CVE-2023-37348 CVE-2023-37349 Obfuscation of Security UI in Google Chrome Web API Permission Prompts CVE-2023-37350 CVE-2023-37351 CVE-2023-37352 CVE-2023-37353 CVE-2023-37354 CVE-2023-37355 CVE-2023-37356 CVE-2023-37357 CVE-2023-37358 CVE-2023-37359 Cross-Origin Data Leakage in Custom Tabs on Android JavaScript Injection and Privilege Escalation in Pacparser before 1.4.2 SQL Injection Vulnerability in REDCap 12.0.26 LTS and 12.3.2 Standard Vulnerability: Unauthorized Access via Registration Abuse CIM-XML Protocol Adapter Entity Resolution Vulnerability Double Free Vulnerability in Hnswlib 0.7.0's init_index Function with Large Integer M Argument Improperly Implemented Security Check in Samsung Exynos Processors and Modems Allows Service Disruption Vulnerability: Abnormal Termination via Malformed NR MM Packet in Samsung Exynos Processors XML Parsing Vulnerability in QXmlStreamReader Leading to Application Crash Media Notification Spoofing Vulnerability in Google Chrome SQL Injection Vulnerability in RUGGEDCOM CROSSBOW (All versions < V5.4) Unauthenticated File Write Vulnerability in RUGGEDCOM CROSSBOW (All versions < V5.4) Stack-based Buffer Overflow in Tecnomatix Plant Simulation STP File Parsing (ZDI-CAN-21054) Stack-based Buffer Overflow in Tecnomatix Plant Simulation V2201 and V2302 (ZDI-CAN-21060) Type Confusion Vulnerability in Tecnomatix Plant Simulation Allows Code Execution (ZDI-CAN-21051) Improper Length Parameter Handling in Samsung Exynos Processors: A Packet Filtering Vulnerability Access Control Vulnerability in Nullsoft Scriptable Install System (NSIS) before 3.09 Apache Airflow Connection Information Disclosure and Denial of Service Vulnerability Obfuscation of Security UI in Autofill in Google Chrome CSRF Vulnerability in Media Library Helper Plugin <= 1.2.0 CSRF Vulnerability in RadiusTheme Classified Listing Plugin <= 2.4.5 Stored XSS Vulnerability in Simple Light Weight Social Share Plugin Arbitrary Code Execution Vulnerability in Chromad in Google Chrome on ChromeOS Deserialization of Untrusted Data vulnerability in Themesflat Addons For Elementor CSRF Vulnerability in WPMobilePack.Com WordPress Mobile Pack Plugin CSRF Vulnerability in Deepak Anand WP Dummy Content Generator Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management Plugin CVE-2023-37396 CVE-2023-37397 Remote Code Execution via Crafted Background URL in Google Chrome Themes CVE-2023-37400 Arbitrary Code Execution Vulnerability in IBM Observability with Instana 1.0.243 through 1.0.254 CVE-2023-37407 OS Command Injection Vulnerability in NEC Platforms DT900 and DT900S Series Privilege Escalation in IBM Personal Communications 14.05, 14.06, and 15.0.0 Improper Input Validation vulnerability in Apache Airflow Apache Hive Provider allows for Semicolon Injection Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115's VCD Parse_ValueChange Portdump Functionality Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115's VCD Parse_ValueChange Portdump Functionality Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115 VCD parse_valuechange Portdump Functionality Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115 VCD Parse_Valuechange Portdump Functionality ADB Policy Bypass Vulnerability in Google Chrome on ChromeOS Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115 VCD Parse_Valuechange Portdump Functionality Stored Cross-Site Scripting (XSS) Vulnerability in EdgeConnect SD-WAN Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability in EdgeConnect SD-WAN Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability in EdgeConnect SD-WAN Orchestrator Arbitrary Command Execution Vulnerability in EdgeConnect SD-WAN Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability in EdgeConnect SD-WAN Orchestrator Shared Static SSH Host Keys in EdgeConnect SD-WAN Orchestrator Instances Arbitrary Command Execution Vulnerability in EdgeConnect SD-WAN Orchestrator Arbitrary Command Execution Vulnerability in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerability in Ap Page Builder (versions < 1.7.8.2) SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Title: Server-Side Request Forgery Vulnerability in SLims v9.6.0 via scrape_image.php Server-Side Request Forgery (SSRF) Vulnerability in EdgeConnect SD-WAN Orchestrator Out-of-Bounds Read Vulnerabilities in GTKWave 3.3.115's VCD Var Definition Section Functionality Out-of-Bounds Read Vulnerabilities in GTKWave 3.3.115's VCD Var Definition Section Functionality Out-of-Bounds Read Vulnerabilities in GTKWave 3.3.115's VCD Var Definition Section Functionality Out-of-Bounds Read Vulnerabilities in GTKWave 3.3.115's VCD Var Definition Section Functionality Out-of-Bounds Read Vulnerabilities in GTKWave 3.3.115's VCD Var Definition Section Functionality Out-of-Bounds Read Vulnerabilities in GTKWave 3.3.115's VCD Var Definition Section Functionality Lock Screen Vulnerability in macOS Sonoma 14 Allows Unauthorized Access to Restricted Content Heap-based Buffer Overflow in ImageMagick's PushCharPixel() Function Arbitrary Code Execution Vulnerability in Apple Devices Out-of-Bounds Read and Crash Vulnerability in USB Subsystem Use-after-free vulnerability in Linux Kernel through 6.4.2 in UDF Filesystem Image Handling Overlay Vulnerability in Firefox for iOS < 115 Session Restore Helper Crash Vulnerability in Firefox for iOS < 115 Buffer Overflow Vulnerability in Asterisk's PJSIP_HEADER Dialplan Function Out-of-Bound Read Vulnerability in Contiki-NG TCP Packet Handling Stored Cross-Site Scripting Vulnerability in ActivityPub WordPress Plugin Arbitrary File Creation and Remote Code Execution in Plexis Archiver (CVE-2021-12345) Relative Path File Overwrite Vulnerability in Metersphere Arbitrary Script Execution and Code Injection in XWiki Platform Unbounded Resource Exhaustion Vulnerabilities in cmark-gfm Vulnerability: Insecure AES GCM Decryption in OpenIDC/cjose Bypassing Promise Handler Sanitization in vm2: Potential Remote Code Execution CSP Nonce Reuse Vulnerability in Discourse Clear text storage of LDAP passwords in database Arbitrary Command Execution Vulnerability in CasaOS Prior to Version 0.4.4 Local Device Time Manipulation Vulnerability in Zero Trust WARP Client Remote Code Execution Vulnerability in Metabase Improper Signature Validation in OpenAM Allows User Impersonation via Specially Crafted SAML Response SQL Injection in Knowage Business Analytics Suite Arbitrary Code Execution Vulnerability in zenstruck/collections Path Traversal Vulnerability in Copyparty 1.8.2 and Earlier Denial of Service Vulnerability in Hamba Avro v2.13.0 Arbitrary Code Execution Vulnerability in OpenRefine 1Panel Firewall OS Command Injection Vulnerability Vulnerability: Malicious Package Replacement in pnpm Open Enclave SDK Vulnerabilities: MXCSR Configuration Dependent Timing (MCDT) and Unaligned Memory Access Side-Channel FRRouting Babeld Unicast Hello Message Parsing Denial of Service Vulnerability Fides Webserver Denial of Service (DoS) Vulnerability Fides Webserver Denial of Service (DoS) Vulnerability Improper Access Control in SAP PowerDesigner 16.7 Allows Arbitrary Database Queries via Proxy SAP PowerDesigner Password Hash Retrieval Vulnerability SAP Commerce (OCC API) Information Disclosure Vulnerability Unintended Data Access Vulnerability in SAP Business One (Service Layer) 10.0 Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Process Integration Unauthenticated Code Snippet Reading Vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) VideoEdge Configuration File Vulnerability SAP Business Objects Installer Remote Code Execution Vulnerability Bypassing ACL in SAP Message Server: Unauthorized Network Access and Data Manipulation Privilege Escalation Vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform CVE-2023-37495 Stored Cross Site Scripting (XSS) Vulnerability in HCL Verse Allows for Remote Code Execution and Data Theft Unica Application Vulnerability: XML External Entity (XXE) Attack Arbitrary Group Assignment Vulnerability Persistent Cross-site Scripting (XSS) Vulnerability in Unica Platform Allows Session Hijacking and Other Attacks Race Condition and Denial of Service Vulnerability in libvirt's virStoragePoolObjListSearch Function Persistent Cross-site Scripting (XSS) Vulnerability in Unica Platform Allows Session Hijacking and Other Attacks Persistent XSS Vulnerability in Unica Campaign Allows Session Hijacking and Other Attacks File Upload Vulnerability in HCL Compass: Exploiting Lack of Security Measures Insecure Password Requirements in HCL Compass: A Gateway for Unauthorized Access Session Invalidation Failure in HCL Compass: Impersonation Risk Critical SQL Injection Vulnerability in Super Store Finder 3.6 Insecure Loading of Web Content Exploited through App Transport Security (ATS) Settings Unblurred App Snapshot in iOS Task Switcher Reveals Sensitive Information Unblurred App Snapshot in iOS Task Switcher Reveals Sensitive Information Arbitrary Code Injection Vulnerability in HCL BigFix ServiceNow Unauthenticated Stored XSS Vulnerability in BigFix Server's Download Status Report Cross-Site Scripting (XSS) Vulnerability in Creativeitem Academy LMS 5.15 Unauthenticated Stored XSS Vulnerability in BigFix Server 9.5.12.68: Potential Data Exfiltration via Gather Status Report Sensitive Information Exposure in HCL BigFix Bare OSD Metal Server WebUI (Version 311.19 or Lower) HCL BigFix Bare OSD Metal Server WebUI Version 311.19 or Lower Cross-Site Scripting Vulnerability Cross-Site Scripting (XSS) Vulnerability in HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower Reflected Cross-Site Scripting (XSS) Vulnerability in HCL BigFix Platform Web Reports Component Cross-Site Scripting (XSS) Vulnerability in HCL BigFix Platform's Web Reports Component CVE-2023-37529 Cross-Site Scripting (XSS) Vulnerability in Creativeitem Mastery LMS 1.2 CVE-2023-37530 CVE-2023-37531 Arbitrary File Read Vulnerability in HCL Commerce Remote Store Server Reflected Cross-Site Scripting (XSS) Vulnerability in HCL Connections Integer Overflow Vulnerability in Xerces-C++ 3.2.3 in BigFix Platform Unquoted Service Path Vulnerability in HCL AppScan Presence Reflected XSS Vulnerability in HCL Digital Experience Cross-Site Scripting (XSS) Vulnerability in Creativeitem Ekushey Project Manager CRM 5.0 Vulnerability: Potential Data Exposure in Sametime Connect Desktop Chat Client Cacti < 1.2.6 IDOR Vulnerability in graph_xport.php Improper Authentication Vulnerability in Apache Pulsar WebSocket Proxy Allows Unauthenticated Access to /pingpong Endpoint Authentication Bypass and Denial-of-Service Vulnerability in Codesys Products Authentication Bypass and Denial-of-Service Vulnerability in Codesys Products CmpApp Denial-of-Service Vulnerability Authentication Bypass and Denial-of-Service Vulnerability in Codesys Products Authentication Bypass and Denial-of-Service Vulnerability in Codesys Products Cross-Site Scripting (XSS) Vulnerability in Creativeitem Atlas Business Directory Listing 2.13 Authentication Bypass and Denial-of-Service Vulnerability in Codesys Products Unrestricted File Download Vulnerability in CODESYS Control Runtime System Authentication Bypass Vulnerability in Codesys CmpAppBP Component Authentication Bypass Vulnerability in Codesys CmpAppBP Component Authentication Bypass Vulnerability in Codesys CmpAppBP Component Denial-of-Service Vulnerability in Codesys CmpAppBP Component Authentication Bypass Vulnerability in Codesys CmpAppBP Component Heap-based Buffer Overflow in Codesys CmpAppBP Component Codesys Multiple Products CmpAppForce Component Denial-of-Service Vulnerability Codesys Multiple Products CmpAppForce Component Denial-of-Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Creativeitem Atlas Business Directory Listing 2.13 Arbitrary Script Injection Vulnerability in WRH-300WH-H and WTC-300HWH Open Redirect Vulnerability in ELECOM Wireless LAN Routers and Repeaters Allows Remote Phishing Attacks CSRF Vulnerability in WTC-C1167GC-B and WTC-C1167GC-W v1.17 and Earlier Vulnerability: Sensitive Information Exposure in ELECOM Wireless LAN Routers ELECOM Wireless LAN Routers OS Command Injection Vulnerability ELECOM Wireless LAN Routers Code Injection Vulnerability Command Injection Vulnerability in ELECOM and LOGITEC Wireless LAN Routers Remote Command Injection Vulnerability in ELECOM and LOGITEC Wireless LAN Routers Arbitrary Command Execution Vulnerability in ELECOM Wireless LAN Routers Command Injection Vulnerability in ESDS Emagic Data Center Management Suit Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Car Rental Script 1.8 Session Cookie Non-Expiry Vulnerability in ESDS Emagic Data Center Management Suit XSS Vulnerability in Softing TH SCOPE 3.70 Softing OPC Suite 5.25 and Earlier: Incorrect Access Control in OSF_discovery Service Use-after-free vulnerabilities in GTKWave 3.3.115's VCD get_vartoken realloc functionality allow arbitrary code execution Use-after-free vulnerabilities in GTKWave 3.3.115's VCD get_vartoken realloc functionality allow for arbitrary code execution Use-after-free vulnerabilities in GTKWave 3.3.115's VCD get_vartoken realloc functionality allow arbitrary code execution via a specially crafted .vcd file. Use-after-free vulnerabilities in GTKWave 3.3.115's VCD get_vartoken realloc functionality leading to arbitrary code execution Use-after-free vulnerabilities in GTKWave 3.3.115's VCD get_vartoken realloc functionality leading to arbitrary code execution Use-after-free vulnerabilities in GTKWave 3.3.115's VCD get_vartoken realloc functionality leading to arbitrary code execution Apache Pulsar Function Worker Incorrect Authorization Vulnerability CVE-2023-3758 Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 XSS Vulnerability in Classic Web Client Cross-Site Scripting (XSS) Vulnerability in Apache Roller Remote Command Execution Vulnerability in RocketMQ NameServer Component Critical Remote Code Execution Vulnerability in Intergard SGS 8.7.0 CSRF Vulnerability in Issabel-PBX v.4.0.0-6 Allows Remote Denial of Service CSRF Vulnerability in Issabel-PBX v.4.0.0-6 Allows Remote Denial of Service via User Grouplist Deletion CSRF Vulnerability in Issabel-PBX v.4.0.0-6 Allows Remote Denial of Service via Delete New Virtual Fax Function Remote Information Disclosure Vulnerability in Issabel-PBX v.4.0.0-6 Denial of Service Vulnerability in Intergard SGS 8.7.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Office Suite Premium Version v10.9.1.42602 Local File Inclusion (LFI) Vulnerability in Office Suite Premium v10.9.1.42602 via /etc/hosts Component Arbitrary Code Execution via Crafted PNG File Upload in Alkacon OpenCMS v15.0 Denial of Service Vulnerability in baramundi software GmbH EMM Agent 23.1.50 and Earlier Directory Traversal Vulnerability in Automatic-Systems SOC FL9600 FastLine lego_T04E00 Remote Code Execution Vulnerability in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 Cleartext Transmission of Sensitive Information in Intergard SGS 8.7.0 Arbitrary Code Execution via Crafted SVG File in Neos CMS 8.3.3 Cross-Site Scripting (XSS) Vulnerability in Assembly Software Trialworks v11.4 Cleartext Storage of Sensitive Information in Memory Vulnerability in Intergard SGS 8.7.0 Information Disclosure Vulnerability in Fronius Datalogger Web v.2.0.5-4 Cross-Site Scripting (XSS) Vulnerability in Netdisco v2.063000 and Earlier Open Redirect Vulnerability in Netdisco before v2.063000 Stored XSS Vulnerability in Netbox v3.4.7 Custom Link Templates SQL Injection Vulnerability in Code-projects Online Restaurant Management System 1.0 SQL Injection Vulnerability in Online Piggery Management System 1.0 File Upload Vulnerability in Online Piggery Management System 1.0 Cleartext Transmission of Sensitive Information in Intergard SGS 8.7.0 Persistent XSS Vulnerability in Online Piggery Management System 1.0 Unauthenticated Brute Force Vulnerability in UVDesk Community Skeleton v1.1.1 Stored XSS Vulnerability in UVDesk Community Skeleton v1.1.1 Allows Arbitrary Code Execution via Ticket Creation Cross-Site Request Forgery Vulnerability in WooCommerce PDF Invoice Builder Plugin Memory Allocation Vulnerability in SWFTools 0.9.2: Exploiting png_read_chunk in lib/png.c Information Disclosure Vulnerability in eYouCMS v1.6.3 via /custom_model_path/recruit.filelist.txt Component Directory Traversal Vulnerability in Bitberry File Opener v23.0 SQL Injection Vulnerability in SEMCMS v1.5 via id parameter at /Ant_Suxin.php Improper Access Control in Cockpit CMS v2.5.2 Allows Unauthorized Access to Sensitive Data Absolute Path Traversal Vulnerability in mlflow/mlflow (prior to 2.5.0) Arbitrary Command Execution via CSRF in Cockpit CMS v2.5.2 Admin Portal Remote Command Execution (RCE) Vulnerability in WebsiteGuide v0.2 via Image Upload Cross Site Scripting (XSS) vulnerability in TwoNav v2.0.28-20230624 Stored Cross Site Scripting (XSS) Vulnerability in fast-poster v2.15.0 Remote Command Execution (RCE) vulnerability in xalpha v0.11.4 Remote Code Execution Vulnerability in odoh-rs Rust Crate EasyPHP Webserver 14.1 - OS Command Injection Vulnerability Pligg CMS v2.0.2 (Kliqqi) Remote Code Execution (RCE) Vulnerability in admin_editor.php NextGen Mirth Connect v4.3.0 Remote Command Execution (RCE) Vulnerability MMS Protocol DoS Vulnerability SQL Injection Vulnerability in Judging Management System v1.0 via id parameter at /php-jms/deductScores.php Cross-Site Scripting (XSS) Vulnerability in Admin Profile Page of Online Nurse Hiring System v1.0 Cross-Site Scripting (XSS) Vulnerability in Online Nurse Hiring System v1.0 Admin Portal's Search Report Details Cross-Site Scripting (XSS) Vulnerability in Online Nurse Hiring System v1.0 Admin Portal's Search Report Page Cross-Site Scripting (XSS) Vulnerability in Online Nurse Hiring System v1.0 Admin Portal's Add Nurse Page Cross-Site Scripting (XSS) Vulnerability in Online Nurse Hiring System v1.0 Admin Portal SQL Injection Vulnerability in Maid Hiring Management System v1.0 Admin Page SQL Injection Vulnerability in Maid Hiring Management System v1.0 Booking Request Page MMS Protocol DoS Vulnerability SQL Injection Vulnerability in Maid Hiring Management System v1.0's Search Maid Page Arbitrary File Upload Vulnerability in October CMS v3.4.4: Remote Code Execution Discovery Port Protocol Vulnerability Stack Overflow Vulnerability in Tenda FH1203 V2.0.1.6 via ssid Parameter Stack Overflow Vulnerability in Tenda FH1203 V2.0.1.6 via addWifiMacFilter Function Stack Overflow Vulnerability in Tenda FH1203 V2.0.1.6 via deviceId Parameter in formSetDeviceName Function Stack Overflow Vulnerability in Tenda FH1203 V2.0.1.6 via speed_dir Parameter Stack Overflow Vulnerability in Tenda FH1203 V2.0.1.6 via deviceId Parameter in formSetClientState Function Stack Overflow Vulnerability in Tenda FH1203 V2.0.1.6 via fromAddressNat Function Stack Overflow Vulnerability in Tenda FH1203 V2.0.1.6: Exploiting the fromAddressNat Function Stack Overflow Vulnerability in Tenda FH1203 V2.0.1.6 via fromVirtualSer Function Unauthenticated Open Redirect Vulnerability in T1 WordPress Theme Stack Overflow Vulnerability in Tenda AC1206 and AC10 Routers Stack Overflow Vulnerability in Tenda AC1206 and AC10 Routers Stack Overflow Vulnerability in Tenda AC1206, F1202, and FH1202 Routers Stack Overflow Vulnerability in Tenda F1202 and FH1202 Routers Stack Overflow Vulnerability in Tenda F1202 and FH1202 Routers Stack Overflow Vulnerability in Tenda F1202, FH1202, AC10, AC1206, AC7, AC5, and AC9 Routers Stack Overflow Vulnerability in Tenda F1202, FH1202, AC10, AC1206, AC7, AC5, and AC9 Routers Stack Overflow Vulnerability in Tenda F1202 and FH1202 Routers Stack Overflow Vulnerability in Tenda F1202 and FH1202 Routers Linux Kernel XFRM Subsystem NULL Pointer Dereference Vulnerability Stack Overflow Vulnerability in Tenda F1202 and FH1202 Routers Stack Overflow Vulnerability in Tenda F1202 and FH1202 Routers Stack Overflow Vulnerability in Tenda F1202 and FH1202 Routers Cross-Site Scripting (XSS) Vulnerability in IceWarp v10.2.1 via Color Parameter Linux Kernel XFRM Subsystem Out-of-Bounds Read Vulnerability NULL Pointer Dereference Vulnerability in Yasm v1.3.0.78 Arbitrary Code Execution via File Upload in tduck-platform v4.0 Buffer Overflow Vulnerability in EZ softmagic MP3 Audio Converter 2.7.3.700 Path Traversal Vulnerability in i-doit Pro v25 and below Vulnerability: Denial of Service in Vault Enterprise Namespace Creation Reflected Cross-Site Scripting (XSS) Vulnerability in WebBoss.io CMS v3.7.0.1 and Earlier Teacher Subject Allocation System v1.0 XSS Vulnerability Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in Maid Hiring Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in Maid Hiring Management System v1.0 via /admin/aboutus.php Cross-Site Scripting (XSS) Vulnerability in Maid Hiring Management System v1.0 via /admin/contactus.php Title Parameter Infinite Loop Vulnerability in ngiflib Commit 5e7292 Cross-Namespace Access Control Vulnerability in Vault Enterprise Sentinel Role Governing Policy PowerJob v4.3.3 Remote Command Execution (RCE) Vulnerability via instanceId Parameter Insecure Default Administrator Credentials in i-doit Pro and Open Versions 25 and Below Weak Password Requirements in I-doit Pro and I-doit Open Versions 25 and Below: A Gateway for Brute Force Attacks Buffer Overflow Vulnerability in D-LINK DIR-815 v1.01 via /web/captcha.cgi Unauthenticated Account Registration Vulnerability in Crypto Currency Tracker (CCT) Use-after-free vulnerability in Linux kernel's net/sched: cls_fw component Segmentation Violation Vulnerability in GPAC v2.3-DEV-rev381-g817a848f6-master Segmentation Violation Vulnerability in GPAC v2.3-DEV-rev381-g817a848f6-master Segmentation Violation Vulnerability in GPAC v2.3-DEV-rev381-g817a848f6-master FPE Vulnerability Found in Stress-Test Master Commit e4c878 Use-after-free vulnerability in nf_tables_delrule() allows for local privilege escalation Stack Overflow Vulnerability in Faust Commit ee39a19 SQL Injection Vulnerability in Art Gallery Management System v1.0 via cid Parameter SQL Injection Vulnerability in Online Shopping Portal Project v3.1 via Email Parameter at /shopping/login.php Directory Traversal Vulnerability in EMQX v4.3.8 via Crafted .txt File Upload Cross-Site Scripting (XSS) Vulnerability in ImpressCMS v1.4.5 and Earlier via smile_code Parameter in /editprofile.php Geeklog v2.2.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Admin Configuration Geeklog v2.2.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in /admin/router.php GoProxy v1.1 Denial of Service Vulnerability Unauthenticated API Key Disclosure in Essential Addons For Elementor Plugin Arbitrary File Upload Vulnerability in Jaspersoft Clarity PPM Version 14.3.0.298 via Profile Picture Upload Function Stack Overflow Vulnerability in D-Link DIR-619L v2.04(TW) Router Buffer Overflow Vulnerability in WAYOS FBM-291W 19.09.11V via /upgrade_filter.asp Command Injection Vulnerability in WAYOS FBM-291W 19.09.11V via /upgrade_filter.asp Stored XSS Vulnerability in Vanderbilt REDCap 13.1.35: Arbitrary Code Execution via Project Title Parameter Improper Locking Vulnerability Allows Local Privilege Escalation BrotliInterceptor DoS Vulnerability in OkHttp Client SQL Injection Vulnerability in Sitolog Application Connect v7.8.a and Earlier via /activate_hook.php Component Cross-Site Scripting (XSS) Vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 Cross-Site Scripting (XSS) Vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 Cross-Site Scripting (XSS) Vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 Cross-Site Scripting (XSS) Vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 Cross-Site Scripting (XSS) Vulnerability in Webile 1.0.1 Cross-Site Scripting (XSS) Vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 User Account Enumeration Vulnerability in Elenos ETG150 FM Transmitter v3.12 Unrestricted Brute Force Attack Vulnerability in Elenos ETG150 FM Transmitter v3.12 Privilege Escalation Vulnerability in Elenos ETG150 FM Transmitter v3.12 Denial of Service (DoS) Vulnerability in libjpeg Commit db33a6e Heap Buffer Overflow in libjpeg's LineBitmapRequester::EncodeRegion Arbitrary File Upload Vulnerability in DedeCMS v5.7.109 Cross-Site Scripting Vulnerability in Dooblou WiFi File Explorer 1.13.3 SQL Injection Vulnerability in Novel-Plus v3.6.2 DLL Hijacking Vulnerability in Panda Security VPN for Windows Cross-Site Scripting (XSS) Vulnerability in PaulPrinting CMS 2018 (VDB-235052) Limited Read-Access Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels Limited Read-Access Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels Hardcoded Cryptographic Keys Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels Hardcoded Cryptographic Keys Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels Remote Code Execution in PHOENIX CONTACTs WP 6xxx Series Web Panels Improper Access Controls in Aures Komet Kiosk Mode (VDB-235053) Unauthenticated Remote Access to SNMPv2 Community String in PHOENIX CONTACTs WP 6xxx Series Web Panels Root Privilege Escalation via Specially Crafted HTTP POST in PHOENIX CONTACTs WP 6xxx Series Web Panels Unauthenticated Remote Access and Denial-of-Service Vulnerability in PHOENIX CONTACTs WP 6xxx Series Web Panels Vulnerability: Remote Access Exploit in PHOENIX CONTACTs WP 6xxx Series Web Panels Vulnerability: Remote Access Exploit in PHOENIX CONTACTs WP 6xxx Series Web Panels TOCTOU Race Condition Vulnerability in YetAnotherStarsRating.Com YASR Plugin for WordPress Unauthorized Access to Sensitive Information in Leap13 Premium Addons PRO Cross-Site Scripting (XSS) Vulnerability in Codecanyon Tiva Events Calendar 1.4 (VDB-235054) User-Controlled Key Authorization Bypass in WooCommerce GoCardless Unauthenticated Reflected XSS Vulnerability in WooCommerce Shipping Multiple Addresses Plugin (<= 3.8.5) Stored XSS Vulnerability in Dimitar Ivanov HTTP Headers Plugin <= 1.18.11 Cross-Site Scripting (XSS) Vulnerability in Wing FTP Server (User Web Client) Insecure Default Permissions in Wing FTP Server Admin Web Client: Privilege Escalation Vulnerability Insecure Storage of Sensitive Information in Wing FTP Server: Elicitation Vulnerability Cross-Site Scripting (XSS) Vulnerability in ActiveITzone Active Super Shop CMS 2.5 Privilege Escalation Vulnerability in Wing FTP Server (Admin Web Client) CVE-2023-37885 CVE-2023-37886 CSRF Vulnerability in WPAdmin AWS CDN Plugin Cross-Site Scripting (XSS) Vulnerability in PaulPrinting CMS 2018 Improper Access Control in WPOmnia KB Support Plugin CSRF Vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing Plugin <= 2.0.4 CSRF Vulnerability in PluginPress Shortcode IMDB Plugin Unauthenticated Reflected XSS Vulnerability in Chop-Chop Coming Soon Plugin <= 2.2.4 Unauthenticated Reflected XSS Vulnerability in RadiusTheme Variation Images Gallery for WooCommerce Plugin (<= 2.3.3) Java Object Deserialization Remote Code Execution Vulnerability in Jackrabbit Webapp/Standalone Nuclei Vulnerability: Arbitrary File Read in Go SDK Grav Server Side Template Injection (SSTI) Vulnerability with Bypass FeathersJS Socket Handler Crash Vulnerability Cross-Site Scripting (XSS) Vulnerability in Boom CMS 8.0.7 Arbitrary Image Size Exhaustion Vulnerability in Crossplane Cross-Site Scripting Vulnerability in Indico Confirmation Prompts Vulnerability: Signature Check Bypass in Vyper's ecrecover Precompile Arbitrary Code Execution Vulnerability in vm2 Sandbox User creation vulnerability through invite links in Discourse Cross-Site Scripting Vulnerability in ckeditor-wordcount-plugin Denial of Service (DoS) Vulnerability in Discourse Local Privilege Escalation Vulnerability in Cryptomator MSI Installer Arbitrary HTML Code Injection and Cross-Site Scripting Vulnerability in XWiki Rendering Arbitrary Script Execution and Remote Code Execution Vulnerability in XWiki Platform Critical SQL Injection Vulnerability in IBOS OA 4.5.5 Attachment Move Vulnerability in XWiki Platform Vulnerability: Unauthorized Access to Deleted Documents in XWiki Platform Privilege Escalation and Remote Code Execution in XWiki Footnote Macro Arbitrary File Write Vulnerability in XWiki Platform Arbitrary Script Execution and Remote Code Execution in XWiki Platform Remote Crash Vulnerability in OpenDDS Participant Discovery Password Hash Leakage in KubePi's User Search Endpoint KubePi User Privilege Escalation Vulnerability Bypassing API Token Authentication in Dapr Persistent Active Sessions Vulnerability in Cal.com Unpatched Vulnerability in Beijing Netcon NS-ASG 6.3: Direct Request Manipulation in /admin/test_status.php (VDB-235059) Vulnerability: Removal of e-Tugra Root Certificates from Certifi Arbitrary Write Vulnerabilities in GTKWave 3.3.115's VCD Sorted Bsearch Functionality Arbitrary Write Vulnerabilities in GTKWave 3.3.115's VCD Sorted Bsearch Functionality Arbitrary Write Vulnerabilities in GTKWave 3.3.115's VCD Sorted Bsearch Functionality Apache Submarine SQL Injection Vulnerability Improper Privilege Management Vulnerability in Zyxel ATP, USG, and NWA Series Firmware Buffer Overflow Vulnerability in Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, and VPN Series Firmware Versions 4.32-5.37: Denial-of-Service Exploit via System Log Dump Command Injection Vulnerability in Zyxel NAS326 and NAS542 Firmware WSGI Server Command Injection Vulnerability in Zyxel NAS326 and NAS542 Firmware Critical SQL Injection Vulnerability in Weaver e-cology (VDB-235061) Path Traversal Vulnerability in FortiVoiceEntreprise Version 7.0.0 and Earlier: Unauthorized File Access Unrestricted Resource Allocation Vulnerability in FortiPAM 1.0 Plaintext Password Exposure Vulnerability in Fortinet FortiOS 7.x Sensitive Information Exposure Vulnerability in FortiClient Cross-Site Scripting (XSS) Vulnerability in Bug Finder ChainCity Real Estate Investment Platform 1.0 Apache Superset Metadata Database Write Access Vulnerability Jenkins External Monitor Job Type Plugin XML External Entity (XXE) Vulnerability Jenkins Active Directory Plugin Vulnerability: Unencrypted Connection Allows Credential Theft Jenkins Datadog Plugin 5.4.1 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs Jenkins SAML Single Sign On Plugin 2.1.0 - 2.3.0: Unauthorized Download of Security Realm Session Invalidation Vulnerability in Jenkins OpenShift Login Plugin Jenkins OpenShift Login Plugin Phishing Vulnerability Insecure SSH Host Key Validation in Jenkins Oracle Cloud Infrastructure Compute Plugin Jenkins Orka by MacStadium Plugin 1.33 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs Critical SQL Injection Vulnerability in Bug Finder ChainCity Real Estate Investment Platform 1.0 Jenkins mabl Plugin 0.0.46 and Earlier: Credential Enumeration Vulnerability Insecure Credential Lookup in Jenkins mabl Plugin CSRF Vulnerability in Jenkins mabl Plugin Allows Unauthorized Access to Stored Credentials Jenkins mabl Plugin 0.0.46 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs and Credential Capture Jenkins Rebuilder Plugin CSRF Vulnerability Allows Unauthorized Rebuilding of Previous Builds CSRF Vulnerability in Jenkins Test Results Aggregator Plugin Allows Unauthorized URL Access Unauthenticated Remote Code Execution in Jenkins Test Results Aggregator Plugin CSRF Vulnerability in Jenkins Pipeline restFul API Plugin Allows Unauthorized Token Capture CSRF Vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and Earlier Unauthenticated Remote Code Execution in Jenkins Sumologic Publisher Plugin Unrestricted Upload Vulnerability in Bug Finder Foody Friend 1.0 Arbitrary File Email Sending Vulnerability in Jenkins MathWorks Polyspace Plugin Cross-Site Request Forgery (CSRF) Vulnerability in Jenkins Assembla Auth Plugin 1.14 and Earlier Allows Account Hijacking Jenkins Benchmark Evaluator Plugin 1.0.1 CSRF Vulnerability Allows Directory and File Existence Check Missing Permission Check in Jenkins Benchmark Evaluator Plugin Allows Unauthorized Directory and File Access Jenkins ElasticBox CI Plugin 5.0.1 CSRF Vulnerability: Unauthorized Access to Attacker-Specified URLs and Capture of Jenkins Credentials Jenkins ElasticBox CI Plugin 5.0.1 and earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs and Credentials Capture SQL Injection Vulnerability in Solwin Infotech User Activity Log CSRF Vulnerability in Faboba Falang Multilanguage for WordPress Plugin Unrestricted Upload Vulnerability in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System Stored Cross-Site Scripting (XSS) Vulnerability in Matthew Fries MF Gig Calendar Plugin <= 1.2 Sensitive Information Exposure vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce CSRF Vulnerability in David Pokorny Replace Word Plugin <= 2.1 CSRF Vulnerability in Justin Klein WP Social AutoConnect Plugin Unauthenticated Reflected XSS Vulnerability in RadiusTheme Variation Swatches for WooCommerce Plugin (<= 2.3.7) Unauthenticated Reflected XSS Vulnerability in Radio Forge Muses Player with Skins Plugin <= 2.5 Unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels Plugin <= 2.7.16 Server-Side Request Forgery (SSRF) Vulnerability in Dimitar Ivanov HTTP Headers Unauthenticated Reflected XSS Vulnerability in Saturday Drive Ninja Forms Contact Form Plugin Unrestricted Upload Vulnerability in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 Gravity Master Custom Field For WP Job Manager Plugin <= 1.1 Auth. (admin+) Stored XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in WPKube Authors List Plugin <= 2.0.2 Open Redirect Vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms Stored Cross-Site Scripting (XSS) Vulnerability in Noël Jackson Art Direction Plugin <= 0.2.4 CSRF Vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering Plugin Stored Cross-Site Scripting (XSS) Vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login Plugin <= 1.1.3 Unauthenticated Reflected XSS Vulnerability in Creative Solutions Contact Form Generator Plugin Critical SQL Injection Vulnerability in IBOS OA 4.5.5 CSRF Vulnerability in Mike Perelink Pro Plugin <= 2.1.4 CSRF Vulnerability in Monchito.Net WP Emoji One Plugin CSRF Vulnerability in PressPage Entertainment Inc. Smarty for WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI Plugin <= 1.7 Stored Cross-Site Scripting (XSS) Vulnerability in Artem Abramovich Art Decoration Shortcode Plugin <= 1.5.6 CSRF Vulnerability in Chetan Gole WP-CopyProtect Plugin CSRF Vulnerability in GTmetrix for WordPress Plugin Unauthenticated Reflected XSS Vulnerability in Dharmesh Patel Post List With Featured Image Plugin <= 1.2 CSRF Vulnerability in Saas Disabler Plugin <= 3.0.3 Unrestricted File Upload Vulnerability in EasyAdmin8 2.0.2.2 Stored Cross-Site Scripting (XSS) Vulnerability in WordPress Core and Gutenberg Plugin CVE-2023-38002 Privilege Escalation in IBM Db2 for Linux, UNIX and Windows Critical SQL Injection Vulnerability in IBOS OA 4.5.5 Component Mobile Notification Handler Directory Traversal Vulnerability in IBM SOAR QRadar Plugin App 1.0 through 5.0.3 Unrestricted Upload Vulnerability in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 Log Manipulation Vulnerability in IBM SOAR QRadar Plugin App 1.0 through 5.0.3 Pointer Misalignment Vulnerability in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform Insufficient Pointer Validation in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform Allows Unauthorized Information Access AEPIC Leak: Unauthorized Information Access in SCONE Confidential Computing Platform Hard-coded Telnet Credentials Vulnerability in SpotCam FHD 2 OS Command Injection Vulnerability in SpotCam FHD 2's Hidden Telnet Function Hard-coded uBoot Credentials Vulnerability in SpotCam FHD 2 SpotCam Sense's Hidden Telnet Function OS Command Injection Vulnerability Insufficient Authentication in Saho's Attendance Devices ADM100 and ADM-100FP Arbitrary File Upload Vulnerability in Saho's Attendance Devices ADM100 and ADM-100FP Insufficiently Random Values Vulnerability in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 Missing Authentication Vulnerability in Saho's ADM100 and ADM-100FP Attendance Devices Command Injection Vulnerability in ASUS RT-AC86U Adaptive QoS Web History Function Command Injection Vulnerability in ASUS RT-AC86U AiProtection ASUS RT-AC86U Traffic Analyzer Command Injection Vulnerability Command Injection Vulnerability in UniFi Access Points and Switches Insufficient Authentication Controls in Ivanti MobileIron Sentry Admin Portal Curl Vulnerability: Heap Memory Exhaustion via Endless Headers Unrestricted Upload Vulnerability in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 Reflected XSS Vulnerability in Revive Adserver 5.4.1 and Earlier Versions TOCTOU Race Condition Exploitation: Unauthorized Elevation of Privileges Vulnerability in Ivanti Secure Access Client: Local Authentication Exploit and System Compromise SQL Injection Vulnerability Cross-site Scripting (XSS) Vulnerability in advcomsys.com oneVote Component for Joomla Palo Alto Networks PAN-OS Software: Privilege Escalation and Local File Read Vulnerability Critical Vulnerability in Xiamen Four Letter Video Surveillance Management System (CVE-2023-5073) Local Code Execution Vulnerability in OTRS System Configuration Cross-Site Scripting (XSS) Vulnerability in OTRS Survey Modules Improper Privilege Check in OTRS Ticket Move Action Vulnerability: Unblocked Loading of External Images Allows IP Retrieval Critical Unrestricted Upload Vulnerability in SourceCodester House Rental and Property Listing System 1.0 (VDB-235074) Host Header Injection Vulnerability in OTRS Generic Interface Modules Stored XSS Vulnerability in JetBrains TeamCity with Custom Themes Exposure of password Type Parameters in JetBrains TeamCity UI Stored XSS Vulnerability in JetBrains TeamCity Custom Builds Sensitive Passwords Exposed in JetBrains TeamCity Agent Logs Stored XSS Vulnerability in JetBrains TeamCity (pre-2023.05.1) Build Log Viewer Reflected XSS Vulnerability in JetBrains TeamCity: Exploiting Referer Header during Artifact Downloads Sensitive Passwords Exposed in JetBrains TeamCity Agent Logs Captcha Validation Vulnerability in JetBrains YouTrack Helpdesk Forms License Dialog Suppression Vulnerability in JetBrains IntelliJ IDEA Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 (VDB-235075) Stack-based Buffer Overflow Vulnerability in Multiple Siemens Products (ZDI-CAN-20818) Heap-based Buffer Overflow Vulnerability in JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation Out of Bounds Write Vulnerability in JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation Type Confusion Vulnerability in JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation Type Confusion Vulnerability in JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation Use-After-Free Vulnerability in JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation Heap-based Buffer Overflow Vulnerability in JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation CVE-2023-38077 CVE-2023-38078 CVE-2023-38079 Critical SQL Injection Vulnerability in Hospital Management System 1.0 (VDB-235076) CVE-2023-38080 CVE-2023-38081 CVE-2023-38082 CVE-2023-38083 CVE-2023-38084 CVE-2023-38085 CVE-2023-38086 CVE-2023-38087 CVE-2023-38088 CVE-2023-38089 Critical SQL Injection Vulnerability in Hospital Management System 1.0 (VDB-235077) CVE-2023-38090 CVE-2023-38091 CVE-2023-38092 CVE-2023-38093 CVE-2023-38094 CVE-2023-38095 CVE-2023-38096 CVE-2023-38097 CVE-2023-38098 CVE-2023-38099 Critical SQL Injection Vulnerability in Hospital Management System 1.0 (VDB-235078) CVE-2023-38100 CVE-2023-38101 CVE-2023-38102 CVE-2023-38103 CVE-2023-38104 CVE-2023-38105 CVE-2023-38106 CVE-2023-38107 CVE-2023-38108 CVE-2023-38109 Critical SQL Injection Vulnerability in Hospital Management System 1.0 (VDB-235079) CVE-2023-38110 CVE-2023-38111 CVE-2023-38112 CVE-2023-38113 CVE-2023-38114 CVE-2023-38115 CVE-2023-38116 CVE-2023-38117 CVE-2023-38118 CVE-2023-38119 Linux Kernel TUN/TAP Device Driver Out-of-Bounds Memory Access Vulnerability CVE-2023-38120 CVE-2023-38121 CVE-2023-38122 CVE-2023-38123 CVE-2023-38124 CVE-2023-38125 Softing edgeAggregator Backup Zip File Directory Traversal Remote Code Execution Vulnerability Integer Overflow Vulnerability in Ichitaro 2023 1.0.1.59372 HyperLinkFrame Stream Parser Out-of-Bounds Write Vulnerability in Ichitaro 2023 1.0.1.59372 HyperLinkFrame Stream Parser Arbitrary File Download Vulnerability in Jupiter X Core Plugin for WordPress CSRF Vulnerability in CubeCart Prior to 6.5.3 Allows Remote Data Deletion Denial of Service Vulnerability in Intel Unison Software Improper Access Control Vulnerability in LOGITEC CORPORATION's LAN-W451NGR Router Sensitive Information Disclosure Vulnerability in Web Content Processing Privilege Escalation Vulnerability in Intel(R) PM Software Arbitrary Code Execution Vulnerability in iOS, iPadOS, and watchOS Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Windows Kernel Privilege Escalation Vulnerability Unrestricted File Access Vulnerability in Advanced File Manager WordPress Plugin Windows Kernel Information Leakage Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Themes RCE Vulnerability Miracast Remote Code Execution Vulnerability in Windows ICS Remote Code Execution Vulnerability Windows TCP/IP Denial of Service Vulnerability: Disrupting Network Communication Cross-Site Scripting (XSS) Vulnerability in y_project RuoYi up to 4.7.7 Windows Kernel Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Host Integration Server 2020 DHCP Server Service Information Leakage Vulnerability Windows Kernel Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Azure DevOps Server Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability Edge (Chromium-based) Security Feature Bypass Vulnerability Unveiling Sensitive Information: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Windows TCP/IP Information Leakage Vulnerability Windows GDI Privilege Escalation Vulnerability DHCP Server Service DoS Vulnerability Exploiting Windows Defender Attack Surface Reduction Security Feature Bypass Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Unauthenticated Elevation of Privilege Vulnerability in Microsoft Dynamics Business Central Exploiting the Microsoft SQL OLE DB Remote Code Execution Vulnerability Excessive Long DH Key or Parameter Check Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions QUIC DoS Vulnerability in Microsoft: Disrupting Network Communication Microsoft Message Queuing DoS Vulnerability Edge for Android Spoofing Vulnerability Exposes Users to Phishing Attacks Unveiling Sensitive Information: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Windows Defender Privilege Escalation Vulnerability Unauthenticated Elevation of Privilege Vulnerability in Azure Arc-Enabled Servers SharePoint Server Remote Code Execution Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability: Exploiting Software to Overwhelm and Disable Systems .NET and Visual Studio DoS Vulnerability: Exploiting Software Resource Exhaustion Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Windows LDAP Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Windows Mobile Device Management Privilege Escalation Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Azure Apache Hadoop Spoofing Vulnerability: Impersonation Exploit Unauthorized Access to Sensitive Information in GitHub Repository pimcore/pimcore (prior to version 10.6.4) SuperWebMailer 9.00.0.01710 - Export SQL Injection via size parameter vulnerability XSS Vulnerability in SuperWebMailer 9.00.0.01710 via Crafted Filename XSS Vulnerability in SuperWebMailer 9.00.0.01710 via Incorrect Passwords Remote Code Execution Vulnerability in SuperWebMailer 9.00.0.01710 XSS Vulnerability in SuperWebMailer 9.00.0.01710 via keepalive.php GET Parameter Sensitive Information Exposure in Datalust Seq (before 2023.2.9489) via External Metadata Storage Infinite Loops in Recursive Entity Expansion Vulnerability Remote Code Execution Vulnerability in acme.sh (CVE-2023-XXXX) Content-Type Confusion Vulnerability in OWASP ModSecurity Core Rule Set Critical SQL Injection Vulnerability in GitHub Repository pimcore/pimcore (prior to 10.6.4) Remote Denial of Service Vulnerability in Keylime Registrar Vulnerability: Bypass of Challenge-Response Protocol in Keylime Registrar Arbitrary Code Execution via Deserialization Vulnerability in Adobe ColdFusion Deserialization of Untrusted Data Vulnerability in Adobe ColdFusion Improper Access Control Vulnerability in Adobe ColdFusion Allows Unauthenticated Access to Administration Endpoints Improper Access Control Vulnerability in Adobe ColdFusion Allows Security Feature Bypass XML Injection Vulnerability in Adobe Commerce Versions 2.4.6-p1 and Earlier Arbitrary Code Execution Vulnerability in Adobe Commerce Versions 2.4.6-p1 and Earlier Adobe Commerce Incorrect Authorization Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.6.4 Uncontrolled Resource Consumption Vulnerability in Adobe XMP Toolkit 2022.06 Use After Free Vulnerability in Adobe Dimension 3.4.9 Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.9 Allows Arbitrary Code Execution Adobe Dimension 3.4.9 Out-of-Bounds Read Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.17 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.17 and Earlier Use After Free Vulnerability in Adobe Bridge Allows Memory Disclosure Out-of-bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Incorrect Authorization Vulnerability in Adobe Commerce Versions 2.4.7-beta1 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Commerce Versions 2.4.7-beta1 and Earlier Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.6.4 Unauthorised Data Access Vulnerability in Adobe Commerce Versions 2.4.7-beta1 and Earlier Arbitrary Code Execution via SQL Injection in Adobe Commerce Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Vulnerability: Access of Uninitialized Pointer in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Access of Uninitialized Pointer Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution XML External Entity (XXE) Injection in PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 Use-After-Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Access of Uninitialized Pointer Vulnerability in Adobe Acrobat Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Use-After-Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Stack Buffer Overflow in PHP Phar File Loading Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Use-After-Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Information Disclosure Vulnerability in Adobe Acrobat Reader Allows NTLMv2 Credential Theft Access of Uninitialized Pointer Vulnerability in Adobe Acrobat Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Arbitrary Code Execution via SQL Injection in Adobe Commerce Recursive Object Resource Consumption Vulnerability in PTC's KEPServerEX Versions 6.0 to 6.14.263 Arbitrary Code Execution via SQL Injection in Adobe Commerce Uncontrolled Resource Consumption Vulnerability in Adobe Commerce Versions 2.4.7-beta1 and Earlier Out-of-Bounds Read Vulnerability in w3m's Strnew_size Function Out-of-Bounds Read Vulnerability in w3m's growbuf_to_Str Function Microsoft Message Queuing DoS Vulnerability XSS Vulnerability in Device Configuration Upload Path Traversal Vulnerability in Dover Fueling Solutions MAGLINK LX Web Console Configuration Insecure Direct Object Reference Vulnerability in Iagona ScrutisWeb Versions 2.1.37 and Prior Memory Disclosure Vulnerability in macOS Ventura and Monterey Vulnerability: Logic Issue Allows Unauthorized Access to User-Sensitive Data Critical SQL Injection Vulnerability in IBOS OA 4.5.5 Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS Improper Access Controls in IBM SOAR QRadar Plugin App 1.0 through 5.0.3 Local User Information Disclosure Vulnerability in IBM Security Access Manager Appliance Cross-Site Request Forgery Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in Bug Finder Listplace Directory Listing Platform 3.0 Inadequate Account Lockout Setting in IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 Allows Remote Brute Force Attack (IBM X-Force ID: 260733) Sensitive Information Exposure in IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 Sensitive Information Exposure in IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 Cross Site Scripting (XSS) Vulnerability in Bug Finder Listplace Directory Listing Platform 3.0 Privilege Escalation Vulnerability in IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 BGP Update Data Length Vulnerability in OpenBGPD Inefficient Algorithmic Complexity in Trustwave ModSecurity 3.x before 3.0.10 Sandbox Bypass and Code Execution Vulnerability in Thymeleaf Cross-Site Scripting (XSS) Vulnerability in Bug Finder ICOGenie 1.0 CVE-2023-38290 CVE-2023-38291 CVE-2023-38292 CVE-2023-38293 CVE-2023-38294 CVE-2023-38295 CVE-2023-38296 CVE-2023-38297 CVE-2023-38298 CVE-2023-38299 Cross-Site Scripting (XSS) Vulnerability in Bug Finder SASS BILLER 1.0 CVE-2023-38300 CVE-2023-38301 CVE-2023-38302 Stored XSS leading to Remote Command Execution in Webmin 2.021 through Users and Group's real name parameter Stored Cross-Site Scripting (XSS) Vulnerability in Webmin 2.021 Users and Groups Functionality Webmin 2.021 Cross-Site Scripting (XSS) via Download Path Vulnerability Webmin 2.021 File Upload Cross-site Scripting (XSS) Bypass Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Webmin 2.021 Users and Groups Functionality Cross-Site Scripting (XSS) Vulnerability in Webmin 2.021's HTTP Tunnel Functionality Reflected Cross-Site Scripting (XSS) in Webmin 2.021 Package Search Functionality Cross-Site Scripting (XSS) Vulnerability in Bug Finder Finounce 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in Webmin 2.021 System Logs Configuration Stored Cross-Site Scripting (XSS) Vulnerability in Webmin 2.021 System Logs Viewer Directory Traversal Vulnerability in Valve Counter-Strike 8684: Arbitrary File Read via motdfile Console Variable OpenNDS Captive Portal Denial-of-Service Vulnerability NULL Pointer Dereference in OpenNDS Captive Portal Leads to Denial-of-Service OpenNDS Captive Portal Denial-of-Service Vulnerability Arbitrary OS Command Execution in OpenNDS Captive Portal Arbitrary OS Command Execution via OpenNDS Configuration File Arbitrary OS Command Execution via OpenNDS Gateway FQDN Configuration Arbitrary OS Command Execution in OpenNDS Configuration File Cross-Site Scripting (XSS) Vulnerability in Bug Finder Wedding Wonders 1.0 OpenNDS Captive Portal Denial-of-Service Vulnerability Denial of Service Vulnerability in OpenNDS OpenNDS Captive Portal Denial-of-Service Vulnerability Arbitrary OS Command Execution in OpenNDS Configuration File OpenNDS Authentication Bypass Vulnerability Critical Options Mishandling in Python Cryptography Package eGroupWare 17.1.20190111 Improper Password Storage Vulnerability Cross-Site Scripting (XSS) Vulnerability in Bug Finder Montage 1.0 HTTP Response Splitting Vulnerability in OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 Stored XSS Vulnerability in Zoho ManageEngine Support Center Plus 14001 and Below Account Takeover Vulnerability in Zoho ManageEngine ADManager Plus through 7201 Reflected XSS Vulnerability in Zoho ManageEngine Applications Manager Incorrect Access Control in Omnis Studio 10.22.00: Bypassing Locked Class Restrictions Incorrect Access Control in Omnis Studio 10.22.00: Bypassing Always Private Library Protection Command Injection Vulnerability in netkit-rcp (rsh-client 0.17-24) via Filenames Arbitrary File Read Vulnerability in rswag before 2.10.1 Cross-Site Scripting (XSS) Vulnerability in Bug Finder EX-RATE 1.0 XML External Entity (XXE) Injection Vulnerability in Ivanti Endpoint Manager File Disclosure Vulnerability in Ivanti Endpoint Manager Directory Traversal Vulnerability in Wind River VxWorks 6.9 and 7 XSS Vulnerability in LWsystems Benno MailArchiv 2.10.1 CSRF Vulnerability in LWsystems Benno MailArchiv 2.10.1 CSRF Vulnerability in PNP4Nagios 0.6.26 Cross-Site Scripting (XSS) Vulnerability in Bug Finder MineStack 1.0 Ticket Handler Stored XSS in PNP4Nagios 0.6.26 via AJAX Controller and Basket API Insecure Installation Mechanism in MiniTool Partition Wizard 12.8 Enables Remote Code Execution via Man-in-the-Middle Attack Insecure Update Mechanism in MiniTool Partition Wizard 12.8 Enables Remote Code Execution via Man-in-the-Middle Attack Insecure In-App Payment System in MiniTool Power Data Recovery: A Gateway for Man-in-the-Middle Attacks Insecure Installation Process in MiniTool Shadow Maker v4.1 Enables Remote Code Execution via Man-in-the-Middle Attack Insecure Installation Process in MiniTool Movie Maker 7.0 Enables Remote Code Execution via Man-in-the-Middle Attack Insecure Installation Process in MiniTool Power Data Recovery 11.6 Enables Remote Code Execution via Man-in-the-Middle Attack Low Entropy Session Tokens in RWS WorldServer 11.7.3 and Earlier: Unauthorized Access Vulnerability CVE-2023-38359 Unrestricted Upload Vulnerability in Dahua Smart Park Management up to 20230713 CVE-2023-38360 Weak Cryptographic Algorithms in IBM CICS TX Advanced 10.1: A Potential Decryption Vulnerability CVE-2023-38362 Insecure Cookie Handling in IBM CICS TX Advanced 10.1 Cross-Site Scripting (XSS) Vulnerability in IBM CICS TX Advanced 10.1 CVE-2023-38366 CVE-2023-38367 Weak Default Password Policy in IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 Cross-Site Scripting (XSS) Vulnerability in DedeBIZ 6.2.10 CVE-2023-38372 Remote Code Execution Vulnerability in RIGOL MSO5000 Digital Oscilloscope Remote Password Change Vulnerability in RIGOL MSO5000 Digital Oscilloscope Cross-Site Scripting (XSS) Vulnerability in DedeBIZ 6.2.10 Denial-of-Service Vulnerability in SIMATIC and SINAMICS Devices CSRF Vulnerability in WP-FlyBox Plugin <= 6.46 SQL Injection Vulnerability in Subscribe to Category Plugin Unauthenticated Reflected XSS Vulnerability in Syntactics, Inc. EaSYNC Plugin <= 1.3.7 Elastic Email Sender Plugin <= 1.2.6 - Authenticated Stored XSS Vulnerability CVE-2023-38388 Remote SQL Injection Vulnerability in DedeBIZ 6.2.10 CSRF Vulnerability in Anshul Labs Mobile Address Bar Changer Plugin <= 3.0 SQL Injection vulnerability in Themesgrove Onepage Builder (Onepage Builder: n/a - 2.4.1) Hiroaki Miyashita Custom Field Template Plugin XSS Vulnerability CSRF Vulnerability in Alain Gonzalez Plugin <= 3.1.2 Eggemplo Gestion-Pymes Plugin <= 1.5.6: Authenticated Stored XSS Vulnerability Taboola Plugin CSRF Vulnerability: Exploiting Cross-Site Request Forgery (CSRF) Cross-Site Scripting (XSS) Vulnerability in NxFilter 4.3.2.5 Cross-site Scripting (XSS) vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS Aruba VIA Client Privilege Escalation Vulnerability Aruba VIA Client Vulnerability: Arbitrary File Overwrite and DoS in Windows Boot Process Integer Overflow and Heap Corruption Vulnerability in iperf3 Arbitrary File Upload and Remote Command Execution Vulnerability in Veritas InfoScale Operations Manager (VIOM) BACnet Packet Crafting Vulnerability in Crestron 3-Series Control Systems FRRouting (FRR) Flowspec Overflow Vulnerability Buffer Overflow Vulnerability in FRRouting's BGP Label Parsing Insufficiently Trustworthy Search Path in PKCS#11 Feature of OpenSSH Allows Remote Code Execution Desynchronization of fbcon_registered_fb and fbcon_display arrays in set_con2fb_map vulnerability Cross-Site Request Forgery Vulnerability in NxFilter 4.3.2.5 (VDB-235192) Privilege Escalation Vulnerability Patched in iOS 16.6, iPadOS 16.6, and macOS Ventura 13.5 Improper Access Control in Intel Smart Campus Android App: Potential Privilege Escalation via Local Access Multiple Buffer Overflows in Netgear R6900P v1.3.3.154 via ia_ap_setting.cgi Privilege Escalation Vulnerability in BIG-IP Edge Client Installer on macOS iControl SOAP Process Termination Vulnerability Unquoted Search Path Vulnerability in Pointware EasyInventory 1.0.12.0 Memory Disclosure Vulnerability in macOS Ventura and Monterey Unauthenticated Access to API Routes in Walchem Intuition 9 Firmware Versions Prior to v4.21 Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Allows Remote Code Execution Improved Memory Handling in iOS, iPadOS, and macOS: Fixing Arbitrary Code Execution Vulnerability Memory Handling Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Out-of-Bounds Read Vulnerability in ksmbd's smb2_find_context_vals Integer Underflow and Out-of-Bounds Read in ksmbd's deassemble_neg_contexts Function Out-of-Bounds Read Vulnerability in Linux Kernel's ksmbd Off-by-one Error in Memory Allocation Leading to Out-of-bounds Access in ksmbd Cross-Site Scripting Vulnerability in mooSocial mooDating 1.2 Out-of-Bounds Read Vulnerability in ksmbd SMB Request Protocol Out-of-Bounds Read Vulnerability in Linux Kernel's ksmbd Out-of-Bounds Read Vulnerability in ksmbd Hard-coded Credentials Vulnerability in Fujitsu Real-time Video Transmission Gear IP series Double Free Vulnerability in xHTTP 72f812d via Malformed HTTP Request Method Reflected Cross-Site Scripting (XSS) Vulnerability in Apache Felix Healthcheck Webconsole Plugin Possible Local Information Disclosure Vulnerability in Vowifiservice Possible Local Information Disclosure Vulnerability in Vowifiservice Possible Local Information Disclosure Vulnerability in Vowifiservice Possible Local Information Disclosure Vulnerability in Vowifiservice Cross-Site Scripting Vulnerability in mooSocial mooDating 1.2 Possible Local Information Disclosure Vulnerability in Vowifiservice Possible Local Information Disclosure Vulnerability in Vowifiservice Possible Local Information Disclosure Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Local Denial of Service Vulnerability in Vowifiservice Local Denial of Service Vulnerability in Vowifiservice Local Denial of Service Vulnerability in Vowifiservice Local Denial of Service Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Cross-Site Scripting (XSS) Vulnerability in mooSocial mooDating 1.2 Local Privilege Escalation Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Local Information Disclosure Vulnerability in VoWiFi Service Local Privilege Escalation Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Local Denial of Service Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice Cross-Site Scripting Vulnerability in mooSocial mooDating 1.2 Local Privilege Escalation Vulnerability in Vowifiservice Local Denial of Service Vulnerability in Vowifiservice Local Denial of Service Vulnerability in Vowifiservice Local Denial of Service Vulnerability in Vowifiservice Local Privilege Escalation Vulnerability in Vowifiservice IMS Service Vulnerability: Local Information Disclosure without Additional Execution Privileges IMS Service Vulnerability: Local Information Disclosure without Additional Execution Privileges URILD Service Vulnerability: Local Denial of Service with System Execution Privileges Local Denial of Service Vulnerability in Urild Service with System Execution Privileges Reachable Assertion Vulnerability in Avahi's avahi_dns_packet_append_record Cross-Site Scripting (XSS) Vulnerability in mooSocial mooDating 1.2 Reachable Assertion Vulnerability in Avahi's avahi_escape_label() Function Vulnerability: Reachable Assertion in Avahi's dbus_set_host_name Function Avahi Vulnerability: Reachable Assertion in avahi_rdata_parse() Function Reachable Assertion Vulnerability in Avahi's avahi_alternative_host_name() Function Reflected XSS Vulnerability in Campaign Monitor for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in SuiteDash :: ONE Dashboard® Client Portal: SuiteDash Direct Login Plugin <= 1.7.6 Open Redirect Vulnerability in CRM Perks Integration for WooCommerce and QuickBooks Cross-Site Scripting (XSS) Vulnerability in mooSocial mooDating 1.2 Open Redirect Vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin Stored XSS Vulnerability in QualityUnit Post Affiliate Pro Plugin <= 1.25.0 Aruba 9200 and 9000 Series Controllers and Gateways: Arbitrary Code Execution Vulnerability Aruba 9200 and 9000 Series Controllers and Gateways: Arbitrary Code Execution Vulnerability Secure Boot Bypass Vulnerability in Aruba 9200 and 9000 Series Controllers and Gateways HedgeDoc API Note Creation Vulnerability Field Injection Vulnerability in Kirby Content Management System Insufficient Session Expiration in Kirby Content Management System Cross-Site Scripting (XSS) Vulnerability in mooSocial mooDating 1.2 XML External Entities (XXE) Vulnerability in Kirby Content Management System Arbitrary File Upload and Cross-Site Scripting (XSS) Vulnerability in Kirby CMS Unrestricted Password Length Vulnerability in Kirby Content Management System Bypassing Authorizer via Matrix Variables in Armeria Sensitive Information Leakage in MeterSphere Cloud Version Unvalidated Crossplane Package Tampering Vulnerability Ineffective Privilege Drop in Apptainer 1.2.0-rc.2 Allows Directory Deletion Insecure Extraction of Crate Archives in Cargo Denial of Service vulnerability in Discourse Out-of-scope Access Vulnerability in TYPO3 Versions 9.4.0 and Prior SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 TYPO3 HTML Sanitizer Cross-Site Scripting Vulnerability in `noscript` Element Reflected Cross-Site Scripting Vulnerability in copyparty (Versions < 1.8.7) TDengine Database Crash Vulnerability in UDF Nested Query Improper Permission Checks in Directus GraphQL Subscriptions Denial of Service Vulnerability in Sails prior to v1.5.7 Vulnerability: Denial of Service via TLS Handshake Lock Vulnerability: Login Brute Force Attack in Strapi CMS (Versions prior to 4.12.1) Insecure Artifact Link Preview in Tuleap Community and Enterprise Editions Incomplete Mail Obfuscation in XWiki Platform API Key Bypass Vulnerability in Tolgee Localization Platform CVE-2023-38511 CSRF Vulnerability in Wpstream WpStream Plugin <= 4.5.4 User-Controlled Key Authorization Bypass Vulnerability in Jordy Meow Photo Engine Server-Side Request Forgery (SSRF) Vulnerability in Andy Moyle Church Admin Stored Cross-Site Scripting (XSS) Vulnerability in WP OnlineSupport Essential Plugin Audio Player with Playlist Ultimate Plugin <= 1.2.2 Stored XSS Vulnerability in Realwebcare WRC Pricing Tables Plugin <= 2.3.7 Visualmodo Borderless Plugin <= 1.4.8 - Authenticated Stored XSS Vulnerability SQL Injection Vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance Unrestricted File Upload Vulnerability in OpenRapid RapidCMS up to 1.3.1 Exifography Plugin <= 1.3.1 Authenticated Stored XSS Vulnerability Unauthenticated Directory Listing Vulnerability in Samsung Harman AMX N-Series Devices Null Pointer Dereference Vulnerability in Parasolid and Teamcenter Visualization Out of Bounds Read Vulnerability in Parasolid and Teamcenter Visualization Out of Bounds Read Vulnerability in Parasolid and Teamcenter Visualization Out of Bounds Read Vulnerability in Parasolid and Teamcenter Visualization Out of Bounds Write Vulnerability in Parasolid and Teamcenter Visualization Out of Bounds Read Vulnerability in Parasolid and Teamcenter Visualization Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint BloodBank 1.1 (VDB-235205) Out of Bounds Read Vulnerability in Parasolid and Teamcenter Visualization Out of Bounds Read Vulnerability in Parasolid and Teamcenter Visualization Stack Exhaustion Vulnerability in Parasolid and Teamcenter Visualization CVE-2023-38534 CVE-2023-38535 CVE-2023-38536 Race Condition Vulnerability in Network Transport Subsystem: Heap Use-After-Free in Audio/Video Calls Race Condition in Event Subsystem: Heap Use-After-Free Vulnerability in Audio/Video Calls Critical SQL Injection Vulnerability in phpscriptpoint BloodBank 1.1 Insecure Inherited Permissions in Intel HID Event Filter Drivers: Privilege Escalation Vulnerability Denial of Service (DoS) Vulnerability in Ivanti Secure Access Client Privilege Escalation Vulnerability: Unauthorized Modification of System-wide Configuration Settings Heap-based Buffer Overflow in SOCKS5 Proxy Handshake Vulnerability: Unintentional Loading of Cookies from File Named none Unauthenticated User Information Disclosure and Remote Code Execution in Veeam ONE Veeam ONE Web Client Vulnerability: Unauthorized Access to NTLM Hash Veeam ONE Web Client Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint JobSeeker 1.5 Node.js Policy Mechanism Integrity Check Bypass Vulnerability Local Privilege Escalation Vulnerability in GNSS Service Potential Out of Bounds Write Vulnerability in wcn bsp Driver Fujitsu Network Devices Si-R and SR-M Series Authentication Bypass Vulnerability Remote Code Execution Vulnerability in SEIKO EPSON Printer Web Config Improper Access Rights in Spectrum Power 7 (All versions < V23Q3) Allows Arbitrary Code Injection and Privilege Escalation SIMATIC PCS neo (Administration Console) Credential Leakage Vulnerability Buffer Overflow Vulnerability in Ghostscript's devn_pcx_write_rle() Function Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint Ecommerce 1.15 Integer Overflow Vulnerability in Ghostscript's pl_glyph_name Function Improper Access Control in Intel(R) XTU Software: Local Privilege Escalation Vulnerability Double-Free Vulnerability in Weston Embedded uC-TCP-IP v3.06.01 Allows for Memory Corruption and Code Execution Archer C1200 and C9 Firmware Vulnerability: Remote Command Execution Vulnerability Patched: Unauthorized File System Modification in macOS Ventura 13.5 Root Privilege Escalation Vulnerability in macOS and iOS Uncontrolled Search Path Vulnerability in Intel(R) ISPC Software Archer A10 Firmware Vulnerability: Remote Command Execution Stored Cross-Site Scripting Vulnerability in SHIRASAGI Prior to v1.18.0 Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint Ecommerce 1.15 Buffer Overflow Vulnerability in Intel Unison Software Enables Privilege Escalation Symlink Validation Vulnerability Allows Privacy Preference Bypass in macOS Same Origin Policy Bypass Vulnerability Use-After-Free Vulnerability in Foxit Reader 12.1.2.15356 Signature Field Handling Open Redirect Vulnerability in VI Web Client Prior to 7.9.6: Remote Phishing Attack Vector CVE-2023-38575 Hidden Functionality Vulnerability in LOGITEC CORPORATION's LAN-WH300N/RE All Versions: Arbitrary OS Command Execution Predictable or Easily Guessable Cross-Site Request Forgery Token Vulnerability Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint Car Listing 1.6 Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, and watchOS Persistent XSS vulnerability in MOD3GP-SY-120K web application allows remote attackers to execute arbitrary JavaScript via MAIL_RCV field. Stack-based Buffer Overflow Vulnerability in GTKWave 3.3.115 Allows Arbitrary Code Execution via Crafted .lxt2 File Stack-Based Buffer Overflow in Weintek's cMT3000 HMI Web CGI Device Authentication Bypass Vulnerability in CBC Products Sandbox Circumvention Vulnerability in macOS Sonoma 14 Intel NUC BIOS Firmware Vulnerability: Local Privilege Escalation via Improper Input Validation Archer C3150 Firmware Vulnerability: Arbitrary OS Command Execution Critical SQL Injection Vulnerability in phpscriptpoint Car Listing 1.6 Buffer Overflow Vulnerability Patched in Multiple Apple Operating Systems Multiple Buffer Overflows in Netgear DG834Gv5 1.6.01.34 via bsw_ssid.cgi Improved Restrictions for Logic Issue in iOS 16.6 and Other Apple Operating Systems: Arbitrary Code Execution Vulnerability Title: Logic Issue in Apple Operating Systems Allows Denial-of-Service Attack Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, macOS, Safari, and watchOS Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, macOS, Safari, and watchOS App Transport Security Bypass Vulnerability Patched in Apple Operating Systems Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, and Safari Use-after-free vulnerability allows arbitrary code execution with kernel privileges Improved State Management Fixes Logic Issue Allowing Sensitive User Information Tracking Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint Insurance 1.2 Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, macOS, Safari, and watchOS Vulnerability Patched: File System Modification Exploit in macOS File System Modification Vulnerability Patched in macOS Monterey 12.6.8, macOS Ventura 13.5, and macOS Big Sur 11.7.9 Improved Checks Address Denial-of-Service Vulnerability in iOS, iPadOS, and macOS Arbitrary Code Execution Vulnerability in Multiple Apple Operating Systems Improved Redaction of Sensitive Information in macOS Ventura 13.5 Kernel State Modification Vulnerability in Older iOS Versions Vulnerability: Printer Settings Modification Exploit in macOS Sonoma 14 macOS Ventura 13.5 Patch: Enhanced Permissions Checks to Prevent Unauthorized Access to User-Sensitive Data Privacy Preference Bypass Vulnerability in macOS Ventura 13.5 Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint Insurance 1.2 Memory Corruption Vulnerability Patched in macOS Sonoma 14, iOS 17, and iPadOS 17 Memory Handling Vulnerability in iOS, iPadOS, tvOS, macOS, Safari, and watchOS Allows Arbitrary Code Execution Vulnerability: Unauthorized Access to Protected User Data Memory Handling Vulnerability in macOS Sonoma 14 Allows Arbitrary Code Execution Race Condition Vulnerability in macOS Ventura 13.5 Allows Arbitrary Code Execution with Kernel Privileges Reflected Cross-Site Scripting (XSS) Vulnerability in Office Suite Premium Version v10.9.1.42602 Integer Overflow in VZT Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow in VZT Facgeometry Parsing Functionality of GTKWave 3.3.115 Cross-Site Scripting (XSS) Vulnerability in Travelmate Travelable Trek Management Solution 1.0 Integer Overflow in VZT Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow in VZT Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow Vulnerability in VZT Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow in VZT Facgeometry Parsing Functionality of GTKWave 3.3.115 Post-Authenticated SSRF Vulnerability in Trend Micro Apex Central 2019 (Builds Lower than 6481) Post-Authenticated SSRF Vulnerability in Trend Micro Apex Central 2019 (Builds Lower than 6481) Allows Unauthorized Access to Internal Services Post-Authenticated SSRF Vulnerability in Trend Micro Apex Central 2019 (Builds Lower than 6481) Post-Authenticated SSRF Vulnerability in Trend Micro Apex Central 2019 (Builds Lower than 6481) Use-After-Free Vulnerability in NFC LLCP Core in Linux Kernel Stack-Based Buffer Overflow in async-sockets-cpp TCP Packet Processing Directory Traversal Vulnerability in librsvg URL Decoder Blind SQL Injection Vulnerability in Snow Software License Manager Insecure Permissions in SICAM PAS/PQS Application: Local Unauthorized Access and Modification Privilege Escalation Vulnerability in SICAM TOOLBOX II (All versions < V07.10) Arbitrary Command Execution Vulnerability in Metabase Unbounded Deserialization Vulnerability in SnakeYAML: Remote Code Execution in Helix REST and Workflow Creation Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115's VZT Decompression Functionality Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115's VZT Decompression Functionality Integer Overflow Vulnerability in VZT vzt_rd_block_vch_decode Times Parsing Functionality of GTKWave 3.3.115 Integer Overflow Vulnerability in VZT vzt_rd_block_vch_decode Times Parsing Functionality of GTKWave 3.3.115 Integer Overflow Vulnerability in VZT vzt_rd_block_vch_decode Dict Parsing Functionality of GTKWave 3.3.115 Integer Overflow Vulnerability in VZT vzt_rd_block_vch_decode Dict Parsing Functionality of GTKWave 3.3.115 Arbitrary Code Execution via Malicious .lxt2 File in GTKWave 3.3.115 Null Pointer Dereference in ieee_write_file in NASM 2.16rc0: Denial of Service Vulnerability Segmentation Violation Vulnerability in Bento4 v1.6.0-639 Stack-based Buffer Over-read Vulnerability in NASM 2.16 Disasm Function Stack-based Buffer Over-read Vulnerability in NASM 2.16 Disasm Function Use After Free Vulnerability in paddle.diagonal in PaddlePaddle before 2.5.0 Null Pointer Dereference in paddle.flip() Function in PaddlePaddle: Denial of Service Vulnerability Heap Buffer Overflow in paddle.trace in PaddlePaddle: A Critical Vulnerability with Potential Denial of Service and Information Disclosure FPE Vulnerability in paddle.trace: Runtime Crash and Denial of Service Command Injection Vulnerability in PaddlePaddle fs.py (Versions before 2.5.0) Denial of Service Vulnerability in PaddlePaddle's paddle.nanmedian Function FPE Vulnerability in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0 Null Pointer Dereference in paddle.dot function in PaddlePaddle before 2.6.0: Runtime Crash and Denial of Service Vulnerability FPE Vulnerability in paddle.linalg.eig in PaddlePaddle before 2.6.0 Out-of-Bounds Access Vulnerability in PaddlePaddle's paddle.mode Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization Unbounded Limit Parameter Vulnerability in Discourse Unauthorized Access to Restricted-Visibility Topic Tags in Discourse Vulnerability: Unverified SMTP Server Certificates in Sydent Arbitrary HTML Injection and XSS Vulnerability in Svelecte Component Unencrypted Communication Vulnerability in Twitch-TUI (CVE-2021-XXXX) Logistics Pipes Mod for Minecraft Java Edition: Remote Code Execution Vulnerability Unauthenticated Modification of Comment Ratings in wpDiscuz Plugin for WordPress Command Injection via Newlines in matrix-appservice-irc Impersonation vulnerability in matrix-appservice-bridge API Command Injection Vulnerability in CloudExplorer Lite Installation Function HTML Injection Vulnerability in Umbraco CMS Arbitrary File Access Vulnerability in Cypress-Image-Snapshot HTTP/1 Protocol Content-Length and Chunk Size Parsing Vulnerability Ethereum Name Service (ENS) Domain Expiration Manipulation Vulnerability Insecure SSL Certificate Validation in MindsDB's AI Virtual Database Information Leakage Vulnerability in matrix-appservice-irc Flawed Check in Hydra Commit Validator Allows Unauthorized Fund Spending Unauthenticated Remote Code Execution in Knowage Analytics Suite Use-after-free vulnerability in PJSIP SRTP implementation Remote Code Execution in import-in-the-middle (CVE-2021-12345) Unlimited Draft Key Exhaustion Vulnerability in Discourse Path Traversal Vulnerability in Pimcore AssetController::importServerFilesAction Allows File Overwrite and Denial of Service CVE-2023-38709 Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 IKEv2 Child SA REKEY Packet Invalid IPsec Protocol ID Vulnerability NULL Pointer Dereference in Libreswan IKEv1 Quick Mode Connection with IDcr Payload Null Pointer Dereference in Libreswan IKEv1 ISAKMP SA Informational Exchange Information Disclosure Vulnerability in IBM Robotic Process Automation 21.0.0 through 21.0.7.8 Denial of Service Vulnerability in IBM Db2 11.5 during Database Deactivation on DPF Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 Denial of Service Vulnerability in IBM Db2 11.5 and 11.5 with Specially Crafted ALTER TABLE Statement Local Privilege Escalation Vulnerability in IBM i Facsimile Support Stored Cross-Site Scripting Vulnerability in IBM Sterling Partner Engagement Manager CVE-2023-38723 CVE-2023-38724 Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows CVE-2023-38729 Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 (VDB-235235) Weak Cryptographic Algorithms in IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0: High-Risk Data Decryption Vulnerability Information Disclosure Vulnerability in IBM Robotic Process Automation Server Information Disclosure Vulnerability in IBM Robotic Process Automation Server Incorrect Privilege Assignment in IBM Robotic Process Automation Remote Code Execution Vulnerability in IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 Local Privilege Escalation Vulnerability in IBM QRadar WinCollect Agent 10.0 through 10.1.6 Denial of Service Vulnerability in IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 OpenPages Native Authentication Weakness Vulnerability Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 Denial of Service Vulnerability in IBM Db2 11.5 with Specially Crafted SQL Statement Improper Timeout Enforcement in IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 Leads to Denial of Service Vulnerability Command Execution Vulnerability in Zoho ManageEngine ADManager Plus (Build 7200 and earlier) Denial-of-Service (DoS) Vulnerability in CJ Series and CS/CJ Series EtherNet/IP Units Arbitrary File Write Vulnerability in Pandoc CX-Programmer Out-of-Bounds Read Vulnerability Heap-based Buffer Overflow Vulnerability in CX-Programmer: Potential Information Disclosure and Code Execution CX-Programmer Use After Free Vulnerability Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 0.1.0 (VDB-235237) Exposure of Internal JSP and XML Files in Zimbra Collaboration (ZCS) Unauthorized Access to Non-Disclosure Organization Information in Special Interest Group Network for Analysis and Liaison Unauthorized Access to Non-Disclosure Attribute in Special Interest Group Network for Analysis and Liaison Cross Site Scripting (XSS) Vulnerability in wger Project wger Workout Manager v.2.2.0a3 CSRF Vulnerability in wger Workout Manager 2.2.0a3 Allows Remote Privilege Escalation Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 (VDB-235238) ChurchCRM v.5.0.0 SQL Injection Vulnerability in QueryView.php Arbitrary Code Execution via Cross Site Scripting (XSS) in ChurchCRM v.5.0.0 ChurchCRM v.5.0.0 SQL Injection Vulnerability in QueryView.php SQL Injection Vulnerability in ChurchCRM v.5.0.0: Remote Information Disclosure via FundRaiserID Parameter SQL Injection Vulnerability in ChurchCRM v.5.0.0: Remote Information Disclosure ChurchCRM v.5.0.0 SQL Injection Vulnerability in QueryView.php Arbitrary Code Execution via Cross Site Scripting (XSS) in ChurchCRM v.5.0.0 ChurchCRM v.5.0.0 SQL Injection Vulnerability in QueryView.php ChurchCRM v.5.0.0 SQL Injection Vulnerability in QueryView.php ChurchCRM v.5.0.0 SQL Injection Vulnerability in QueryView.php Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 ChurchCRM v.5.0.0 SQL Injection Vulnerability in QueryView.php ChurchCRM v.5.0.0 SQL Injection Vulnerability in QueryView.php SQL Injection Vulnerability in ChurchCRM v.5.0.0: Remote Information Disclosure Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 (VDB-235241) Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 Denial of Service Vulnerability in FRRouting and Pica8 PICOS via Crafted BGP Update Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 Privilege Escalation Vulnerability in Inspect Element Ltd Echo.ac v.5.2.1.0 Critical SQL Injection Vulnerability in Campcodes Beauty Salon Management System 1.0 Remote Code Execution Vulnerability in Tenda AC19, AC18, AC9, and AC6 Routers CVE-2023-38825 Cross Site Scripting (XSS) Vulnerability in Follet Learning Solutions Destiny through 20.0_1U via handlewpesearchform.do searchString Arbitrary Code Execution via Cross Site Scripting in Follet School Solutions Destiny v.20_0_1_AU4 and later Remote Code Execution Vulnerability in NETIS SYSTEMS WF2409E v.3.6.42541 Cross-Site Scripting (XSS) Vulnerability in Campcodes Beauty Salon Management System 1.0 Credit Card Information Leak in PHPJabbers Yacht Listing Script v1.0 WinRAR ZIP Archive Arbitrary Code Execution Vulnerability Arbitrary Code Execution via File Upload Vulnerability in BoidCMS v.2.0.0 Kidus Minimati v.1.0.0 SQL Injection Vulnerability in edit.php Component SQL Injection Vulnerability in Kidus Minimati v.1.0.0: Remote Information Disclosure via fulldelete.php Cross-Site Scripting (XSS) Vulnerability in Campcodes Beauty Salon Management System 1.0 Local Access Information Disclosure in Bitwarden Desktop 2023.7.0 and Below Arbitrary Code Execution Vulnerability in Atlos v.1.0 Arbitrary Code Execution via SQL Injection in PMB v.7.4.7 and Earlier Remote Information Disclosure Vulnerability in Anglaise Company Anglaise.Company v.13.6.1 Remote Information Disclosure Vulnerability in Marbre Lapin Line v.13.6.1 Remote Information Disclosure Vulnerability in CHRISTINA JAPAN Line v.13.6.1 Sensitive Information Disclosure in rmc R Beauty CLINIC Line v.13.6.1 Remote Information Disclosure Vulnerability in tire-sales Line v.13.6.1 Cross-Site Scripting (XSS) Vulnerability in Campcodes Beauty Salon Management System 1.0 Buffer Overflow Vulnerability in Michaelrsweet Codedoc v3.7: Denial of Service via codedoc.c:1742 Component Buffer Overflow Vulnerability in libxlsv.1.6.2: Remote Code Execution and Denial of Service via Crafted XLS File Buffer Overflow Vulnerability in libxlsv.1.6.2: Remote Code Execution and Denial of Service via Crafted XLS File Buffer Overflow Vulnerability in libxlsv.1.6.2: Remote Code Execution and Denial of Service via Crafted XLS File Buffer Overflow Vulnerability in libxlsv.1.6.2: Remote Code Execution and Denial of Service via Crafted XLS File Buffer Overflow Vulnerability in libxlsv.1.6.2: Remote Code Execution and Denial of Service via Crafted XLS File Buffer Overflow Vulnerability in libxlsv.1.6.2: Remote Code Execution and Denial of Service via Crafted XLS File Buffer Overflow Vulnerability in infaad2 v.2.10.1: Remote Code Execution and Denial of Service via stcoin Function in mp4read.c Buffer Overflow Vulnerability in infaad2 v.2.10.1: Remote Code Execution and Denial of Service via mp4info Function Cross-Site Scripting (XSS) Vulnerability in Campcodes Beauty Salon Management System 1.0 Remote Code Execution Vulnerability in LangChain v.0.0.231 via prompt parameter Remote Code Execution Vulnerability in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 Arbitrary Code Execution Vulnerability in COMFAST CF-XR11 v.2.7.2 Arbitrary Code Execution Vulnerability in COMFAST CF-XR11 v.2.7.2 Arbitrary Code Execution Vulnerability in COMFAST CF-XR11 v.2.7.2 Command Injection Vulnerability in COMFAST CF-XR11 V2.7.2 at sub_4143F0 Command Injection Vulnerability in COMFAST CF-XR11 V2.7.2 at sub_415588 Function Cross-Site Scripting (XSS) Vulnerability in Campcodes Beauty Salon Management System 1.0 SQL Injection Vulnerability in gugoan Economizzer's Cash Book Category Listing User Enumeration Vulnerability in gugoan Economizzer Login and Forgot Password Functionalities Insecure Direct Object Reference (IDOR) Vulnerability in gugoan Economizzer: Unauthorized Access to Cash Book Entry Attachments Clickjacking Vulnerability in gugoan Economizzer v.0.9-beta1 Insecure File Upload Vulnerability in Economizzer v.0.9-beta1 and commit 3730880 (April 2023) Allows Remote Code Execution Reflected XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote code execution via '/reset-password' parameter. Reflected XSS Vulnerability in msaad1999's PHP-Login-System 2.0.1 Allows Remote Code Execution Host Header Injection Vulnerability in Economizzer v.0.9-beta1 and commit 3730880 (April 2023) Reflected XSS Vulnerability in DevCode OpenSTAManager Versions 2.4.24 to 2.4.47 Directory Traversal Vulnerability in OS4ED openSIS Classic 9.0 Allows Remote File Read Cross-Site Scripting (XSS) Vulnerability in Campcodes Beauty Salon Management System 1.0 Unauthenticated Access to Database Backup and Password Hashes in OS4ED's openSIS Classic 9.0 Reflected Cross-Site Scripting (XSS) Vulnerability in OS4ED openSIS Classic Community Edition 9.0 Reflected Cross-Site Scripting (XSS) Vulnerability in OS4ED openSIS Classic Community Edition 9.0 Reflected Cross-Site Scripting (XSS) Vulnerability in OS4ED openSIS Classic Community Edition 9.0 OpenSIS Classic Community Edition 9.0 Insecure Direct Object Reference (IDOR) Vulnerability Allows Unauthorized Access to Student Files Cross-Site Request Forgery (CSRF) Vulnerability in OpenSIS Classic Community Edition version 9.0 Remote Code Execution Vulnerability in Dolibarr ERP CRM v.17.0.1 and Earlier Arbitrary Code Execution and Information Disclosure Vulnerability in Dolibarr ERP CRM v.17.0.1 and Earlier Cross Site Scripting (XSS) Vulnerability in Dolibarr ERP CRM v.17.0.1 and Earlier via REST API Module Arbitrary Code Execution Vulnerability in Alluxio v.2.9.3 and Earlier Improper GPU Memory Processing Vulnerability SQL Injection Vulnerability in Online Shopping Portal Project 3.1 Privilege Escalation via SQL Injection in Vtiger CRM v.7.5.0 Prototype Pollution in Cronvel Tree-kit v.0.7.4 and earlier: Remote Code Execution via extend() Remote Code Execution Vulnerability in Harrison Chase Langchain v.0.0.194 and Earlier Disputed Vulnerability: Information Disclosure in Python cpython v.3.7 Privilege Escalation via SQL Injection in berkaygediz O_Blog v.1.0 Cross-Site Scripting (XSS) Vulnerability in Campcodes Beauty Salon Management System 1.0 Remote Command Injection Vulnerability in RG-EW Series Home Routers and Repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 Series Switches v.SWITCH_3.0(1)B11P219, RG-EG Series Business VPN Routers v.EG_3.0(1)B11P219, EAP and RAP Series Wireless Access Points v.AP_3.0(1)B11P219, and NBC Series Wireless Controllers v.AC_3.0(1)B11P219 Netlify CMS v.2.10.192 Cross Site Scripting (XSS) Vulnerability in New Post Function SQL Injection Vulnerability in Jeecg-boot v.3.5.0 and Earlier: Denial of Service via Function Exploitation Authentication Code Exposure in TPLink Smart Bulb Tapo Series L530 v.1.0.0 and Tapo Application v.2.8.14 Remote Information Disclosure Vulnerability in TPLink Smart Bulb Tapo Series L530 v.1.0.0 and Tapo Application v.2.8.14 Remote Information Disclosure Vulnerability in TPLink Smart Bulb Tapo Series L530 v.1.0.0 and Tapo Application v.2.8.14 Remote Information Disclosure Vulnerability in TPLink Smart Bulb Tapo Series L530 v.1.0.0 and Tapo Application v.2.8.14 Privilege Escalation Vulnerability in Lapce v0.2.8: Exploiting Race Condition Cross-Site Scripting (XSS) Vulnerability in CSZ CMS 1.3.0's Carousel Widget Plugin CSZ CMS 1.3.0 Cross-Site Scripting (XSS) Vulnerability in YouTube URL Gallery Parameter Arbitrary Code Execution via SQL Injection in Super Store Finder PHP Script v.3.6 Arbitrary Code Execution via File Upload in Wolf-leo EasyAdmin8 v.1.0 Remote Code Execution and Information Disclosure Vulnerability in eVotingSystem-PHP v.1.0 XML External Entity (XXE) Vulnerability in MIM Assistant and Client DICOM RTst Loading Modules Multiple Command Injection Vulnerabilities in Netgear WG302v2 and WAG302v2 Firmware Upgrade Handler Multiple Buffer Overflows in Netgear JWNR2000v2, XWN5001, and XAVN2001v2 via update_auth Function Buffer Overflow Vulnerability in Netgear DGN3500 1.1.00.37 via http_password Parameter at setup.cgi Buffer Overflow Vulnerability in Netgear DC112A, EX6200, and R6300v2 Buffer Overflow Vulnerability in Netgear EX6200 v1.0.3.94 via wla_temp_ssid Parameter Command Injection Vulnerability in Netgear R7100LG 1.0.0.78 via usb_remote_invite.cgi Stack Overflow Vulnerability in Tenda 4G300 v1.01.42 via /VirtualSer Page Parameter Privilege Escalation Vulnerability in Kubernetes-csi-proxy on Windows Nodes Stack Overflow Vulnerability in Tenda AC7, AC5, AC9, and FH1205 Routers Stack Overflow Vulnerability in Tenda AC10, AC1206, AC8, AC6, AC7, F1203, AC5, AC10 v4.0, and FH1203 Routers Stack Overflow Vulnerability in Tenda F1202, PA202, PW201A, and FH1202 Routers Stack Overflow Vulnerability in Tenda AC6, AC7, F1203, AC5, FH1203, AC9, and FH1205 Routers Stack Overflow Vulnerability in Tenda F1203, FH1203, and FH1205 Routers Tenda Router Firmware Stack Overflow Vulnerability Stack Overflow Vulnerability in Tenda AC10, AC1206, AC6, AC7, AC5, FH1203, AC9, and FH1205 Routers Stack Overflow Vulnerability in Tenda AC Series Routers Stack Overflow Vulnerability in Tenda Routers via /L7Im Page Parameter Stack Overflow Vulnerability in Tenda F1202 and FH1202 Routers Jackson-dataformats-text TOML Parser Denial of Service Vulnerability Stack Overflow Vulnerability in Tenda F1203, FH1203, and FH1205 Routers Remote Command Execution (RCE) Vulnerability in Django-SSPanel v2022.2.2 via GoodsCreateView._post Remote Command Execution (RCE) Vulnerability in Dango-Translator v4.5.5 via app/config/cloud_config.json ShuiZe_0x727 v1.0 Remote Command Execution (RCE) Vulnerability via /iniFile/config.ini Component CVE-2023-38944 CVE-2023-38945 CVE-2023-38946 Arbitrary File Upload Vulnerability in WBCE CMS v1.6.1's /languages/install.php Component Arbitrary File Download Vulnerability in jizhi CMS 1.9.5 PluginsController.php Component Unauthenticated Password Reset Vulnerability in ZKTeco BioTime v8.5.5 Path Traversal Vulnerability in ZKTeco BioTime v8.5.5 iClock API Path Traversal Vulnerability in ZKTeco BioTime v8.5.5 Allows Arbitrary File Writing via Malicious SFTP Configuration Unauthenticated Access Control Vulnerability in ZKTeco BioTime v8.5.5 SQL Injection Vulnerability in ZKTeco BioAccess IVS v3.3.1 Unauthenticated Information Disclosure in ZKTeco BioAccess IVS v3.3.1 ZKTeco BioAccess IVS v3.3.1 Path Traversal Vulnerability Remote Door Control Vulnerability in ZKTeco BioAccess IVS v3.3.1 Divide By Zero Vulnerability in vim/vim 9.0.1367-1 to 9.0.1367-3 Local Privilege Escalation Vulnerability in Raiden Professional Server RaidenFTPD v.2.4 build 4005 Buffer Overflow Vulnerability in JerryScript Project v3.0.0: Remote Code Execution via scanner_is_context_needed in js-scanner-until.c Cross-Site Scripting (XSS) Vulnerability Found in Creative Item Academy LMS 6.0 Account Takeover Vulnerability in Lost and Found Information System 1.0 Arbitrary Code Execution via Cross Site Scripting in Badaso v.2.9.7 Username Enumeration via CAPTCHA Bypass in SureMDM On-premise Solution Arbitrary Code Execution via Cross Site Scripting in Badaso v.0.0.1 - v.2.9.7 Arbitrary Code Execution via Cross Site Scripting in Badaso v.0.0.1 - v.2.9.7 Stored XSS Vulnerability in Badaso v2.9.7 Add Tag Function via Title Parameter Stored XSS Vulnerability in Badaso v2.9.7 Edit Category Function via Title Parameter Buffer Overflow Vulnerability in qdrant v.1.3.2: Remote Denial of Service via chucnked_vectors.rs Remote Denial of Service Vulnerability in Weaviate v1.20.0 via handleUnbatchedGraphQLRequest Function SQL Injection Vulnerability in mAyaNet E-Commerce Software (before 1.1) Arbitrary Deletion of Notifications in Jeesite v1.2.6 OaNotifyController Arbitrary Deletion of Administrator Role Information in Jeesite v1.2.6 UserController Local Privilege Escalation Vulnerability in subscription-manager Arbitrary Menu Deletion Vulnerability in jeesite v1.2.6 Arbitrary Model Deletion Vulnerability in jeesite v1.2.6 SQL Injection Vulnerability in jeecg-boot v3.5.1 via title parameter at /sys/dict/loadTreeData Exposure of LDAP Plaintext Password in UCS 5.0-5 Monitoring Scripts Remote Code Execution Vulnerability in SCHUHFRIED v.8.22.00 Arbitrary Code Execution Vulnerability in Douran DSGate Arbitrary Command Execution via Directory Traversal in OPNsense Captive Portal Templates Open Redirect Vulnerability in OPNsense Community Edition and Business Edition CSRF Vulnerability in OPNsense Community and Business Editions Allows Denial of Service Denial of Service Vulnerability in GitLab CE/EE Versions 16.1 - 16.2.2 Arbitrary JavaScript Injection via URL Path in OPNsense Community and Business Editions Command Injection Vulnerability in OPNsense Community and Business Editions OPNsense Community and Business Edition XSS Vulnerability in system_certmanager.php Insecure Permissions in /tmp Directory in OPNsense Community and Business Editions Insecure Permissions in OPNsense Configuration Directory: Privilege Escalation Vulnerability Insecure Permissions in configd.socket in OPNsense Community and Business Editions Input Sanitization Vulnerability in OPNsense Crash Reporter Cross-Site Scripting (XSS) Vulnerability in OPNsense Cron Component Command Injection Vulnerability in OPNsense Community and Business Editions Code Injection Vulnerability in BoofCV 0.42 via CalibrationIO.load Code Injection Vulnerability in Duke v1.2 and Below via no.priv.garshol.duke.server.CommonJTimer.init Component Code Injection Vulnerability in webmagic-extension v0.9.0 and below via us.codecraft.webmagic.downloader.PhantomJSDownloader Code Injection Vulnerability in bboss-persistent v6.0.9 and Below Code Injection Vulnerability in org.quartz.jobs.ee.jms.SendQueueMessageJob.execute Code Injection Vulnerability in FFmpeg 0.7.0 and Below: Exploiting Unchecked Arguments in net.bramp.ffmpeg.FFmpeg.<constructor> Code Injection Vulnerability in Stanford-Parser v3.9.2 and Below: Exploiting edu.stanford.nlp.io.getBZip2PipedInputStream Code Injection Vulnerability in Wix-Embedded-MySQL v4.6.1 and Below Code Injection Vulnerability in oscore v2.2.6 and Below: Exploiting com.opensymphony.util.EJBUtils.createStateless Code Injection Vulnerability in University Compass v2.2.0 and Below: Exploiting Unchecked Arguments in org.compass.core.executor.DefaultExecutorManager.configure FileMage Gateway Windows Deployments v.1.10.8 and earlier - Directory Traversal Vulnerability Information Leak and Message Manipulation Vulnerability in Camp Style Project Line v13.6.1 Time Overflow Vulnerability in GitLab EE Cheese Cafe Line v13.6.1: Channel Access Token Information Leak and Crafted Message Exploit Information Leak and Message Manipulation Vulnerability in KUKURUDELI Line v13.6.1 Gyouza-newhushimi v13.6.1 Information Leak and Message Manipulation Vulnerability YKC Tokushima_awayokocho Line v13.6.1: Information Leak and Message Manipulation Vulnerability Information Leak and Message Manipulation Vulnerability in ajino-Shiretoko Line v13.6.1 Information Leak in kokoroe_members Card Line 13.6.1: Channel Access Token Exposure and Crafted Message Injection Vulnerability Information Leak and Message Manipulation Vulnerability in TonTon-Tei_waiting Line v13.6.1 Critical Information Leak Vulnerability in Shouzu Sweets Oz v13.6.1: Exploiting Channel Access Token for Unauthorized Message Manipulation Information Leak and Message Manipulation Vulnerability in Tokudaya.honten v13.6.1 Critical Information Leak in youmart-tokunaga v13.6.1: Channel Access Token Exposure and Message Manipulation Information Leak and Message Manipulation Vulnerability in Daiky-value.Fukueten v13.6.1 Information Leak and Message Manipulation Vulnerability in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 Earthgarden_waiting 13.6.1: Channel Access Token Information Leak and Crafted Message Exploitation Vulnerability Hattoriya v13.6.1 Information Leak Vulnerability: Channel Access Token Exposure and Crafted Message Exploitation Information Leak and Message Manipulation Vulnerability in Tokudaya.ekimae_mc v13.6.1 Critical Information Leak in Coffee-jumbo v13.6.1: Channel Access Token Exposure and Crafted Message Exploitation Channel Access Token Information Leak in hirochanKAKIwaiting v13.6.1 Channel Access Token Information Leak in THE_B_members Card v13.6.1 Arbitrary Code Execution Vulnerability in Ansible Semaphore v2.8.90 Asset Proxy Bypass Vulnerability in GitLab EE Arbitrary Code Execution via CSRF in Chamilo v.1.11 - v.1.11.20 Arbitrary Code Execution via Cross Site Scripting in Spipu HTML2PDF Buffer Overflow Vulnerability in RaidenFTPD 2.4.4005: Arbitrary Code Execution via Step by Step Setup Wizard Server Name Field Arbitrary Code Execution via Cross Site Scripting in ZLMediaKiet v.4.0 and v.5.0 Remote Denial of Service Vulnerability in NBD80S09S-KLC and NBD80N32RA-KL Privilege Escalation via Active Directory Authentication in StrangeBee TheHive and Cortex Privilege Escalation Vulnerability in GitLab EE: Project Maintainer to Owner Escalation Arbitrary Code Execution Vulnerability in Cppcheck 2.12 dev via removeContradiction Parameter Remote Code Execution and Information Disclosure Vulnerability in SNMP Web Pro v.1.1 USB-based Denial of Service Vulnerability in Renault Zoe EV 2021 Infotainment System USB Memory Area Denial of Service (DoS) Vulnerability in GM Chevrolet Equinox 2021 Software Cleartext Transmission Vulnerability in ASUS RT-AC66U B1 3.0.0.4.286_51665 Regular Expression Denial of Service Vulnerability in GitLab CE/EE Cross Site Scripting (XSS) Vulnerability in ZeroWdd Student Manager v.1.0 via Username Parameter in Student List Function Stored Cross-Site Scripting (XSS) Vulnerability in WebBoss.io CMS v3.7.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in WebBoss.io CMS v3.7.0.1 Arbitrary Code Execution Vulnerability in Nacos Group Nacos Spring Project v.1.1.1 and Earlier Arbitrary File Overwrite Vulnerability in NoMachine Client for macOS Server-Side Request Forgery (SSRF) Vulnerability in rconfig v3.9.4 Server-Side Request Forgery (SSRF) Vulnerability in rconfig v3.9.4 Server-Side Request Forgery (SSRF) Vulnerability in rconfig v3.9.4 via /ajaxGetFileByPath.php Arbitrary File Deletion Vulnerability in ECShop v4.1.16 Admin Panel Segmentation Violation Vulnerability in ngiflib Commit fb271 Segmentation Violation Vulnerability in ngiflib Commit 84a75 XSS Vulnerability in Campcodes Online Matrimonial Website System Script 3.3 via Crafted SVG Document SQL Injection Vulnerability in Emlog v2.1.9 via /admin/user.php Component SQL Injection Vulnerability in BMC Control-M through 9.0.20.200 via /RF-Server/report/deleteReport report-id Parameter Integer Overflow and Out-of-Bounds Write Vulnerability in NTSC-CRT 2.2.1's loadBMP Function Stack Overflow Vulnerability in GNU gdb (GDB) 13.0.50.20220805-git via ada_decode in ada-lang.c Heap Use After Free Vulnerability in GNU gdb (GDB) 13.0.50.20220805-git via add_pe_exported_sym() in coff-pe-read.c Heap Buffer Overflow in GNU gdb (GDB) 13.0.50.20220805-git via pe_as16() in /gdb/coff-pe-read.c Path Traversal Vulnerability in Zip Swift v2.1.2 ZipArchive v2.5.4 Denial of Service Vulnerability in _sanitizedPath Component Zip Filename Spoofing Vulnerability in Archive v3.3.7 Path Traversal Vulnerability in ZIPFoundation v0.9.16 Path Traversal Vulnerability in Archive v3.3.7 via Crafted Zip File Extraction Business Logic Error in GitLab EE Allows Unauthorized Access to Internal Projects Path Traversal Vulnerability in webui-aria2 Commit 4fe2e Path Traversal Vulnerability in PaperCut NG and PaperCut MF on Windows Allows Remote Code Execution Plaintext Password Storage Vulnerability in Element55 KnowMore Appliances Version 21 and Older Arbitrary Code Execution via Crafted Image Upload in Uvdesk 1.1.3 Privilege Escalation Vulnerability in GitLab EE Title: ConEmu Vulnerability: Improper Sanitization of Title Responses Allows Arbitrary Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.415 and Earlier Insecure Control Flow Implementation in Jenkins Gradle Plugin 2.8 Allows Credential Exposure in Build Logs Jenkins GitLab Authentication Plugin CSRF Vulnerability: Account Hijacking via Login Impersonation Vulnerability: Unauthorized Access to Jenkins Credentials via Qualys Web App Scanning Connector Plugin Unmasked user.pem Key Field in Jenkins Chef Identity Plugin 2.0.3 and Earlier CSRF Vulnerability in Jenkins Bazaar Plugin Allows Deletion of Bazaar SCM Tags Code Injection Vulnerability in Crocoblock JetElements For Elementor CSRF Vulnerability in theDotstore Banner Management For WooCommerce Plugin CSRF Vulnerability in theDotstore Fraud Prevention For Woocommerce Plugin Unauthenticated Reflected XSS Vulnerability in XLPlugins User Email Verification for WooCommerce Plugin (<= 3.5.0) Unauthenticated Reflected XSS Vulnerability in Molongui Author Box Plugin CSRF Vulnerability in Fetch Designs Sign-up Sheets Plugin CSRF Vulnerability in tagDiv Composer Allows XSS Unauthenticated Remote Attackers Can Access Sensitive Logfiles in SENEV Storage Box V1-V3 Default Credentials Vulnerability Pipeline Failure Vulnerability in Gitlab EE and CE versions prior to 16.2.8, 16.3.5, and 16.4.1 SENEC Storage Box V1-V3: Accidental Exposure of Management UI with Publicly Known Admin Credentials Unencrypted Transmission Vulnerability Critical Security Vulnerability in JetBrains TeamCity Allows Unauthorized Account Access via Limited Permission Token Vulnerability in JetBrains TeamCity Integration with Issue Trackers Allows ReDoS Attack Reflected XSS Vulnerability in JetBrains TeamCity GitHub Integration (pre-2023.05.2) Out of Bounds Write Vulnerability in Solid Edge SE2023 (All versions < V223.0 Update 7) Out of Bounds Read Vulnerability in Solid Edge SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2023 Netfilter Subsystem Out-of-Bounds Read Vulnerability eBPF Subsystem Privilege Escalation Vulnerability Netfilter Subsystem Out-of-Bounds Read Vulnerability in Linux Kernel Netfilter Subsystem Out-of-Bounds Read Vulnerability Linux Kernel XFRM Subsystem Out-of-Bounds Read Vulnerability Improper Authentication in Apache Ozone Storage Container Manager Netfilter Connection Tracking Out-of-Bounds Read Vulnerability in Linux Kernel via DCCP Protocol Race Condition in QXL Driver: Use-After-Free Vulnerability Zoom In-Meeting Chat Vulnerability: Privileged User Information Disclosure via Network Access Unauthorized Fork Creation Vulnerability in GitLab Untrusted Search Path Vulnerability in CleanZoom Untrusted Search Path Vulnerability in Zoom Rooms Client for Windows and Zoom VDI Client: Local Privileged User Denial of Service Unauthenticated User Disclosure Vulnerability in Zoom Team Chat for Windows and VDI Client Zoom Client Buffer Overflow Vulnerability Allows for Denial of Service Attacks Denial of Service Vulnerability in Zoom Team Chat for Zoom Clients Zoom Client Buffer Overflow Vulnerability Denial of Service Vulnerability in Zoom Desktop Client for Linux Information Disclosure Vulnerability in Zoom Desktop Client for Windows Cleartext Storage of Sensitive Information in Zoom Client SDK for Windows Privilege Escalation Vulnerability in Zoom Desktop Client and Zoom Rooms for Windows Untrusted Search Path Vulnerability in Zoom Rooms for Windows Privilege Escalation Vulnerability in Zoom Desktop Client for Windows and Zoom VDI Client Denial of Service Vulnerability in Zoom Client SDKs before 5.15.5 Zoom Client Authentication Vulnerability Unauthenticated Privilege Escalation in Zoom Desktop Client for Windows Denial of Service Vulnerability in Zoom SDK's Network Access Privileged User Information Disclosure Vulnerability in Zoom Clients PingFederate Administrative Console Denial of Service Vulnerability GitLab UI Link and Button Hijacking Vulnerability Intel Unison Software: Network Access Privilege Escalation Vulnerability OS Command Injection Vulnerability in FURUNO SYSTEMS Wireless LAN Access Point Devices CVE-2023-39223 Archer C5 and C7 Firmware Vulnerability: Arbitrary OS Command Execution Critical Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master v.1.0.7 Plaintext Storage of User Credentials in Softneta MedDream PACS Unauthenticated Network Access Vulnerability in Intel Unison Software Insecure Inherited Permissions in Intel Rapid Storage Technology Software: Privilege Escalation Vulnerability PingFederate PingOne MFA Adapter Allows Unauthorized MFA Device Pairing macOS Sonoma 14 Fixes Vulnerability Allowing Disclosure of Sensitive Information in Web Content Processing Out-of-Bounds Write Vulnerability in GTKWave 3.3.115's VZT Autosort Functionality Out-of-Bounds Write Vulnerability in GTKWave 3.3.115's VZT Autosort Functionality ASUS RT-AC86U Traffic Analyzer - Command Injection Vulnerability ASUS RT-AC86U Traffic Analyzer - Command Injection Vulnerability Format String Vulnerability in ASUS RT-AX56U V2 Format String Vulnerability in ASUS RT-AX56U V2's General Function API Format String Vulnerability in ASUS RT-AX56U V2's iperf Client API Information Disclosure Vulnerability in DELL ESI for SAP LAMA EHAC Component Information Disclosure Vulnerability in DELL ESI for SAP LAMA EHAC Component Insecure Operation on Windows Junction Vulnerability in Dell Encryption and Endpoint Security Suite Uncontrolled Resource Consumption (Denial of Service) Vulnerability in Dell OS10 Networking Switches with VLT and VRRP Configuration Local Authentication Bypass Vulnerability in Dell SupportAssist for Business PCs Information Disclosure Vulnerability in Dell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Dell BIOS Improper Input Validation Vulnerability: Memory Corruption Exploit Broken Cryptographic Algorithm Vulnerability in Dell SCG Policy Manager 5.16.00.14 Improper Access Control Vulnerability in Dell OS Recovery Tool CVE-2023-39254 Improper Access Control Vulnerability in Dell Rugged Control Center (prior to version 4.7) Improper Access Control Vulnerability in Dell Rugged Control Center Prior to 4.7 Elevation of Privilege Vulnerability in Dell OS Recovery Tool Excessive Permissions Requested by JetBrains IntelliJ IDEA Plugin for Space Apache Superset 2.1.0 and Below: Stack Trace Exposure in REST API Endpoints Vulnerability Improper Registration of SQLite Database Connections in Apache Superset ArubaOS-Switch Web Management Interface Stored XSS Vulnerability ArubaOS-Switch Command Line Interface Remote Code Execution Vulnerability ArubaOS-Switch Memory Corruption Vulnerability Allows Unauthenticated Remote Code Execution Denial of Service Vulnerability in RUGGEDCOM Devices Integer Overflow in LXT2 Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow in LXT2 Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow in LXT2 Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow in LXT2 Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow in LXT2 Facgeometry Parsing Functionality of GTKWave 3.3.115 Integer Overflow in LXT2 Facgeometry Parsing Functionality of GTKWave 3.3.115 SonicOS Firewall Crash Vulnerability in getBookmarkList.json Endpoint SonicOS Firewall Crash Vulnerability in sonicflow.csv and appflowsessions.csv URL Endpoints SonicOS Firewall Crash Vulnerability via Stack-Based Buffer Overflow in main.cgi SonicOS Firewall Crash Vulnerability in getPacketReplayData.json Endpoint SonicOS Post-Authentication Stack-Based Buffer Overflow Vulnerability in ssoStats-s.xml and ssoStats-s.wri URL Endpoints Arbitrary Code Execution Vulnerability in AsfSecureBootDxe in Insyde InsydeH2O SMM Driver Memory Corruption Vulnerability in Insyde InsydeH2O Arbitrary SetVariable Calls in IhisiServicesSmm SMI Handler Cross Site Request Forgery (CSRF) Vulnerability in Mitel MiVoice Connect Edge Gateway Mitel MiVoice Connect CSRF Vulnerability Command Argument Injection Vulnerability in Mitel MiVoice Connect Edge Gateway Command Argument Injection Vulnerability in Mitel MiVoice Connect Account Enumeration Vulnerability in Mitel MiVoice Connect Information Disclosure Vulnerability in Mitel MiVoice Connect Edge Gateway Information Disclosure Vulnerability in MiVoice Connect Mobility Router Critical SQL Injection Vulnerability in MiVoice Office 400 SMB Controller (Version 1.2.5.23) Title: Command Injection Vulnerability in MiVoice Office 400 SMB Controller (CVE-XXXX-XXXX) Title: Critical OS Command Injection Vulnerability in QNAP Operating Systems Allows Remote Command Execution QuMagie OS Command Injection Vulnerability Prototype Pollution Vulnerability in QNAP OS: Attribute Override and Network Crash Exploit OS Command Injection Vulnerability in QNAP Operating Systems Title: Music Station Path Traversal Vulnerability Allows Unauthorized File Access Title: Server-Side Request Forgery (SSRF) Vulnerability in QNAP Operating Systems Allows Unauthorized Data Access Title: Critical OS Command Injection Vulnerability in QNAP Operating Systems Title: Critical Improper Authentication Vulnerability in QNAP OS Allows Network Compromise CVE-2023-39306 CVE-2023-39307 Unauthenticated Stored XSS Vulnerability in UserFeedback Team User Feedback Plugin CVE-2023-39309 CVE-2023-39311 CVE-2023-39313 Unauthenticated Reflected XSS Vulnerability in Leyka Plugin <= 3.30.2 Integer Overflow in LXT2 num_dict_entries Functionality of GTKWave 3.3.115 Integer Overflow in LXT2 num_dict_entries Functionality of GTKWave 3.3.115 XSS Vulnerability in html/template Package XSS Vulnerability in html/template Package: Improper Handling of Script Contexts Arbitrary User Execution Vulnerability in GitLab EE via Scheduled Security Scan Policies Vulnerability: Arbitrary Code Execution via go.mod Toolchain Directive Panic Vulnerability in QUIC Connection Processing Incomplete Post-Handshake Messages Unbounded Memory Growth Vulnerability in QUIC Connections Vulnerability: Bypassing Restrictions on //go:cgo_ Directives Using Line Directives Excessive Server Resource Consumption Vulnerability in HTTP/2 Chunk Extension Exploit: Amplifying Data Read Vulnerability Reflected Cross-Site Scripting Vulnerability in Your Journey WordPress Theme (Versions up to 1.9.8) Insufficient Patching in Commit 205f1e6 Leads to Path Traversal Vulnerability Path Traversal Vulnerability in `node:fs` Functions with `Uint8Array` Objects Critical User Impersonation Vulnerability in EPMM Versions 11.10 and Older Unspecified SQL Injection Vulnerability in Ivanti Endpoint Manager Prior to 2022 SU 5 Device Identifier Exposure Vulnerability in EPMM Versions 11.10, 11.9, and 11.8 Denial of Service (DoS) Vulnerability in Ivanti Connect Secure Versions Below 22.6R2 Improper Exception Handling Vulnerability in FFRI yarai and OEM Products Terminal Message Spoofing Vulnerability in Dangerzone CLI User Enumeration Vulnerability in Sulu CMS SQL Injection Vulnerability in Social-Media-Skeleton Allows Remote Code Execution Improper Write Access Control in Strapi User Registration Endpoint (CVE-2021-41184) Remote Code Execution via Crafted ZIP File Upload in LinuxASMCallGraph Cilium Incorrect Network Policy Application via Pod Label Update Vulnerability Improper GitHub Token Exposure in Spinnaker's GitHub Status Notifications Information Disclosure: Unauthorized Access to User Tokens in Sentry Heap Buffer Overflow Vulnerability in Wibu CodeMeter Runtime Network Service (up to version 7.60b) Enables Remote Code Execution and Full System Access Integer Underflow Denial of Service Vulnerability in FreeRDP Clients Null Pointer Dereference Vulnerability in FreeRDP RemoteFX Handling Out of Bound Write Vulnerability in FreeRDP Out of Bound Read Vulnerability in FreeRDP Out-Of-Bounds Read vulnerability in FreeRDP's nsc_rle_decompress_data function Use-After-Free Vulnerability in FreeRDP 3.x Releases Out-of-Bounds Read Vulnerability in FreeRDP Multiple SQL Injection Vulnerabilities in Cacti's sql_save Function Authenticated SQL Injection Vulnerability in Cacti's reports_user.php Cacti 1.2.25 - Authenticated SQL Injection in graphs.php Reflected Cross-Site Scripting Vulnerability in Blog2Social WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Cacti's graphs_new.php SQL Injection Vulnerability in Cacti's graph_view.php Cacti 1.2.24 SNMP Command Injection Remote Code Execution Vulnerability Incorrect Allocation of Named Re-Entrancy Locks in Vyper Smart Contracts (Versions 0.2.15, 0.2.16, and 0.3.0) Arbitrary Website Redirection Vulnerability in Cacti 1.2.24 Cacti External Links SQL Injection Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Cacti CVE-2023-39367 CVE-2023-39368 Multiple Reflected XSS Vulnerabilities in StarTrinity Softswitch version 2023-02-16 Cross-Site Scripting Vulnerability in Snow Software License Manager Persistent XSS Vulnerability in StarTrinity Softswitch version 2023-02-16 Open Redirect Vulnerability in StarTrinity Softswitch version 2023-02-16 Multiple CSRF Vulnerabilities in StarTrinity Softswitch version 2023-02-16 Hyundai 2017 Model Authentication Bypass Vulnerability Uncontrolled Search Path Element in ForeScout NAC SecureConnector version 11.2 SiberianCMS Privilege Escalation Vulnerability SiberianCMS Vulnerability: Unauthorized Disabling of Network Security Feature (CWE-284) Unrestricted File Upload Vulnerability in SiberianCMS SiberianCMS SQL Injection Vulnerability Cleartext Storage of Proxy Server Password in Fujitsu Software Infrastructure Manager (ISM) Audio Module Permission Control Vulnerability: Disruptive Abnormalities in Audio Device Functionality Storage Module Input Verification Vulnerability Leading to Device Restart Audio Module Input Verification Vulnerability: Triggering VM Restart Unverified Input Parameters in AMS Module: A Gateway to Data Security Breach Incomplete Permission Verification in Input Method Module: Abnormal Feature Behavior Vulnerability Configuration Defects in Media Module: Enabling Unauthorized Access Unverified Input Parameters in PMS Module: Potential App Restart Failure Vulnerability Window Management Module Vulnerability: Exploitable Permission Control Flaw Leading to Malicious Pop-up Windows Unverified Input Parameters in PMS Module: A Gateway to Home Screen Unavailability Unverified Input Parameters in PMS Module: A Gateway to Home Screen Unavailability Input Parameter Verification Vulnerability in Window Management APIs Leading to Device Restart USB Service Module Information Leakage Vulnerability: Confidentiality at Risk Insecure Signatures in OsuLogin: A Gateway to Malicious Modification Insecure Signatures Vulnerability in ServiceWifiResources Module API Privilege Escalation: ARP List Modification Vulnerability in Wifienhance Module Serialization Mismatch Vulnerability: A Threat to Communication System Availability Critical Deserialization Vulnerability in Input Module: Threat to Availability Input Parameter Verification Vulnerability: A Threat to Communication System Availability Installd Module Parameter Verification Vulnerability: Unauthorized Sandbox File Access Installd Module Parameter Verification Vulnerability: Unauthorized File Access and Modification Installd Module Parameter Verification Vulnerability: Unauthorized File Access and Modification Installd Module Parameter Verification Vulnerability: Unauthorized File Access and Modification Installd Module Parameter Verification Vulnerability: Unauthorized File Access and Modification Installd Module Parameter Verification Vulnerability: Unauthorized File Access and Modification Input Parameter Verification Vulnerability in Window Management APIs Leading to Device Restart Wi-Fi Module Out-of-Bounds Parameter Read/Write Vulnerability: Escalation of Privileges XLayout Component Permission Control Vulnerability: App Restart Exploit Watchkit Unauthorized File Access Vulnerability PMS Module Denial of Service Vulnerability PMS Module Denial of Service Vulnerability Out-of-Memory Vulnerability in Apache Avro Java SDK (CVE-2021-33574) Denial of Service Vulnerability in Intel Unison Software Cross-Site Request Forgery Vulnerability in Intel Unison Software Allows Privilege Escalation via Network Access Integer Underflow Vulnerabilities in LXT2 Shift Operation of GTKWave 3.3.115 Integer Underflow Vulnerabilities in LXT2 Shift Operation of GTKWave 3.3.115 Unauthenticated Remote Login Vulnerability in Proself Control Panel Arbitrary OS Command Execution Vulnerability in Proself Software PostgreSQL Extension Script SQL Injection Vulnerability PostgreSQL Vulnerability: MERGE Command Bypasses Row Security Policies Out of Bounds Write Vulnerability in Solid Edge SE2023 Remote Code Execution Vulnerability in RDPCore.dll Allows Unauthorized Access to IRM Next Generation Booking Engine Hardcoded API Keys in RDPWin.dll Enable Unrestricted Access to Third-Party Services Exposure of HMAC Tokens in Client-Side JavaScript File RDPData.dll Exposes Session IDs and Allows Impersonation of Logged-In Users Arbitrary Content Upload and Execution Vulnerability in IRM Next Generation Booking System Improper Access Control in Intel(R) DSA Software: Local Privilege Escalation Vulnerability Out-of-Bounds Write Vulnerability in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77) Cross-Site Scripting Vulnerability in FURUNO SYSTEMS Wireless LAN Access Point Devices Out-of-Bounds Write Vulnerability in Sante DICOM Viewer Pro Privilege Escalation Vulnerability in Intel(R) Ethernet Tools and Driver Install Software Use-after-free vulnerability in web content processing leading to arbitrary code execution Stack-based Overflow Vulnerability in Zavio IP Cameras with Firmware Version M2.1.6.05 Vendor Master Data Information Disclosure Vulnerability in SAP Supplier Relationship Management Cross-Site Scripting (XSS) Vulnerability in SAP Business One Version 10.0 Missing Authorization Check in CLA-Assistant API Allows Unauthorized Access to CLA Information and Configuration Empty Passphrase Vulnerability in SAP Commerce Cloud Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint Lawyer 1.6 (VDB-235400) Memory Leakage Vulnerability in SAP BusinessObjects Business Intelligence Apache Airflow SSL Certificate Validation Vulnerability Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115 LXT2 Parsing Functionality Out-of-Bounds Write Vulnerabilities in GTKWave 3.3.115 LXT2 Parsing Functionality Arbitrary Code Execution Vulnerability in LOGITEC LAN-WH300N/RE User Impersonation Vulnerability Undisclosed Sensitive Information Logging Vulnerability in BIG-IP APM Guided Configurations Arbitrary File Creation and Code Execution Vulnerability in SHIRASAGI prior to v1.18.0 Cross-Site Scripting (XSS) Vulnerability in phpscriptpoint Lawyer 1.6 (search.php) Insecure Session Management in Web Application Use-After-Free Vulnerability in Accusoft ImageGear 20.1's tif_parse_sub_IFD Functionality Buffer Overflow Vulnerability in WRC-X1800GS-B, WRC-X1800GSA-B, and WRC-X1800GSH-B v1.13 and Earlier: Arbitrary Code Execution ELECOM Wireless LAN Routers OS Command Injection Vulnerability Apache Traffic Server HTTP/2 Frame Validation Vulnerability CVE-2023-39457 CVE-2023-39458 CVE-2023-39459 Reflected XSS Vulnerability in ePO Prior to 5.10 SP1 Update 1 CVE-2023-39460 CVE-2023-39461 CVE-2023-39462 CVE-2023-39463 CVE-2023-39464 CVE-2023-39465 CVE-2023-39466 CVE-2023-39467 CVE-2023-39468 CVE-2023-39469 Sensitive Information Exposure in Video Conferencing with Zoom WordPress Plugin CVE-2023-39471 CVE-2023-39472 CVE-2023-39473 CVE-2023-39474 CVE-2023-39475 CVE-2023-39476 CVE-2023-39477 CVE-2023-39478 CVE-2023-39479 CVE-2023-39480 CVE-2023-39481 CVE-2023-39482 CVE-2023-39483 CVE-2023-39484 CVE-2023-39485 CVE-2023-39486 CVE-2023-39487 CVE-2023-39488 CVE-2023-39489 Unauthorized Access to Release Descriptions in GitLab CVE-2023-39490 CVE-2023-39491 CVE-2023-39492 CVE-2023-39493 CVE-2023-39494 CVE-2023-39495 CVE-2023-39496 CVE-2023-39497 CVE-2023-39498 CVE-2023-39499 Information Disclosure Vulnerability in GitLab EE: Group Owners Can Access Public Key for Google Cloud Logging Audit Event Streaming Destination CVE-2023-39500 CVE-2023-39501 CVE-2023-39502 CVE-2023-39503 CVE-2023-39504 CVE-2023-39505 CVE-2023-39506 Arbitrary Website Access Vulnerability in Rikunabi NEXT App for Android prior to ver. 11.5.0 Unrestricted Execution and Unauthorized Access in Apache Airflow's Run Task Feature Bosch IP Cameras: Command Injection Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Cacti's reports_admin.php Stored Cross-Site Scripting (XSS) Vulnerability in Cacti's reports_admin.php Stored Cross-Site Scripting (XSS) Vulnerability in Cacti Stored Cross-Site Scripting (XSS) Vulnerability in Cacti Stored Cross-Site Scripting (XSS) Vulnerability in Cacti Stored Cross-Site Scripting (XSS) Vulnerability in Cacti's data_debug.php Stored Cross-Site Scripting (XSS) Vulnerability in Cacti Stored Cross-Site Scripting Vulnerability in social-media-skeleton v1.0.0 - v1.0.3 Sensitive Information Leakage in User Information Acquisition in CloudExplorer Lite Local Privilege Escalation Vulnerability in Cryptomator MSI Installer (CVE-2021-12345) Uncontrolled Code Execution Vulnerability in Tuleap Community and Enterprise Editions Username Enumeration Vulnerability in goauthentik Recovery Flow Command Injection Vulnerability in ScanCode.io SQL Injection Vulnerability in PrestaShop Product Search Field Path Traversal Vulnerability in PrestaShop Prior to Version 8.1.1 Remote Code Execution and Arbitrary File Write Vulnerability in PrestaShop Cross-Site Scripting Vulnerability in PrestaShop's isCleanHTML Method Arbitrary File Read Vulnerability in PrestaShop (Versions < 8.1.1) File Deletion Vulnerability in PrestaShop Attachments Controller and API Memory Corruption Vulnerability in GP-Pro EX Log File Handling File Deletion Vulnerability in PrestaShop CustomerMessage API Improper Credential Validation in Sentry OAuth Token Exchange Arbitrary Code Execution and Information Exfiltration via Dynamic Import in SES Resource Exhaustion Attack via Large RSA Keys in go-libp2p Vulnerability: Assertion Failure and Crash in eprosima Fast DDS AMI AptioV BIOS Vulnerability: Network-Based Input Validation Exploit AMI AptioV BIOS Vulnerability: Network-Based Input Validation Exploit AMI AptioV BIOS Vulnerability: Network-Based Input Validation Exploit Unrestricted BMP Logo File Upload Vulnerability in AMI AptioV BIOS Unrestricted PNG Logo Upload Vulnerability in AMI AptioV BIOS Reflected Cross-Site Scripting Vulnerability in MultiParcels Shipping For WooCommerce WordPress Plugin Denial of Service Vulnerability in Weston Embedded uC-TCP-IP v3.06.01 ICMP and ICMPv6 Parsing Functionality Denial of Service Vulnerability in Weston Embedded uC-TCP-IP v3.06.01 ICMP and ICMPv6 Parsing Arbitrary File Creation and Remote Code Execution Vulnerability in Foxit Reader 12.1.3.15356 Arbitrary Script Execution via Cross-Site Scripting in LuxCal Web Calendar Arbitrary Command Execution Vulnerability in CLUSTERPRO X and EXPRESSCLUSTER X Arbitrary Command Execution Vulnerability in CLUSTERPRO X and EXPRESSCLUSTER X Arbitrary Command Execution Vulnerability in CLUSTERPRO X and EXPRESSCLUSTER X Arbitrary Command Execution Vulnerability in CLUSTERPRO X and EXPRESSCLUSTER X Arbitrary Command Execution Vulnerability in CLUSTERPRO X and EXPRESSCLUSTER X Use-After-Free Vulnerability in Solid Edge SE2023 (All versions < V223.0 Update 2) Allows Code Execution (ZDI-CAN-19562) Privilege Escalation Vulnerability on Kubernetes Windows Nodes Multiple Buffer Overflows in Netgear JWNR2000v2, XWN5001, and XAVN2001v2 via check_auth Function SQL Injection Vulnerability in PHPGurukul Online Security Guards Hiring System v.1.0 Improper Input Validation in Apache Airflow Drill Provider Allows File Read Access Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in AudimexEE v15.0 via Show Kai Data Component Full Path Disclosure Vulnerability in AudimexEE 15.0 Vulnerability: Unauthorized Access and Data Manipulation in InstaWP Connect Plugin SQL Injection Vulnerability in ECTouch v2 via $arr['id'] Parameter Heap-Use-After-Free Vulnerability in GPAC v2.3-DEV-rev449-g5948e4f70-master Insufficient Restriction on 'apg_profile_update' Function in ACF Photo Gallery Field Plugin for WordPress (Versions up to 1.9) Allows Unauthorized Data Modification Reflected Cross-Site Scripting (XSS) Vulnerability in ISL ARP Guard v4.0.2 Stored XSS Vulnerability in Zenario CMS v9.4 Create Function Allows Arbitrary Code Execution via Menu Navigation Text Field Server Side Request Forgery (SSRF) Vulnerability in WP Remote Users Sync Plugin SQL Injection Vulnerability in Chamilo LMS v.1.11 through v.1.11.20: Remote Privileged Information Disclosure via Import Sessions Functions Arbitrary File Read Vulnerability in Hexo v7.0.0 (RC2) Stack-based Overflow Vulnerability in Zavio IP Cameras with Firmware Version M2.1.6.05 Arbitrary Code Execution via Cross Site Scripting in IceWarp Corporation WebClient v.10.2.1 CSZ CMS v.1.3.0 Social Settings Parameter Cross-Site Scripting (XSS) Vulnerability IceWarp 11.4.6.0 Cross-Site Scripting (XSS) Vulnerability via Color Parameter Samba Path Traversal Vulnerability: Unauthorized Access and Service Compromise Denial of Service (DoS) Vulnerability in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and Earlier Local File Enumeration and Reading Vulnerability in Software FX Chart FX 7 Privilege Escalation via Cross-Site Scripting (XSS) in FileBrowser v2.23.0 and earlier Out-of-Bounds Read Vulnerability in Xmlsoft Libxml2 v2.11.0 Invalid Read Memory Access Vulnerability in AOMedia v3.0.0 to v3.5.0 Remote Code Execution (RCE) Vulnerability in TOTOLINK X5000R Router Firmware Remote Code Execution (RCE) Vulnerability in TOTOLINK X5000R B20210419 via setTracerouteCfg Interface ReDoS Vulnerability in NPMJS Node Email Check v.1.0.4 Reflected Cross-Site Scripting Vulnerability in Winters WordPress Theme (Versions up to 1.4.3) Remote Information Disclosure Vulnerability in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 Remote Code Execution Vulnerability in LanChain-ai Langchain v.0.0.245 via numexpr Library's evaluate Function Command Injection Vulnerability in D-Link DIR-816 A2 1.10 B05 via /goform/Diagnosis Component Command Injection Vulnerability in D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 SQL Injection Vulnerability in LeoTheme Leoblog v3.1.2 via LeoBlogBlog::getListBlogs Component Unauthorized Access to Composer Packages in GitLab SQL Injection Vulnerability in UpLight Cookiebanner (before version 1.5.1) via Hook::getHookModuleExecList() SQL Injection Vulnerability in Active Design psaffiliate before v1.9.8 SQL Injection Vulnerability in Carts Guru up to v2.4.2 via CartsGuruCatalogModuleFrontController::display() SQL Injection Vulnerability in Bl Modules xmlfeeds (before v3.9.8) via SearchApiXml::Xmlfeeds() SQL Injection Vulnerability in Theme Volty CMS Payment Icon Module for PrestaShop SQL Injection Vulnerability in Theme Volty CMS Category Chain Slider Module for PrestaShop SQL Injection Vulnerability in Theme Volty CMS Category Product Module for PrestaShop SQL Injection Vulnerability in Theme Volty CMS Testimonial Module for PrestaShop SQL Injection Vulnerability in Theme Volty CMS Category Slider Module for PrestaShop Reflected Cross-Site Scripting Vulnerability in nsc WordPress Theme (Versions up to 1.0) SQL Injection Vulnerability in Volty CMS Blog v4.0.1 via id Parameter at /tvcmsblog/single SQL Injection Vulnerability in Theme Volty CMS BrandList Module for PrestaShop SQL Injection Vulnerability in TvcmsVideoTabConfirmDeleteModuleFrontController::run() SQL Injection Vulnerability in abupy up to v0.4.0 via abupy.MarketBu.ABuSymbol.search_to_symbol_dict Host Header Injection Vulnerability in @perfood/couch-auth <= 0.20.0: Password Reset Token Leakage Arbitrary Code Execution Vulnerability in langchain langchain-ai v.0.0.232 and Earlier Open vSwitch Vulnerability: Denial of Service and Memory Access Flaw via Crafted Geneve Packets Arbitrary Code Execution Vulnerability in Gaberiele Venturi pandasai v.0.8.0 and Earlier Remote Code Execution Vulnerability in pandas-ai v.0.9.1 and earlier Remote Code Execution Vulnerability in llama_index v.0.7.13 and Earlier MathJax v2.7.9: Regular Expression Denial of Service (ReDoS) Vulnerabilities in MathJax.js Buffer Overflow Vulnerability in D-Link DIR-868L Firmware Version fw_revA_1-12_eu_multi_20170316 Multiple Buffer Overflows in D-Link DIR-842 Firmware Version fw_revA_1-02_eu_multi_20151008 Buffer Overflow Vulnerability in D-Link DIR-868L Firmware Version fw_revA_1-12_eu_multi_20170316 Buffer Overflow Vulnerability in D-Link DIR-868L Firmware Version fw_revA_1-12_eu_multi_20170316 D-Link DIR-880 A1_FW107WWb08 NULL Pointer Dereference Vulnerability Unrestricted Resource Allocation Vulnerability in Hitachi Ops Center Common Services on Linux Buffer Overflow Vulnerability in Tenda AC6_US_AC6V1.0BR_V15.03.05.16 Firmware Buffer Overflow Vulnerability in D-Link DIR-880 A1_FW107WWb08 Firmware Buffer Overflow Vulnerability in Tenda WH450 v1.0.0.18 via fgets Function Buffer Overflow Vulnerability in Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 via FUN_00010e34() Buffer Overflow Vulnerability in D-Link DIR-880 A1_FW107WWb08 via fgets Function SQL Injection Vulnerability in SimpleImportProduct Prestashop Module v6.2.9 via key Parameter at send.php Reflected XSS Vulnerability in FieldPopupNewsletter Prestashop Module v1.0.0 PHPInfo Information Disclosure Vulnerability in MyPrestaModules and UpdateProducts Prestashop Modules Cross-Site Scripting (XSS) Vulnerability in BDCOM OLT P3310D-2AC 10.1.0F Build 69083 Device Web Interface (Log Query Page) Arbitrary Code Execution Vulnerability in Sollace Unicopia v1.1.1 and Earlier Cuppa CMS v1.0 Remote Code Execution (RCE) Vulnerability via email_outgoing Parameter Arbitrary Code Execution via Cross Site Scripting (XSS) in EasyEmail v.4.12.2 and Earlier Denial of Service (DoS) Vulnerability in hjson-java up to v3.0.0 Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Availability Booking Calendar PHP 1.0 Arbitrary Administrator Account Addition Vulnerability in Kodbox 1.43 Arbitrary Configuration Modification Vulnerability in Elenos ETG150 FM Transmitter v3.12 IceWarp Mail Server v10.4.5 Local File Inclusion (LFI) Vulnerability in /calendar/minimizer/index.php Cross-Site Scripting (XSS) Vulnerability in GZ Scripts Availability Booking Calendar PHP 1.0 IceWarp Mail Server v10.4.5 Reflected Cross-Site Scripting (XSS) Vulnerability via Color Parameter Cross-Site Scripting (XSS) Vulnerability in Typora v1.6.7 Markdown Editor Component Stored XSS Vulnerability in Free and Open Source Inventory Management System v1.0 Stored XSS Vulnerability in Free and Open Source Inventory Management System v1.0 Cross-Site Scripting (XSS) Vulnerabilities in Free and Open Source Inventory Management System v1.0 HTML Injection Vulnerability in Controller User Interface Settings Cross-Site Scripting (XSS) Vulnerabilities in Free and Open Source Inventory Management System v1.0 Cross-Site Scripting (XSS) Vulnerabilities in Free and Open Source Inventory Management System v1.0 Cross-Site Scripting (XSS) Vulnerabilities in Free and Open Source Inventory Management System v1.0 Cross-Site Scripting (XSS) Vulnerabilities in Free and Open Source Inventory Management System v1.0 Local Privilege Escalation Vulnerability in insights-client Remote Code Execution Vulnerability in Mintty v.3.6.4 and Earlier Reflected Cross-site Scripting (XSS) Vulnerability in jgraph/drawio prior to 21.6.3 Client Secret Leakage in Kaibutsunosato v13.6.1: Exploiting Channel Access Token for Unauthorized Broadcast Messages Client Secret Leakage in Tokueimaru_waiting Line 13.6.1: Exploiting Channel Access Token for Crafted Broadcast Messages Client Secret Leakage in TonTon-Tei Line v13.6.1: Exploiting Channel Access Token for Unauthorized Broadcast Messages Client Secret Leakage in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1: Exploiting Channel Access Token for Crafted Broadcast Messages Client Secret Leakage in Uomasa_Saiji_news Line 13.6.1: Exploiting Channel Access Token for Crafted Broadcast Messages Client Secret Leakage in Fukunaga_memberscard Line 13.6.1: Exploiting Channel Access Token for Crafted Broadcast Messages Client Secret Leakage in Matsuya Line 13.6.1: Exploiting Channel Access Token for Crafted Broadcast Messages Client Secret Leakage in REGINA SWEETS&BAKERY Line 13.6.1: Exploiting Channel Access Token for Crafted Broadcast Messages OS Command Injection in jgraph/drawio prior to 21.4.0 Client Secret Leakage in Onigiriya-musubee Line 13.6.1: Exploiting Channel Access Token and Broadcasting Vulnerability Heap Overflow Vulnerability in lrzip v0.651 via libzpaq::PostProcessor::write(int) Function Segmentation Fault Vulnerability in giflib v5.2.1's getarg.c Component Access Violation Vulnerability in lrzip-next LZMA v23.01 via /bz3_decode_block in src/libbz3.c Buffer Overflow Vulnerability in TP-Link TL-WR940N V2, TL-WR941ND V5, and TL-WR841N V8 Routers via /userRpm/AccessCtrlAccessRulesRpm Component Buffer Overflow Vulnerability in TP-Link WR841N V8, TL-WR940N V2, and TL-WR941ND V5 Routers Denial of Service (DoS) Vulnerability in TP-Link TL-WR1041N V2 NetworkCfgRpm Component Buffer Overflow Vulnerability in D-Link DAP-2660 v1.13 via /adv_resource GET Request OS Command Injection in jgraph/drawio prior to 21.5.0 Buffer Overflow Vulnerability in D-Link DAP-2660 v1.13 via f_ipv6_enable Parameter Buffer Overflow Vulnerability in TP-Link TL-WR941ND V6 via pSize Parameter at /userRpm/PingIframeRpm Cross-Site Request Forgery Vulnerability in Inisev WordPress Plugins Allows Unauthorized Plugin Installation Arbitrary Code Execution Vulnerability in PHPJabbers Ticket Support Script v3.2 via File Upload Cross-Site Scripting (XSS) Vulnerability in vBulletin Admin Control Panel XSS Vulnerability: Incorrect Literal Rendering of Text Nodes in Non-HTML Namespace Authenticated Command Injection Vulnerability in ASUS RT-AX55 v3.0.0.4.386.51598 Stack Overflow Vulnerability in Tenda AC8V4 V16.03.34.06: Exploiting the save_virtualser_data Function Stack Overflow Vulnerability in Tenda AC8V4 V16.03.34.06 via set_qosMib_list Function Stack Overflow Vulnerability in Tenda AC8V4 V16.03.34.06 via Time Parameter in sscanf Function Vulnerability: Unauthorized Write Access in GitLab Merge Requests Arbitrary Code Execution via SQL Injection in WBCE CMS v.1.6.0 Stored Cross-site Scripting (XSS) Vulnerability in Omeka-S GitHub Repository (prior to version 4.0.2) Denial of Service (DoS) Vulnerability in Renault Easy Link Multimedia System Software Version 283C35519R CVE-2023-39804 SQL Injection Vulnerability in iCMS v7.0.16 via where parameter at admincp.php SQL Injection Vulnerability in iCMS v7.0.16 via bakupdata Function SQL Injection Vulnerability in N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 Hardcoded Root Password Vulnerability in N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 Command Injection Vulnerability in N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 SSRF Vulnerability in Omeka-S GitHub Repository Directory Traversal Vulnerability in Busybox v1.33.2 CPIO Command Stored Cross-site Scripting (XSS) Vulnerability in Omeka-S GitHub Repository (prior to version 4.0.2) Stack Overflow Vulnerability in Tenda A18 V15.13.07.09 via formAddMacfilterRule Function Stack Overflow Vulnerability in Tenda A18 V15.13.07.09 via formWifiBasicSet Function Stack Overflow Vulnerability in Tenda A18 V15.13.07.09 via wpapsk_crypto2_4g Parameter Authenticated SQL Injection Vulnerability in Advantech iView Versions Prior to v5.7.4 Build 6752 Command Injection Vulnerability in PbootCMS v3.2.0 and below via create_function Critical SQL Injection Vulnerability in phpscriptpoint RecipePoint 1.9 (VDB-235605) RFID Tag Cloning Vulnerability in Etekcity 3-in-1 Smart Door Lock v1.0 RFID Tag Cloning Vulnerability in Digoo DG-HAMB Smart Home Security System v1.0 RFID Tag Cloning Vulnerability in Suleve 5-in-1 Smart Door Lock v1.0 Authentication Bypass Vulnerability in Konga v0.14.9 via Crafted JWT Token Critical SQL Injection Vulnerability in SourceCodester Online Jewelry Store 1.0 (VDB-235606) Multiple SQL Injection Vulnerabilities in Schoolmate v1.3 at DeleteFunctions.php SQL Injection Vulnerability in webchess v1.0 via $playerID Parameter at mainmenu.php (Disputed) SQL Injection Vulnerability in Doctormms v1.0 via $userid Parameter at myAppointment.php SQL Injection Vulnerability in Dzzoffice v2.01 Network Disk Backend Module File Inclusion and SSRF Vulnerability in ATX Ucrypt Web Interface Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability in SourceCodester Simple Online Mens Salon Management System 1.0 Critical SQL Injection Vulnerability in Cafe Billing System 1.0 (VDB-235609) Cross-Site Scripting Vulnerability in SourceCodester Jewelry Store System 1.0 (VDB-235610) Cross-Site Scripting (XSS) Vulnerability in Mingsoft MCMS up to 5.3.1 U-Boot SPL Memory Overwrite Vulnerability on NXP i.MX 8M Family Processors Insecure Storage of Authorization Credentials in Fujitsu Software Infrastructure Manager (ISM) Unvalidated Length Read Vulnerability in YubiHSM 2 SDK Unauthenticated Low-Privilege User Access in Ericsson Network Manager OS Command Injection Vulnerability in FreshTomato 2023.3's httpd iperfrun.cgi Functionality The Milk Sad Vulnerability: Weak Entropy Seeding in Libbitcoin Explorer 3.0.0 - 3.6.0 Arbitrary File Read Vulnerability in Zoho ManageEngine ADManager Plus Deserialization of Untrusted Data vulnerability in Apache UIMA Java SDK Panic Vulnerability in NLnet Labs' bcder Library Routinator 0.12.1 Vulnerability: Crash from Malformed RPKI Object Parsing Path Traversal Vulnerability in Routinator's keep-rrdp-responses Feature CSRF Vulnerability in Photo Gallery Team Photo Gallery Plugin Unauthenticated Reflected XSS Vulnerability in SAASPROJECT Booking Package Plugin <= 1.6.01 Stored XSS Vulnerability in maennchen1.De wpShopGermany – Protected Shops Plugin <= 2.0 Reflected Cross-Site Scripting Vulnerability in PostX WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui CSRF Vulnerability in RadiusTheme The Post Grid Plugin <= 7.2.7 Stored Cross-Site Scripting (XSS) Vulnerability in Mitchell Bennis Simple File List Plugin <= 6.1.9 CSRF Vulnerability in PeepSo Download Community Plugin Unauthenticated Stored XSS Vulnerability in Acurax Under Construction / Maintenance Mode Plugin (<= 2.6) Use-After-Free Vulnerability in Webkit WebKitGTK 2.40.5 MediaRecorder API Access Token Leakage in GitLab EE Versions 14.3 - 16.2.2 PingFederate with PingID Radius PCV MSCHAP Authentication Bypass Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) SUR for Gameplay Software CVE-2023-39933 Archer C5400 Firmware Vulnerability: Remote Command Execution Out-of-Bounds Read Vulnerability in Ashlar-Vellum Graphite v13.0.48 VI Web Client 7.9.6 and Earlier: Reflected Cross-Site Scripting Vulnerability LuxCal Web Calendar SQL Injection Vulnerability Regular Expression Denial of Service in GitLab CE/EE via Crafted Payloads in ProjectReferenceFilter Improper Access Control in Intel(R) SUR Software: Potential Denial of Service Vulnerability OS Command Injection Vulnerability in WRC-F1167ACF and WRC-1750GHBK: Arbitrary Command Execution Unhandled BadParamException Vulnerability in eprosima Fast DDS Heap Overflow Vulnerability in eProsima Fast DDS Heap Overflow Vulnerability in eprosima Fast DDS Remote Crash Vulnerability in eProsima Fast DDS Remote Assertion Failure Vulnerability in eProsima Fast DDS Vulnerability: Insufficient Validation and Sanitization in EFI Boot Guard Sensitive Information Exposure in OpenTelemetry Java Instrumentation Insecure Access Control in Nextcloud Server Missing Issuer Verification in user_oidc 1.0.0 - 1.3.2 Allows Man-in-the-Middle Attack Impersonation Vulnerability in user_oidc 1.0.0 - 1.3.2 HTML Content Rendering Vulnerability in Nextcloud Notes App Vulnerability: Electron Command Line Executable Path Manipulation Unprotected Intent Vulnerability in Nextcloud Talk Android Allows Unauthorized File Writing Brute Force Attack Vulnerability in Nextcloud Server OAuth2 Client Secrets Unauthenticated Information Disclosure in Nextcloud Server Stored Cross-Site Scripting Vulnerability in ARMember Lite - Membership Plugin for WordPress Brute Force Password Vulnerability in Nextcloud Server and Nextcloud Enterprise Server Nextcloud Server Image Download Vulnerability Vulnerability: Arbitrary Deletion of External Storage in Nextcloud Server Missing Password Confirmation Vulnerability in Nextcloud Server Arbitrary File Reading Vulnerability in 1Panel 1.4.3 Arbitrary File Download Vulnerability in 1Panel 1.4.3 Arbitrary File Write Vulnerability in 1Panel 1.4.3 Arbitrary Service Forwarding Vulnerability in WireMock Studio Open Redirect Vulnerability in Jupyter-Server Vulnerability: Insecure Hashing in uthenticode 1.0.9 Terminal Log File Poisoning Vulnerability in Splunk SOAR Unrestricted File Upload Vulnerability in AcyMailing Component for Joomla Cross-Site Scripting (XSS) Vulnerability in AcyMailing Enterprise Component for Joomla Unauthenticated Creation of Mailing Lists in AcyMailing Enterprise for Joomla Unauthenticated Attachment Removal Vulnerability in AcyMailing Enterprise for Joomla Sensitive Information Exposure in AcyMailing Enterprise Component for Joomla: Unauthorized Access to Subscriber Count Double Free Vulnerability in MIT Kerberos 5 (krb5) 1.21 before 1.21.2 Buffer Overflow in log_blackbox.c in libqb before 2.0.8 due to Inadequate Header Size Consideration Denial of Service Vulnerability in ImageMagick's Magick::Draw Insufficient Random Values in MXsecurity Web Service Authenticator Vulnerability Unauthenticated Modification of Data in wpDiscuz WordPress Plugin (Versions up to 7.6.3) Unauthenticated Information Disclosure Vulnerability in MXsecurity v1.0.1 and Earlier Unauthorized Access Vulnerability in MXsecurity Versions Prior to v1.0.1 Hard-coded SSH Host Key Vulnerability in MXsecurity Versions Prior to v1.0.1 Unauthenticated Remote Device Registration Vulnerability in MXsecurity v1.0.1 and Earlier Versions Out-of-Bounds Memory Access Vulnerability in Hitachi EH-VIEW (KeypadDesigner) Out-of-bounds Write Vulnerability in Unsupported Hitachi EH-VIEW (Designer) Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Unsupported Hitachi EH-VIEW (Designer) Stored XSS Vulnerability in Ajay Lulia wSecure Lite Plugin <= 2.5 Stored Cross-Site Scripting (XSS) Vulnerability in 标准云(std.Cloud) WxSync Plugin <= 2.7.23 CSRF Vulnerability in 99robots Header Footer Code Manager Plugin Authorization Bypass Vulnerability in The Waiting: One-click countdowns plugin for WordPress Unauthenticated Reflected XSS Vulnerability in BigBlueButton Plugin <= 3.0.0-beta.4 vCita.Com Online Booking & Scheduling Calendar Plugin XSS Vulnerability Sensitive Information Exposure in Multiple Versions of WordPress Cross-Site Request Forgery Vulnerability in The Waiting WordPress Plugin CVE-2023-40000 Sensitive Information Exposure Vulnerability in Pluggabl LLC Booster for WooCommerce Plugin Stored XSS Vulnerability in Ujwol Bastakoti CT Commerce Plugin <= 2.0.1 CSRF Vulnerability in Gangesh Matta Simple Org Chart Plugin CSRF Vulnerability in ThimPress WP Pipes Plugin <= 1.4.0 GRUB Authentication Bypass Vulnerability SQL Injection vulnerability in HUSKY – Products Filter for WooCommerce Professional Unintended Oversight: Lack of Extended Key Usage (EKU) Validation in uthenticode Insufficient Input Sanitization in SVG Loader Library Leads to Stored XSS Vulnerability Vulnerability: `_msgSender` Returns `address(0)` in Certain Circumstances Vulnerability: Right-to-Left Evaluation Order in Vyper Compiler Server-side Request Forgery in GeoNode Versions 3.2.0 - 4.1.2 Out of Bounds Write Vulnerability in FreeSWITCH Denial of Service Vulnerability in FreeSWITCH Prior to Version 1.10.10 Vulnerability: Unauthorized Access to Security Policy Projects in GitLab EE Improper Authorization Check in PrivateUploader v3.2.49 Timing Attack Vulnerability in Oppia's CSRF Token Validation Integer Overflow in `consume_count` of `cplus-dem.c` in Rizin 0.6.0 and prior versions Yak Engine Local File Inclusion (LFI) Vulnerability Improper Validation and Sanitization in ScanCode.io License Details View Endpoint Leads to XSS Vulnerability Unauthenticated Access to Sensitive Information in Argo CD Terminal Sessions Arbitrary File Access in Argo CD via Crafted Helm File Public Access to `adminMeta` GraphQL Query in Keystone CMS Arbitrary File Read Vulnerability in Ghost CMS (CVE-2021-12345) Exposure of Cluster Secrets in Argo CD API Privilege Escalation Vulnerability in One Identity Password Manager 5.9.7.1 Cargo Build Timings Report Cross-Site Scripting Vulnerability Heap Buffer Write Overflow in Utf8_16_Read::convert in Notepad++ Versions 8.5.6 and Prior libvips SVG Parsing Segfault Vulnerability Blind Server-Side Request Forgery (SSRF) and File Disclosure Vulnerability in Flarum Remote Code Execution Vulnerability in Woodpecker CI System Remote Code Execution Vulnerability in Craft CMS Global Buffer Read Overflow in Notepad++ Versions 8.5.6 and Prior Insufficient Connection URL Validation in Apache NiFi 1.21.0 - 1.23.0 Predictable Default WPA2 PSKs in Arris DG860A and DG1670A Devices: A Gateway to Unauthorized Remote Access Default WPA2-PSK Derivation Vulnerability in ARRIS TG852G, TG862G, and TG1672G Devices Use-After-Free Vulnerability in Linux Kernel's Netfilter Remote Camera Feed Access Vulnerability in MyCrops HiGrade THC Testing & Cannabi App Stack-Based Buffer Overflow in setWiFiWpsConfig Allows Remote Code Execution in TOTOLINK T10_v2 5.9c.5061_B20200511 Stack-Based Buffer Overflow in TOTOLINK T10_v2 5.9c.5061_B20200511's setStaticDhcpConfig in /lib/cste_modules/lan.so SQL Injection Vulnerability in MOVEit Transfer Web Interface WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Remote Command Execution Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in WS_FTP Server's Ad Hoc Transfer Module WS_FTP Server Manager Interface SQL Injection Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in WS_FTP Server's Management Module Missing Cross-Site Request Forgery (CSRF) Protection in WS_FTP Server Manager Interface Unauthenticated File Enumeration Vulnerability in WS_FTP Server Insufficient Session Expiration in fossbilling/fossbilling prior to 0.5.5 Remote Code Execution Vulnerability in Chef Automate 4.10.29 Unintended File Upload Vulnerability in Progress Application Server (PAS) for OpenEdge Denial of Service Vulnerability in Progress Application Server (PAS) for OpenEdge Authenticated Actor Exploits File Share Function Vulnerability in Serv-U 15.4 Directory Traversal Remote Code Execution Vulnerability in Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability in Network Configuration Manager Critical SQL Injection Remote Code Vulnerability in SolarWinds Platform Remote Code Execution Vulnerability in SolarWinds Access Rights Manager Critical Vulnerability: Exposure of Sensitive Data in Public Knowledgebase Puts Access Rights Manager (ARM) at Risk CSV Injection Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.16 Title: Critical Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1 Allows Bypass of Multi-Factor Authentication Job Execution Vulnerability: A Gateway to Exploitation SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability Arbitrary Script Execution via Cross-Site Scripting in Advanced Custom Fields 6.1.0 to 6.1.7 and Advanced Custom Fields Pro 6.1.0 to 6.1.7 ELECOM Wireless LAN Routers: OS Command Injection Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.16 ELECOM Network Devices: OS Command Injection Vulnerability Cross-User Media Read Vulnerability in Notification.java Local Persistent Denial of Service Vulnerability in saveToXml of PersistableBundle.java Unlimited Package Registration Vulnerability in ShortcutPackage.java Credential Manager UI - Permissions Bypass Vulnerability Race condition vulnerability in MetaDataBase.cpp allows for remote privilege escalation without user interaction Heap Buffer Overflow in a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc Allows for Escalation of Privilege Background Activity Launch Vulnerability in injectSendIntentSender of ShortcutService.java Vulnerability: GitLab Pages Takeover via Known Random String Out of Bounds Write Vulnerability in btm_ble_gap.cc Functions Confused Deputy Vulnerability in loadMediaDataInBgForResumption of MediaDataManager.kt Allows Unauthorized Access to User's Images Improper Crypto Usage in modify_for_next_stage of fdt.rs Allows for Remote Privilege Escalation Out of Bounds Read Vulnerability in parse_gap_data of utils.cc Use-after-free vulnerability in MDnsSdListener.cpp allows for local privilege escalation without user interaction Out of Bounds Read Vulnerability in convertSubgraphFromHAL of ShimConverter.cpp Out of Bounds Write Vulnerability in transcodeQ*ToFloat of btif_avrcp_audio_track.cc Use-after-free vulnerability in callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp allows for remote code execution without user interaction Credential Manager Policy Bypass Vulnerability Privilege Escalation via API Key Generation in MongoDB Ops Manager Bypassing Signature Validation in BTM_BleVerifySignature: Remote Privilege Escalation Vulnerability Out of Bounds Write Vulnerability in onTransact of IncidentService.cpp Local Information Disclosure Vulnerability in ShortcutService.java Logic Error in PDF Output Allows Local Information Disclosure Lock Screen Bypass Vulnerability in ActivityTaskManagerService.java Potential Local Privilege Escalation in createDontSendToRestrictedAppsBundle of PendingIntentUtils.java Unprivileged Background Audio Recording Vulnerability Possible URI Grant Vulnerability in PackageManagerHelper.java Logic Error in mOnDone of NotificationConversationInfo.java Allows Unauthorized Access to App Notification Data USB Host Controller Driver in Linux Kernel: Endless Loop Denial of Service Vulnerability Use-after-free vulnerability in discovery_thread of Dns64Configuration.cpp allows for local privilege escalation without additional execution privileges. Out of Bounds Read Vulnerability in canonicalize_md.c Double Free Vulnerability: Local Privilege Escalation without User Interaction Untrusted Cryptographic Certificates in ca-certificates: Remote Information Disclosure Vulnerability Potential Local Information Disclosure Vulnerability in backupAgentCreated of ActivityManagerService.java BAL Bypass Vulnerability in sanitizeSbn of NotificationManagerService.java Use-after-free vulnerability in ARTPWriter of ARTPWriter.cpp allows for local privilege escalation without user interaction Possible Local Privilege Escalation via Permissions Bypass in UsbConfiguration.java's createFromParcel Method GitLab EE Resource Consumption DoS Vulnerability Heap Buffer Overflow in MtpPacket.cpp Allows for Local Privilege Escalation Local Privilege Escalation via Confused Deputy in setMediaButtonReceiver Out of Bounds Read Vulnerability in ippSetValueTag of ipp.c Cross-User Message Data Access Vulnerability: Local Information Disclosure without User Interaction Use-after-free vulnerability in MtpFfsHandle.cpp allows for local privilege escalation Use-after-free vulnerability in readLogs function of StatsService.cpp allows for local privilege escalation without user interaction Possible Privilege Escalation Vulnerability in PipTaskOrganizer.java Possible Lockscreen Bypass and Local Privilege Escalation in resetSettingsLocked of SettingsProvider.java NTS-Enabled Client Request (Mode 3) Causes ntpd Crash Vulnerability Foreground Service Notification Bypass Vulnerability Possible SQL Injection Vulnerability in appendEscapedSQLString of DatabaseUtils.java Confused Deputy Vulnerability in SaveUi.java Allows Unauthorized Access to User Images Possible bypass of multi-user security boundary in updateActionViews of PipMenuView.java leading to local information disclosure Confused Deputy Vulnerability: Cross-User Read Leading to Local Information Disclosure APN Permission Bypass Vulnerability in ApnEditor.java Confused Deputy Vulnerability: Unauthorized Access to Screenshots and Local Information Disclosure Heap Buffer Overflow in xmlregexp.c Allows Local Privilege Escalation Heap Buffer Overflow in build_read_multi_rsp of gatt_sr.cc CSRF Vulnerability in GDPR Cookie Compliance WordPress Plugin Possible Permission Bypass and Privilege Escalation in CallRedirectionProcessor.java Race condition in GpuService.cpp allows for local privilege escalation without user interaction Confused Deputy Vulnerability in DialogFillUi.java Allows Unauthorized Image Viewing Confused Deputy Vulnerability in isFullScreen of FillUi.java Allows Unauthorized Image Viewing Confused Deputy Vulnerability in SaveUi.java Allows Unauthorized Access to User Images Confused Deputy Vulnerability in setHeader of DialogFillUi.java Allows Unauthorized Access to User Images Confused Deputy Vulnerability in DialogFillUi.java Allows Unauthorized Access to User Images Confused Deputy Vulnerability in FillUi.java Allows Unauthorized Access to User Images Confused Deputy Vulnerability in FillUi.java Allows Unauthorized Access to User Images Use After Free Vulnerability in android_view_InputDevice_create Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in temp_residency_name_store of thermal_metrics.c Carrier Restriction Bypass Vulnerability in TBD of TBD Cross-Site Scripting (XSS) Vulnerability in Westermo Lynx Web Application CBC Products OS Command Injection Vulnerability Arbitrary Command Execution Vulnerability in Weintek's cMT3000 HMI Web CGI Device CVE-2023-40146 CVE-2023-40148 Use-After-Free Vulnerability in Linux Kernel's nf_tables Component Allows Local Privilege Escalation Unauthenticated Remote Code Execution Vulnerability in Softneta MedDream PACS Vulnerability: Unauthenticated Command Execution with Highest Privileges in Red Lion SixTRAK and VersaTRAK Series RTUs Out of Bounds Write Vulnerability in Fuji Electric Tellus Lite V-Simulator Cross-Site Scripting Vulnerability in [Product Name]: Arbitrary JavaScript Injection via 'hostname' Parameter Intel(R) SUR for Gameplay Software Default Permissions Vulnerability Uncontrolled Search Path Element Vulnerability in Intel(R) SSU Software Hidden Functionality Vulnerability in CBC Products: Remote Command Execution and Settings Alteration Unrestricted Data Injection Vulnerability via 'ps' Utility CVE-2023-40160 Improper Access Control in Intel Unite(R) Client Software: Potential Privilege Escalation via Local Access Accusoft ImageGear 20.1 Out-of-Bounds Write Vulnerability Global Buffer Read Overflow in nsCodingStateMachine::NextStater Insufficient Input Validation in RubyGems.org Allows Replacement of Uploaded Gems Heap Buffer Read Overflow in Notepad++ FileManager::detectLanguageFromTextBegining HTTP Request Smuggling Vulnerability in Jetty Web Server Arbitrary File Read and Upload Vulnerability in TurboWarp Desktop Versions Prior to 1.8.0 Improper Cross-Site Credential Checks in Jupyter-Server JWT Secret Key Disclosure in Dispatch Plugin - Basic Authentication Provider CSRF Vulnerability in Social Media Skeleton Prior to Version 1.0.5 Unsalted Password Vulnerability in Social Media Skeleton Insufficient Session Expiration in Social Media Skeleton HTTP Request Smuggling Vulnerability in Puma Web Server Stored XSS Vulnerability in XWiki Platform User Profile Arbitrary Script Execution and Rights Escalation in XWiki Platform Reusability of Expired LogoutRequest XML in Node-SAML Library Insecure Password Recovery Form Allows Email Enumeration Improper Permission Validation Allows Creation of Model Experiments in Public Projects in GitLab Silverstripe-GraphQL Recursive Query DDOS Vulnerability Integer-Underflow leading to Out-Of-Bound Read in FreeRDP's `zgfx_decompress_segment` function Recovery Form Time Discrepancy Vulnerability DataEase Prior to Version 1.18.11 Cookie Theft Vulnerability Improper Session Establishment Handling in xrdp Server (CVE-2021-38647) Shell Escape Vulnerability in Shescape Library IntegerOverflow leading to Out-Of-Bound Write Vulnerability in FreeRDP's `gdi_CreateSurface` function Use-After-Free Vulnerability in FreeRDP 3.x Beta Branch Out-Of-Bounds Read Vulnerability in FreeRDP's general_LumaToYUV444 Function Unrestricted File Manipulation and Remote Code Execution in Media from FTP WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP Accounts Instance Settings Arbitrary OS Command Execution Vulnerability in Deco M4 Firmware Arbitrary File Creation Vulnerability in Foxit Reader 12.1.3.15356 Apache Airflow Spark Provider Deserialization and Untrusted Control Sphere Vulnerability Unauthenticated Reflected XSS Vulnerability in ImageRecycle ImageRecycle Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Devaldi Ltd Flowpaper Plugin <= 1.9.9 CSRF Vulnerability in Antsanchez Easy Cookie Law Plugin <= 3.1 CSRF Vulnerability in CRUDLab WP Like Button Plugin TrustZone Implementation Vulnerability: Unvalidated Input Allows Unauthorized Access to Secure Memory Arbitrary Plugin Activation via CSRF Vulnerability in Futurio Extra Plugin CSRF Vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail Plugin <= 3.4.1 Unrestricted File Upload Vulnerability in Premio Folders Plugin Unauthenticated Reflected XSS Vulnerability in Pixelgrade PixTypes Plugin <= 1.4.15 Stored XSS Vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post Plugin SQL Injection Vulnerability in RedNao Donations Made Easy – Smart Donations Unauthenticated Reflected XSS Vulnerability in Aleksandar Urošević Stock Ticker Plugin <= 3.23.3 Stored Cross-Site Scripting Vulnerability in Modern Events Calendar Lite Plugin for WordPress CSRF Vulnerability in SB Child List Plugin <= 4.5 Unauthorized Access to Sensitive Data in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks CSRF Vulnerability in theDotstore Product Attachment for WooCommerce Plugin Unauthenticated Reflected XSS Vulnerability in Vathemes Business Pro Theme <= 1.10.4 SQL Injection Vulnerability in Demonisblack Demon Image Annotation Vulnerability: Missing Argument-Count Bounds Check in OpenBSD 7.3 Console Terminal Emulation TLS Server-Side Socket Buffer Data Leakage Vulnerability Integer Overflow Vulnerability in Samsung Exynos Mobile Processor NPU Kernel Driver Arbitrary File Upload Vulnerability in Welcart e-Commerce Versions 2.7 to 2.8.21 Stored Cross-Site Scripting Vulnerability in Herd Effects WordPress Plugin Buffer Overflow Vulnerability in Intel(R) NUC BIOS Firmware Injection Vulnerability in Mail Server Section of Web Application Cross-Site Scripting (XSS) Vulnerability in MISP 2.4.174 in app/View/Events/index.ctp HTTP Request Smuggling Vulnerability in HAProxy Vulnerability: Unauthorized Message Deletion in All Users Messenger WordPress Plugin ArchiMate Archi XMLNS Namespace Authentication Bypass Vulnerability Authentication Bypass Vulnerability in Pexip VMR Self-Service Portal LogoFAIL: Image Parsing Vulnerability in InsydeH2O UEFI Firmware XXE Vulnerability in Lexmark Devices: Information Disclosure Risk Hancom HCell on Windows Classic Buffer Overflow Vulnerability Man in the Middle Attack Vulnerability in Genians Genian NAC and Genian ZTNA Code Injection Vulnerability in Genians NAC and ZTNA Allows Replacement of Trusted Executable Authentication Abuse Vulnerability in Genians Genian NAC and Genian ZTNA Download of Code Without Integrity Check vulnerability in Genians Genian NAC and Genian ZTNA allows Malicious Software Update Title: Untrusted Client Interaction Vulnerability in Veritas NetBackup Snapshot Manager Bypassing MFA Requirement via Email Address Change in EmpowerID Unauthenticated Stored XSS Vulnerability in Atos Unify OpenScape Voice Trace Manager V8 Command Injection Vulnerability in Atos Unify OpenScape Voice Trace Manager V8 Authenticated Path Traversal Vulnerability in Atos Unify OpenScape Voice Trace Manager V8 Remote Code Execution via File Upload in Atos Unify OpenScape Xpressions WebAssistant V7 Path Traversal Vulnerability in Atos Unify OpenScape Xpressions WebAssistant V7 Insecure Non-Multi Options Bypass in GitPython Clone and Clone_From (CVE-2022-XXXXX) Improper Buffer Comparison in CryptoCell PSA Driver Interface for Chacha20-Poly1305 Algorithm in Trusted Firmware-M Apache Airflow Spark Provider File Read Vulnerability Session Fixation Vulnerability in Apache Airflow Directory Traversal Vulnerability in Zola Web Server CVE-2023-40275 CVE-2023-40276 CVE-2023-40277 CVE-2023-40278 CVE-2023-40279 Buffer Overflow Vulnerability in Lenovo Notebook SystemUserMasterHddPwdDxe Driver CVE-2023-40280 Cross-Site Scripting (XSS) Vulnerability in EC-CUBE Management Page Authentication Bypass Vulnerability in Rakuten WiFi Pocket Use-after-free vulnerability in l2cap_sock_release in Linux kernel before 6.4.10 CVE-2023-40284 CVE-2023-40285 CVE-2023-40286 CVE-2023-40287 CVE-2023-40288 CVE-2023-40289 Buffer Overflow Vulnerability in Lenovo ThinkPad BoardUpdateAcpiDxe Driver CVE-2023-40290 Harman Infotainment Vulnerability: Root Access via USB-to-Ethernet Dongle Harman Infotainment 20190525031613 and later: IP Address Disclosure via CarPlay CTRL Packets Command Injection Vulnerability in Harman Infotainment 20190525031613 and later Heap-Based Buffer Overflow in libboron: Exploiting ur_parseBlockI in Boron 2.0.8 Heap-Based Buffer Overflow in libboron's ur_strInitUtf8 Function Stack-based Buffer Overflow in async-sockets-cpp UDP Packet Processing Kong Insomnia 2023.4.0 on macOS DYLD_INSERT_LIBRARIES Code Execution and File Access Vulnerability BIOS Corruption Vulnerability in ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2: Insecure Recovery Settings Hardcoded Cryptographic Key in NETSCOUT nGeniusPULSE 3.8 Command Injection Vulnerability in NETSCOUT nGeniusPULSE 3.8 nGeniusPULSE 3.8 Weak File Permissions Vulnerability Privilege Escalation Vulnerability in GNU inetutils Heap-Based Buffer Overflow in GNU indent 2.2.13 via Crafted File Insufficient URL Validation in SAP S/4HANA Manage Catalog Items and Cross-Catalog Searches Fiori Apps Buffer Overflow Vulnerability in macOS Application Allows Unauthorized Access and Data Manipulation SAP CommonCryptoLib Denial of Service Vulnerability SAP CommonCryptoLib Authentication Bypass Vulnerability XML External Entity (XXE) Vulnerability in SAP PowerDesigner Client Multiple Stored XSS Vulnerabilities in OpenMNS Horizon 31.0.8 and Earlier Versions Multiple Reflected XSS Vulnerabilities in OpenMNS Horizon 31.0.8 and Earlier Versions Arbitrary Remote Java Code Execution in OpenMNS Horizon and Meridian Cross-Site Scripting Vulnerability in OpenNMS Meridian and Horizon Privilege Escalation Vulnerability in OpenMNS Horizon 31.0.8 and Earlier Versions Carrrot Plugin <= 1.1.0 Auth. (admin+) Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in WPZest Custom Admin Login Page OS Command Injection in mlflow/mlflow prior to 2.6.0 Unauthenticated Reflected XSS Vulnerability in Milan Petrovic GD Security Headers Plugin <= 1.6.1 Qode Interactive Bridge Core Plugin XSS Vulnerability CSRF vulnerability in Cleverwise Daily Quotes allows Stored XSS Jenkins Folders Plugin CSRF Vulnerability Allows Unauthorized Folder Copying Jenkins Folders Plugin CSRF Vulnerability Allows Unauthorized View Copying Information Disclosure Vulnerability in Jenkins Folders Plugin Jenkins Config File Provider Plugin: Credential Leakage in Build Logs SQL Injection Vulnerability in Digita Information Technology Smartrise Document Management System Unmasked Credentials in Jenkins NodeJS Plugin Pipeline Build Logs Jenkins Blue Ocean Plugin CSRF Vulnerability: Unauthorized GitHub Credential Capture Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Flaky Test Handler Plugin Timing Vulnerability in Jenkins Tuleap Authentication Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Delphix Plugin 3.0.2 and earlier Insecure Context for Credentials Lookup in Jenkins Delphix Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Shortcut Job Plugin 0.4 and Earlier Insecure Context for Credentials Lookup in Jenkins Maven Artifact ChoiceListProvider Plugin Information Disclosure Vulnerability in Jenkins Gogs Plugin 1.0.15 and Earlier Unauthenticated Remote Build Triggering in Jenkins Gogs Plugin Stored Cross-Site Scripting Vulnerability in Simple Blog Card WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Docker Swarm Plugin Cross-Site Request Forgery (CSRF) Vulnerability in Jenkins Favorite View Plugin Privilege Escalation Vulnerability in McAfee Safe Connect Integer Overflow Vulnerability in Exynos Mobile Processor 980 and 2100 Clear-text Storage of Encrypted Password in MariaDB MaxScale Axigen versions 10.3.3.0 to 10.5.5 Cross Site Scripting (XSS) Arbitrary Code Execution Vulnerability Arbitrary OS Command Execution Vulnerability in TP-LINK Products Pointer/Overflow Vulnerability in xterm's ReGIS Reporting for Character-Set Names Arbitrary Post Retrieval Vulnerability in Simple Blog Card WordPress Plugin NULL Pointer Dereference in QEMU's nvme_directive_receive() Function Insecure Permissions for previewRm.sh Cronjob in SECUDOS Qiata (DOMOS OS) 4.13 Arbitrary Deletion of Contractors in CentralSquare Click2Gov Building Permit Incorrect File Permission Settings in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.5.0 Information Disclosure Vulnerability in IBM Storage Protect 8.1.0.0 through 8.1.19.0 Blind SQL Injection Vulnerability in Conacwin 3.7.1.2 Web Interface Information Disclosure Vulnerability in IBM Robotic Process Automation Runtime Improper Access Controls in IBM AIX and VIOS OpenSSH Implementation Denial of Service Vulnerability in IBM Db2 11.5 with External Tables Denial of Service Vulnerability in IBM Db2 with Common Table Expressions Denial of Service Vulnerability in IBM Db2 11.5 Local Privilege Escalation Vulnerability in IBM i Application Server Improper Authentication Controls in IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 - 7.2.3.5, and 7.3 - 7.3.2.0 Local Privilege Escalation Vulnerability in IBM BRMS for IBM i 7.2, 7.3, and 7.4 Local Privilege Escalation Vulnerability in IBM Directory Server for IBM i Improved Validation for Path Handling in macOS Ventura 13.3 Improved Redaction of Sensitive Location Information in tvOS 17, iOS 17, iPadOS 17, and macOS Sonoma 14 DNS Query Leakage Vulnerability in macOS Sonoma, Safari, iOS, and iPadOS Improved Handling of Temporary Files Fixes Privacy Vulnerability in macOS Sonoma 14 Privacy vulnerability: Unprotected Saving of Photos in Safari on macOS Sonoma 14 Stack-Protector Failure in GCC-based Toolchains for AArch64 CVE-2023-40390 Improved Memory Handling to Prevent Kernel Memory Disclosure Improved Private Data Redaction for Log Entries in macOS Ventura 13.5: Addressing Sensitive Location Information Vulnerability Hidden Photos Album Authentication Bypass in macOS Sonoma 14 Improved Validation of Environment Variables Fixes Vulnerability in iOS 16.6 and iPadOS 16.6 Cache Vulnerability: Unauthorized Contact Access Arbitrary JavaScript Code Execution Vulnerability in macOS Ventura 13.5 Improved Memory Handling to Prevent Kernel Memory Disclosure Unauthenticated Modification of Order Status in Stripe Payment Plugin for WooCommerce Remote Code Execution Vulnerability in Apple Operating Systems macOS Ventura 13.6.1 Patch: Passkey Access Vulnerability Fixed macOS Sonoma 14 Patch: Enhanced Permissions to Prevent Unauthorized Access to Sensitive User Data Memory Handling Vulnerability in macOS, tvOS, iOS, iPadOS, watchOS, and macOS Monterey Use-After-Free Vulnerability in macOS Sonoma 14.1 Allows Arbitrary Code Execution Improved Private Data Redaction for Log Entries in macOS Sonoma 14.1: Addressing a Privacy Vulnerability Arbitrary File Read Vulnerability in macOS Monterey, Ventura, and Sonoma Improved Bounds Checks Fix Denial-of-Service Vulnerability in macOS Sonoma 14 Inconsistent User Interface Issue Leading to Unexpected Deactivation of Hide My Email Arbitrary Code Execution Vulnerability in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17, and iPadOS 17 Gecko Bootloader Firmware Update File Parser Code Injection and Authentication Bypass Vulnerability Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in macOS Ventura 13.6 and Other Apple Operating Systems Improved Data Protection in macOS Sonoma 14: Fixing App Access to User-Sensitive Data Arbitrary Code Execution Vulnerability in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17, and iPadOS 17 Sensitive Location Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Apple Devices Memory Disclosure Vulnerability in Image Processing UI Spoofing Vulnerability Patched in Safari 17 and Apple OS Updates Authentication Issue Fixed in watchOS 10: Apple Watch Ultra May Not Lock with Depth App Elevated Privileges Vulnerability Patched in Latest Apple Operating Systems Unpatched Vulnerability in Ghostscript Package for Red Hat Enterprise Linux 8 Improved Memory Handling to Prevent Denial-of-Service Vulnerability Vulnerability Patched: App Permissions Bypass in macOS Sonoma, Monterey, and Ventura Improved Memory Handling in macOS Sonoma 14 Fixes Denial-of-Service Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS Enhanced Security Measures Implemented to Prevent Unauthorized Access to User-Sensitive Data Improved Private Data Redaction in macOS Monterey 12.7.1: Addressing Root Privilege Privacy Vulnerability Privacy Preferences Bypass Vulnerability Patched in macOS Sonoma 14 Cache Vulnerability: Unauthorized Access to Sensitive Location Information Cache Access Vulnerability in iOS 17 and iPadOS 17 Allows Unauthorized App Access to Sensitive User Data Improved Validation Fixes Permissions Issue Allowing App Access to Sensitive User Data Vulnerability: JSON Parsing Denial of Service in Eclipse Parsson Vulnerability: Unauthorized Access to Removable Volumes in macOS Sonoma 14 Arbitrary Code Execution Vulnerability in iOS 17 and iPadOS 17 Arbitrary Code Execution Vulnerability in Apple Operating Systems Gatekeeper Bypass Vulnerability in macOS Ventura 13.3 Enhanced Security Measures Implemented to Prevent Unauthorized Access to Photos Library App Store Credential Access Vulnerability Fixed in Xcode 15 Improved Bounds Checks in macOS Sonoma 14: Preventing Unexpected System Termination and Kernel Memory Read Vulnerability Improved Private Data Redaction for Log Entries in iOS 16.6, iPadOS 16.6, and macOS Ventura 13.5 Vulnerability: Unauthorized Access to Edited Photos in Temporary Directory Improved Private Data Redaction for Log Entries in iOS 16.6, iPadOS 16.6, and macOS Ventura 13.5 Improper State Management of S/MIME Encrypted Emails Leading to Unintended Unencryption Denial-of-Service Vulnerability in iOS, iPadOS, and macOS Sonoma Improved Private Data Redaction for Log Entries in macOS and iOS Root Privilege Escalation Vulnerability Patched in iOS 17 and iPadOS 17 macOS Sonoma 14.1 Patch: Enhanced Permissions Restriction to Prevent Unauthorized Data Access Persistent Lock Failure Vulnerability Arbitrary Code Execution Vulnerability in macOS and iOS Arbitrary Code Execution Vulnerability in Web Content Processing Remote Code Execution Vulnerability in Web Content Sandbox Improved Memory Handling to Prevent Denial-of-Service Vulnerability Cross-Origin Image Data Access in Offscreen Canvas Gatekeeper Bypass Vulnerability in macOS Sonoma 14 Improved iframe sandbox enforcement in Safari 17 mitigates arbitrary code execution vulnerability Arbitrary File Overwrite Vulnerability Patched in macOS Ventura 13.6 and Other Apple Operating Systems Escape Sequence Injection and Denial of Service Vulnerability in Docker Machine File Deletion Vulnerability in macOS Ventura 13.6, tvOS 17, iOS 16.7, iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17, iPadOS 17, macOS Sonoma 14 Sandbox Circumvention Vulnerability in macOS Sonoma 14 Vulnerability: Unauthorized Access to Edited Photos in Temporary Directory Infinite Loop Vulnerability in Sierra Wireless, Inc ALEOS Authentication Bypass Vulnerability in ACEManager Component of ALEOS 4.16 and Earlier Stale Value Exploitation in WASM JIT Analysis: Potential Crash and Code Execution in Firefox ACEManager File Upload Vulnerability Stored Cross-Site Scripting in ACEManager File Upload Field ACEManager Authentication Input Sanitization Vulnerability Insecure Storage of Root Password Hash in ALEOS 4.16 and Earlier Hardcoded SSL Certificate and Private Key Vulnerability in ALEOS Denial of Service Vulnerability in ALEOS Captive Portal CVE-2023-40468 CVE-2023-40469 Popup Notifications Delay Calculation Bug Allows Permission Trickery in Firefox CVE-2023-40470 CVE-2023-40471 CVE-2023-40472 CVE-2023-40473 CVE-2023-40474 CVE-2023-40475 CVE-2023-40476 CVE-2023-40477 CVE-2023-40478 CVE-2023-40479 DOMParser Out-of-Bounds Read Vulnerability in Firefox CVE-2023-40480 CVE-2023-40481 CVE-2023-40482 CVE-2023-40483 CVE-2023-40484 CVE-2023-40485 CVE-2023-40486 CVE-2023-40487 CVE-2023-40488 CVE-2023-40489 Race Conditions in Reference Counting Code Leading to Use-After-Free Vulnerabilities in Firefox CVE-2023-40490 CVE-2023-40491 CVE-2023-40492 CVE-2023-40493 CVE-2023-40494 CVE-2023-40495 CVE-2023-40496 CVE-2023-40497 CVE-2023-40498 CVE-2023-40499 Stack buffer overflow vulnerability in Firefox versions < 116, Firefox ESR versions < 102.14, and Firefox ESR versions < 115.1 CVE-2023-40500 CVE-2023-40501 CVE-2023-40502 CVE-2023-40503 CVE-2023-40504 CVE-2023-40505 CVE-2023-40506 CVE-2023-40507 CVE-2023-40508 CVE-2023-40509 Full Screen Notification Spoofing Vulnerability CVE-2023-40510 CVE-2023-40511 CVE-2023-40512 CVE-2023-40513 CVE-2023-40514 CVE-2023-40515 CVE-2023-40516 CVE-2023-40517 HTTP Request Header Validation Bypass in LiteSpeed OpenLiteSpeed before 1.7.18 Cross-Site Scripting (XSS) Vulnerability in Broadpeak Centralized Accounts Management Auth Agent Arbitrary File Deletion Vulnerability in Firefox Updater Vulnerability: Unauthorized Access to Edited Photos in Temporary Directory Privacy Bypass Vulnerability Patched in Apple's Latest Operating Systems VoiceOver Exploit: Unauthorized Access to Private Calendar Information Full Screen Notification Obscuration Vulnerability in Firefox and Thunderbird Arbitrary Website Access via Custom URL Scheme in 'Skylark' App for Android and iOS Archer AX6000 Firmware Vulnerability: Remote Command Execution Welcart e-Commerce Path Traversal Vulnerability CVE-2023-40533 HTTP/2 Profile and HTTP MRF Router Vulnerability Stored Cross-Site Scripting Vulnerability in VI Web Client View Setting Page (Versions prior to 7.9.6) Session Cookie Persistence Vulnerability in BIG-IP Configuration Utility on VIPRION Platform Unpatched Firefox Vulnerability: Lack of Warning for Malicious Code in appref-ms Files Intel NUC BIOS Firmware Vulnerability: Non-Transparent Sharing of Microarchitectural Resources macOS Sonoma 14 Patch: Fixing Shortcut Vulnerability Allowing Unauthorized Data Output TCP Verified Accept Vulnerability TCP Sniffing Vulnerability: Exploiting Network Access to Obtain Sensitive Information OAuth2 Client Authentication Bypass via Specially Crafted Requests Shim Vulnerability: Crash Due to Logging Function Parameter Mismatch Shim Boot Support Remote Code Execution Vulnerability Heap-based Buffer Overflow in Shim: Exploiting a Memory Allocation Vulnerability in 32-bit Systems Out-of-Bounds Read Vulnerability in Shim Allows Denial of Service Cookie Jar Inconsistency Vulnerability in Firefox Shim Out-of-Bounds Read Vulnerability Exposing Sensitive Data during Boot Phase Out-of-Bounds Read Vulnerability in Shim's MZ Binary Format Stored Cross-Site Scripting (XSS) Vulnerability in Gurcharan Singh Fitness Calculators Plugin <= 2.0.7 Unauthenticated Reflected XSS Vulnerability in Plausible Analytics Plugin <= 1.3.3 Unauthenticated Reflected XSS Vulnerability in Blog2Social Plugin (<= 7.2.0) Deserialization of Untrusted Data vulnerability in Flatsome | Multi-Purpose Responsive WooCommerce Theme CSRF Vulnerability in Greg Ross Schedule Posts Calendar Plugin CSRF Vulnerability in eMarket Design YouTube Video Gallery Plugin CSRF Vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce Plugin Memory Corruption Vulnerabilities in Firefox and Thunderbird Versions 115 and 102 Stored XSS Vulnerability in Greg Ross Schedule Posts Calendar Plugin <= 5.2 CSRF Vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce Plugin <= 3.7.1 Out-of-Bounds Write Vulnerability in FreeRDP's clear_decompress_bands_data Function Out-Of-Bounds Write Vulnerability in FreeRDP's progressive_decompress Function Memory Corruption Vulnerabilities in Firefox and Thunderbird Versions 115 Unauthenticated Access to Database and Table Names in Datasette 1.0 Alpha - 1.0a3 Deserialization Vulnerability in weblogic-framework Versions 0.2.3 and Prior CSRF Vulnerability in XWiki Platform Allows Remote Code Execution Remote Code Execution via Job Scheduler in XWiki Platform Out-Of-Bounds Write Vulnerability in FreeRDP's writePixelBGRX Function Out-Of-Bounds Read Vulnerability in FreeRDP's general_YUV444ToRGB_8u_P3AC4R_BGRX Function Out-Of-Bounds Read Vulnerability in FreeRDP's RleDecompress Function Arbitrary JavaScript Code Execution in Alertmanager (CVE-2021-12345) Authorization Bypass Vulnerability in OpenFGA v1.3.0 and Earlier Memory Corruption Vulnerability in Firefox 115: Potential Arbitrary Code Execution Access Control Vulnerability in Freighter Wallet: Unauthorized Retrieval of Recovery Mnemonic Phrase Remote Code Execution Vulnerability in yt-dlp on Windows Command Injection Vulnerability in find-exec Utility (Versions prior to 1.0.3) Arbitrary Data Storage Vulnerability in go-libp2p Denial-of-Service and File Deletion Vulnerabilities in Argo CD Repo-Server Unauthenticated Access to Ironic API in Metal³ Crash Vulnerability in OWASP Coraza WAF 3.0.0: Denial of Service via Crafted Requests Path Traversal Vulnerability in Pyramid 2.0.0 and 2.0.1 for Python 3.11 Denial of Service Vulnerability in Discourse 3.1.1 and 3.2.0.beta1 Global Buffer Overflow in FreeRDP's ncrush_decompress Function Unauthenticated Page Creation Vulnerability in Profile Builder WordPress Plugin Vulnerability: Arbitrary Command Execution via GitPython on Windows Memory Consumption Vulnerability in go-ethereum (geth) Reflected Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise Denial of Service Vulnerability in Splunk Enterprise Versions Lower than 9.0.6 and 8.2.12 Denial of Service (DoS) Vulnerability in Splunk Enterprise Versions Prior to 8.2.12, 9.0.6, and 9.1.1 Splunk Enterprise Untrusted Data Serialization Vulnerability DLL Insecure Path Privilege Escalation Vulnerability in Splunk Enterprise Absolute Path Traversal Vulnerability in Splunk Enterprise Versions Prior to 8.2.12, 9.0.6, and 9.1.1 Arbitrary Code Execution via External Lookup in Splunk Enterprise Versions Below 8.2.12, 9.0.6, and 9.1.1 ReDoS Vulnerability in Mailform Pro CGI Add-ons Stored Cross-Site Scripting Vulnerability in WP Adminify WordPress Plugin Information Disclosure Vulnerability in EWWW Image Optimizer Unauthenticated Reflected XSS Vulnerability in Estatik Estatik Mortgage Calculator Plugin Open Redirect Vulnerability in Doofinder WP & WooCommerce Search Stored XSS Vulnerability in Jes Madsen Cookies by JM Plugin <= 1.0 Cross-Site Scripting (XSS) Vulnerability in 93digital Typing Effect Plugin <= 1.3.6 Code Injection Vulnerability in Kanban for WordPress Kanban Boards for WordPress CSRF Vulnerability in CLUEVO CLUEVO LMS Plugin SQL Injection vulnerability in Contact form 7 Custom validation plugin (versions n/a through 1.1.3) allows unauthorized database access Wildfly-core: Information Disclosure Vulnerability through resolve-expression in HAL Interface Privilege Escalation and Data Tampering Vulnerability in Apache Superset Apache Airflow Vulnerability: Unauthorized Modification of DAG Run Details XXE Injection Vulnerability in OpenMNS Horizon 31.0.8 and Earlier Reflected XSS Vulnerability in OpenKnowledgeMaps Head Start 7 via 'displayPDF.php' Reflected Cross-Site Scripting (XSS) Vulnerability in OpenKnowledgeMaps Head Start and Visual Project Explorer Remote Code Execution Vulnerability in phpPgAdmin 7.14.4 and Earlier Unauthenticated Code Injection in SAP PowerDesigner Client (Version 16.7) SAP BusinessObjects Business Intelligence Platform (Promotion Management) - Information Disclosure Vulnerability SAP BusinessObjects Suite Installer Directory Traversal Vulnerability JavaScript Code Injection Vulnerability in SAP NetWeaver AS ABAP Unauthenticated Privilege Escalation in S4CORE (Manage Purchase Contracts App) Vulnerability: Language File Parsing Process Exposes Environment Variables LivingWord Component for Joomla: Reflected XSS Vulnerability Extplorer Component for Joomla: Reflected XSS Vulnerability Critical SQL Injection Vulnerability in LMS Lite Component for Joomla CVE-2023-4063 Unauthenticated LFI/SSRF Vulnerability in JCDashboards Component for Joomla Local Information Disclosure Vulnerability in Dialer App JPG Driver Logic Error: Remote Information Disclosure Vulnerability Potential Local Information Disclosure Vulnerability in Phasecheckserver Possible Local Privilege Escalation Vulnerability in Phasechecksercer LinkTurbo Local Privilege Escalation Vulnerability Telecom Service Vulnerability: Local Information Disclosure via Missing Permission Check Telecom Service Vulnerability: Missing Permission Check Enables Local Information Disclosure Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Potential Local Information Disclosure Vulnerability in SoundRecorder Service Potential Local Information Disclosure Vulnerability in SoundRecorder Service Local Information Disclosure Vulnerability in Messaging App Local Information Disclosure Vulnerability in Messaging App Local Information Disclosure Vulnerability in Messaging App Local Information Disclosure Vulnerability in Messaging App Local Information Disclosure Vulnerability in Messaging App Local Information Disclosure Vulnerability in Messaging App Local Information Disclosure Vulnerability in Messaging App Local Information Disclosure Vulnerability in Messaging App Local Information Disclosure Vulnerability in Messaging App Password Disclosure Vulnerability in Red Hat AMQ Broker Operator Local Information Disclosure Vulnerability in Telecom Service URILD Service Vulnerability: Local Denial of Service with System Execution Privileges JPG Driver Out of Bounds Write Vulnerability: Local Denial of Service with System Execution Privileges Possible Local Privilege Escalation in FW-PackageManager Possible Local Privilege Escalation in FW-PackageManager Proforms Basic Component for Joomla: Reflected XSS Vulnerability Quickform Component for Joomla: Reflected XSS Vulnerability Joomdoc Component for Joomla: Reflected XSS Vulnerability Clicky Analytics Dashboard Module for Joomla: Reflected XSS Vulnerability Easy Quick Contact Module for Joomla: Reflected XSS Vulnerability Vulnerability: Passwords Exposed in Plaintext in AMQ Broker StatefulSet Details YAML Title: OpenSC Vulnerability: PIN Bypass and Unauthorized Access Memory Vulnerabilities in OpenSC Packages: Exploiting Card Enrollment Process for Unauthorized Access Sensitive Information Exposure in Jonk @ Follow me Darling Cookies and Content Security Policy Unauthenticated Reflected XSS Vulnerability in Rextheme WP VR Plugin Unauthenticated Reflected XSS Vulnerability in RedNao Donations Made Easy – Smart Donations Plugin <= 4.0.12 Stored XSS Vulnerability in Pdfcrowd Save as Image Plugin Unauthenticated Reflected XSS Vulnerability in Lasso Simple URLs Plugin (<= 1.1.7) Stored XSS Vulnerability in Pdfcrowd Save as PDF Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Collapse-O-Matic Plugin <= 1.8.5.5 Reflected Cross-Site Scripting Vulnerability in Bus Ticket Booking with Seat Reservation Plugin for WordPress CSRF Vulnerability in 大侠wp DX-auto-save-images Plugin <= 1.4.0 Stored Cross-Site Scripting (XSS) Vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management Stored XSS Vulnerability in PluginOps Landing Page Builder Plugin <= 1.5.1.2 Stored XSS Vulnerability in VeronaLabs Slimstat Analytics Plugin <= 5.0.8 Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Vertical Marquee Plugin <= 7.1 Type Confusion Vulnerability in V8 in Google Chrome Stored Cross-Site Scripting (XSS) Vulnerability in Team Yoast Yoast SEO Groundhogg Inc. Groundhogg Plugin <= 2.7.11.10 Auth. (admin+) Stored Cross-Site Scripting (XSS) Vulnerability Unspecified Vulnerability in IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 Allows Local Privileged User to Obtain Sensitive Information from API Logs Insufficient Authorization Checks in IBM OpenPages with Watson 8.3 and 9.0 Cross-Site Scripting Vulnerability in IBM Content Navigator with IBM Daeja ViewOne Virtual Local Privilege Escalation Vulnerability in IBM i 7.2, 7.3, 7.4, and 7.5 Navigator Local Privilege Escalation Vulnerability in IBM i Management Central Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Type Confusion Vulnerability in V8 Engine: Remote Heap Corruption in Google Chrome Sensitive Information Disclosure in IBM Cloud Pak for Business Automation Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows CVE-2023-40694 CVE-2023-40695 CVE-2023-40696 Denial of Service Vulnerability in IBM InfoSphere Information Server 11.7 Type Confusion Vulnerability in V8 in Google Chrome Mattermost Boards Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerability in VI Web Client Map Setting Page (Versions prior to 7.9.6) Unrestricted Login Attempts Vulnerability in SNAP PAC S1 Firmware R10.3b Weak Password Policy in SNAP PAC S1 Firmware Version R10.3b Open FTP Port Vulnerability in SNAP PAC S1 Firmware R10.3b Denial of Service Vulnerability in SNAP PAC S1 Firmware version R10.3b Heap Buffer Overflow in Visuals in Google Chrome Denial of Service Vulnerability in SNAP PAC S1 Firmware version R10.3b Unbounded Decompression Vulnerability in Veilid before 0.1.9 Unmasking Secret Configuration Vulnerability in Apache Airflow CWE-312: Cleartext Storage of Sensitive Information Vulnerability in FortiTester Command Injection Vulnerability in FortiTester 2.3.0 through 7.2.3 Hard-coded Credentials Vulnerability in FortiTester 2.3.0 through 7.2.3 Evasion Vulnerability in Fortinet IPS Engine Versions 7.321, 7.166, and 6.158 Fortinet FortiAnalyzer and FortiManager Static Credentials Vulnerability Heap Corruption Vulnerability in WebGL in Google Chrome Plaintext User Credential Exposure Vulnerability in QMS Automotive (All versions < V12.39) Inconsistent Error Messages in QMS Automotive Login Session Vulnerability Sensitive Information Disclosure Vulnerability in QMS Automotive (All versions < V12.39) Outdated Application Signing Mechanism Vulnerability in QMS Automotive (All versions < V12.39) Insecure Storage of Sensitive Data in QMS.Mobile Module (All versions < V12.39) Unencrypted Communication Vulnerability in QMS Automotive (All versions < V12.39) Heap Corruption Vulnerability in ANGLE in Google Chrome on Mac Insufficient Authorization Checks in QMS.Mobile Module (All versions < V12.39) Arbitrary File Upload Vulnerability in QMS Automotive (All versions < V12.39) Session Hijacking Vulnerability in QMS Automotive (All versions < V12.39) Sensitive Information Exposure Vulnerability in BUTTERFLY BUTTON Project Blink Task Scheduling Use After Free Vulnerability in Google Chrome Apache Axis 1.x ServiceFactory.getService LDAP Injection Vulnerability Integer Overflow Vulnerability in LibTIFF Allows Remote Code Execution CVE-2023-40747 SQL Injection Vulnerability in PHPJabbers Food Delivery Script 3.0 SQL Injection Vulnerability in PHPJabbers Food Delivery Script v3.0 Use After Free Vulnerability in Cast in Google Chrome Cross Site Scripting (XSS) Vulnerability in PHPJabbers Yacht Listing Script v1.0 Cross Site Scripting (XSS) Vulnerability in PHPJabbers Fundraising Script v1.0 Cross Site Scripting (XSS) Vulnerability in PHPJabbers Make an Offer Widget v1.0 Cross Site Scripting (XSS) Vulnerability in PHPJabbers Ticket Support Script v3.2 Account Takeover Vulnerability in PHPJabbers Car Rental Script 3.0 PHPJabbers Callback Widget v1.0 - Cross Site Scripting (XSS) in 'theme' Parameter User Enumeration Vulnerability in PHPJabbers Callback Widget v1.0 User Enumeration Vulnerability in PHPJabbers Food Delivery Script v3.1 User Enumeration Vulnerability in PHPJabbers Document Creator v1.0 User Enumeration Vulnerability in PHP Jabbers Restaurant Booking Script v3.0 WebRTC Use After Free Vulnerability in Google Chrome User Enumeration Vulnerability in PHP Jabbers Hotel Booking System v4.0 User Enumeration Vulnerability in PHPJabbers Yacht Listing Script v2.0 User Enumeration Vulnerability in PHPJabbers Fundraising Script v1.0 User Enumeration Vulnerability in PHPJabbers Taxi Booking Script v2.0 User Enumeration Vulnerability in PHP Jabbers Car Rental Script v3.0 User Enumeration Vulnerability in PHPJabbers Event Booking Calendar v4.0 User Enumeration Vulnerability in PHPJabbers Ticket Support Script v3.2 User Enumeration Vulnerability in PHPJabbers Make an Offer Widget v1.0 Privilege Escalation via Malicious Chrome Extension DataEase v.1.18.9 SQL Injection Vulnerability Remote Code Execution Vulnerability in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 Privilege Escalation via Malicious Chrome Extension Buffer Overflow Vulnerability in Libming v0.4.8: Denial of Service via Crafted .swf File DedeCMS 5.7.102 File Upload Vulnerability in module_make.php HKcms v2.3.0.230709 Cross Site Scripting (XSS) Vulnerability: Administrator Cookie Theft SQL Injection Vulnerability in SpringBlade V3.6.0 Incorrect Access Control in SpringBlade <=V3.6.0: Unauthorized Access to Error Logs Failure to Unpin Pages in extract_user_to_sg in Linux Kernel Command Injection Vulnerability in Phicomm K2 v22.6.529.216 Post-Authentication Stack Overflow Vulnerability in Tenda AC23 v16.03.07.45_cn Post-Authentication Stack Overflow Vulnerability in Tenda AC23 v16.03.07.45_cn Buffer Overflow Vulnerability in Tenda AC23 Vv16.03.07.45_cn Post-Authentication Stack Overflow Vulnerability in Tenda AC23 v16.03.07.45_cn Stack Overflow Vulnerability in Tenda AC23 v16.03.07.45_cn Post-Authentication Heap Overflow Vulnerability in Tenda AC23 v16.03.07.45_cn HTML Injection Vulnerability in OpenCRX Version 5.2.0 via Activity Search Criteria-Activity Number HTML Injection Vulnerability in OpenCRX 5.2.0 Product Name Field HTML Injection Vulnerability in OpenCRX 5.2.0 Accounts Group Name Field HTML Injection Vulnerability in OpenCRX Version 5.2.0: Activity Saved Search Creation HTML Injection Vulnerability in OpenCRX 5.2.0 via Accounts Name Field HTML Injection Vulnerability in OpenCRX Version 5.2.0: Category Creation Name Field HTML Injection Vulnerability in OpenCRX 5.2.0: Activity Milestone Name Field HTML Injection Vulnerability in OpenCRX 5.2.0 Product Configuration Name Field Arbitrary Code Execution Vulnerability in Perfree PerfreeBlog v.3.1.2 Remote Code Execution and Information Disclosure Vulnerability in pf4j v.3.9.0 and Earlier Remote Code Execution and Information Disclosure Vulnerability in pf4j v.3.9.0 and Earlier Remote Code Execution and Information Disclosure Vulnerability in pf4j v.3.9.0 and Earlier Unauthorized Access Vulnerability in Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000 Buffer Overflow Vulnerability in Tenda AC6 v15.03.05.19 Remote Privilege Escalation in Thecosy IceCMS v.1.0.0 via getCosSetting Parameters OpenCart v4.0.2.2 Brute Force Vulnerability Command Execution Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin Command Execution Vulnerability in 'sub_3A1D0' Function Command Execution Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin Buffer Overflow Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via fromGetWirelessRepeat Function Buffer Overflow Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via add_white_node Function Buffer Overflow Vulnerability in Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via R7WebsSecurityHandler Buffer Overflow Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via sub_73004 Function Buffer Overflow Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via formWifiBasicSet Buffer Overflow Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via function 'sub_34FD0' Buffer Overflow Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via sub_90998 Function Buffer Overflow Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via initIpAddrInfo Function Buffer Overflow Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin via sub_7D858 Function Vulnerability: Incorrect Access Control and File Leak in netentsec NS-ASG 6.3 Arbitrary Code Execution via Cross Site Scripting (XSS) in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 SQL Injection Vulnerability in Phpgurukul User Registration & Login and User Management System with Admin Panel 3.0 Buffer Overflow Vulnerability in VirusTotal YARA v.4.3.2: Remote Code Execution via yr_execute_cod in exe.c CSRF Vulnerability in mooSocial MooSocial Software v.Demo Arbitrary Code Execution via Cross Site Scripting in mooSocial mooSocial Software 3.1.6 and 3.1.7 Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS 5.7.110 at /dede/vote_add.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS 5.7.110 at /dede/vote_edit.php Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7.110 via title parameter in /dede/freelist_add.php Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7.110 via title parameter in /dede/freelist_edit.php Incomplete Fix for CVE-2020-14496: Incorrect Default Permissions Vulnerability in Mitsubishi Electric Corporation FA Engineering Software Products Heap-based Buffer Overflow in ZBar QR Code Reader Undocumented Local File Inclusion Vulnerability in Wago Products Stack-based Buffer Overflow Vulnerability in ZBar 0.23.90 Allows Information Disclosure and Arbitrary Code Execution via Crafted QR Codes Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn via /goform/SetStaticRouteCfg Parameter List Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn WideStand 5.3.5 XSS Reflected Vulnerability Stack Overflow Vulnerability in Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn Samba Vulnerability: File Truncation Exploit with acl_xattr Configuration Stack Buffer Overflow Vulnerability in Tenda AX3 v16.03.12.11: DoS via ssid Parameter Escalation of Privileges in KnowStreaming 3.3.0: Unauthorized User Creation with Admin Role Arconte Áurea 1.5.0.0 SQL Injection Vulnerability: Data Exposure and System Compromise SQL Injection Vulnerability in Prixan PrixanConnect up to v1.62 SQL Injection Vulnerability in Common Services soliberte v4.3.03: Exploiting lat and lng Parameters in functions/point_list.php SQL Injection Vulnerability in Kerawen before v2.5.1 via ocs_id_cart Parameter Multiple SQL Injection Vulnerabilities in MyPrestaModules Ordersexport Plugin (send.php) Directory Traversal Vulnerability in SolarView Compact < 6.00 Arconte Áurea 1.5.0.0: Reflected and Persistent XSS Vulnerability Directory Traversal Vulnerability in Skyworth 3.0 OS SQL Injection Vulnerability in Nagios XI 5.11.0 - 5.11.1 Nagios XI 5.11.1 and Below: Cross-Site Scripting (XSS) Vulnerability in Custom Logo Component SQL Injection Vulnerability in Nagios XI v5.11.1 and Below SQL Injection Vulnerability in Nagios XI 5.11.1 and Below: Arbitrary SQL Command Execution via Host Escalation Notification Settings Authentication System Vulnerability: Account Blocking and Attempt Limit Circumvention in ARCONTE Aurea 1.5.0.0 Stack Overflow Vulnerability in Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 via 'firewall_value' Parameter SQL Injection Vulnerability in Schoolmate 1.3: Exploiting $schoolname Variable in ~\header.php SQL Injection Vulnerability in Sourcecodester Doctor Appointment System 1.0 at doctors\myDetails.php SQL Injection Vulnerability in Schoolmate 1.3: Exploiting $username Variable in ValidateLogin.php Arconte Áurea 1.5.0.0 User Enumeration Vulnerability CSRF Vulnerability in icms 7.0.16 SQL Injection Vulnerability in Grzegorz Marczynski Dynamic Progress Bar SQL Injection Vulnerability in Didotech srl Engineering & Lifecycle Management (pdm) v.14.0, v.15.0, and v.16.0 SQL Injection Vulnerability in Cloudroits Website Job Search v.15.0 SQL Injection Vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0, and v.16.0 SQL Injection Vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0, and v.16.0 Brute Force Attack Vulnerability in Fujitsu Arconte Áurea 1.5.0.0: Weak Password Recovery Mechanism Buffer Overflow Vulnerability in hzeller timg v.1.5.1 and Earlier: Remote Denial of Service via 0x61200000045c Address Vulnerability: Server Side Request Forgery (SSRF) in Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 Insecure File Upload Vulnerability SQL Injection Vulnerability in Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 via admin/modules/circulation/loan_rules.php Web Application Vulnerability: Authentication Bypass and SQL Injection Exploit Arbitrary Code Execution via File Upload in DWSurvey DWSurvey-OSS v.3.2.0 and Earlier Stored XSS Vulnerability in Webmin v2.100 via Cloned Module Name Parameter Webmin v2.100 File Manager Reflected XSS Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Webmin File Manager Function Cross-Site Scripting (XSS) Vulnerability in Webmin 2.100 File Manager Stored XSS Vulnerability in Usermin Configuration Function of Webmin v2.100 Arbitrary Code Execution via SQL Injection in JEECG-Boot v3.0, 3.5.3 Lack of Access Control in QSige Monitor Application Buffer Overflow Vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0: Remote Denial of Service via Crafted Packet Buffer Overflow Vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0: Remote Denial of Service via Packet Size Component Stored XSS Vulnerability Use-After-Free Vulnerability in GPAC through 2.2.1 Arbitrary Code Execution Vulnerability in Pagekit v.1.0.18 Arbitrary Code Execution via Crafted Script in Adlered Bolo-Solo v.2.6 File Upload Vulnerability Lack of Access Control in QSige Login SSO Default Password Parameter Vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 Command Execution Vulnerability Remote Code Execution Vulnerability in China Mobile Intelligent Home Gateway v.HG6543C4 Arbitrary Code Injection through p4 Field in IceWarp 10.3.1 Webmail Calendar CVE-2023-41014 CVE-2023-41015 Lack of Access Control in QSige Login SSO Credential Disclosure in Juplink RX4-1500 Wifi Router Firmware Versions V1.0.4 and V1.0.5 Stack-Based Buffer Overflow in Juplink RX4-1500 WiFi Router Allows Root Code Execution Command Injection Vulnerability in Juplink RX4-1500 Wifi Router Firmware Remote SQL Injection Vulnerability in QSige Statistics Hard-coded Credentials Vulnerability in Juplink RX4-1500 Versions V1.0.2 through V1.0.5 Command Injection Vulnerability in Juplink RX4-1500 Versions V1.0.2 - V1.0.5 Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-21263) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-21266) XXE Vulnerability in Eclipse Leshan's DDFFileParser and DefaultDDFFileValidator Insecure Interprocess Communication (IPC) in Macvim Prior to Version 178 Allows Privilege Escalation OpenPGP.js Cleartext Signed Message Verification Bypass Vulnerability CVE-2023-41038 Information Disclosure Vulnerability in RestrictedPython's Format Functionality Arbitrary VPN Setup Configuration Vulnerability in Mozilla VPN for Linux Unrestricted File Read Vulnerability in GitPython Session Persistence Vulnerability in Graylog Unrestricted Remote Theme Asset Loading Vulnerability in Discourse Icon Sprite Cache Denial of Service Vulnerability Graylog Support Bundle Partial Path Traversal Vulnerability Vulnerability: DNS Cache Poisoning in Graylog Arbitrary Velocity Code Execution in XWiki Platform OctoPrint 1.9.2 and Earlier: Remote Code Execution Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in Plone.namedfile for SVG Images Arbitrary JavaScript Execution in dcl/single-sign-on-client Library (CVE-2021-XXXX) Attachment Deletion Vulnerability in Mattermost Information Disclosure via Unsafe `str.format_map` in AccessControl Out-of-bounds Memory Access in vm-memory Rust Crate Order of evaluation vulnerability in Vyper's builtin functions Unauthorized Key Access Vulnerability in Redis SORT_RO Command Server-Side Request Forgery (SSRF) vulnerability in LibreY's `image_proxy.php` file Server-Side Request Forgery (SSRF) vulnerability in LibreY's meta search engine Heap Overflow Vulnerability in Redis Arbitrary File Modification in hyper-bump-it Vulnerability: Incomplete Invocation of Parse Cloud Trigger beforeFind in Certain Conditions Guest User Privilege Escalation in Mattermost Public Playbooks Type Confusion Vulnerability in macOS Sonoma 14, iOS 17, and iPadOS 17 Allows Remote Kernel Code Execution Arbitrary Code Execution Vulnerability in watchOS, iOS, and iPadOS Arbitrary Code Execution Vulnerability in macOS Ventura 13.6, tvOS 17, iOS 16.7, and iPadOS 16.7 Buffer Overflow Vulnerability in Apple Operating Systems Improved Private Data Redaction for Log Entries in Apple Operating Systems Vulnerability: Credential Leakage from Secure Text Fields in macOS Sonoma 14 Gatekeeper Bypass Vulnerability in macOS Sonoma 14 Privilege Escalation Vulnerability Patched in Apple Operating Systems Face ID Vulnerability: Authentication of 3D Spoofing Models Improper User Permission Validation in Mattermost Allows Unauthorized Updates to System Admin Details Sensitive Data Exposure via Link Sharing Arbitrary Code Execution Vulnerability in Apple Operating Systems Improved Private Data Redaction for Log Entries in macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1 Improved State Management Fixes Authorization Vulnerability in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in Apple Devices Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges macOS Ventura 13.6.1 Patch: Resolving App Access to Protected User Data Vulnerability Improved State Management Fixes Authorization Issue in macOS Sonoma 14, Prevents Privacy Preference Bypass Privacy Preferences Bypass Vulnerability Patched in macOS Sonoma 14 Unsanitized Audit Logging in Mattermost Exposes Permalink Contents Apache Tomcat FORM Authentication Open Redirect Vulnerability Authentication Bypass in Apache Tomcat Connectors (mod_jk) - CVE-2023-41081 Session Hijacking Vulnerability Undisclosed Traffic Vulnerability in IPSec Configured Virtual Servers FURUNO SYSTEMS Wireless LAN Access Point Devices CSRF Vulnerability Cleartext Transmission of Sensitive Information Vulnerability in DexGate Server Cookie-based Session Hijacking Vulnerability HTML Injection Vulnerability in Ninja Forms WordPress Plugin Race Condition Vulnerability in Intel(R) MAS Software: Potential Privilege Escalation via Local Access Uncontrolled Search Path Vulnerability in Intel(R) MPI Library Software (Version 2021.11 and earlier) Allows Privilege Escalation via Local Access TouchLink Vulnerability: Expired Resource Operation and Missing Release Insecure Storage of Network Credentials in Silicon Labs OpenThread SDK Insecure Storage of Network Credentials in Silicon Labs Ember ZNet SDK on ARM (SecureVault High modules) Padding Oracle Crypto Attack Vulnerability in Silabs GSDK on ARM Reflected XSS Vulnerability in MISP Dashboard Edit CVE-2023-41099 Cross-Site Scripting (XSS) Vulnerability in PHP Jabbers Availability Booking Calendar 5.0 Bypassing CAPTCHA Check in hcaptcha Extension for TYPO3 Buffer Overflow Vulnerability in OpenNDS Captive Portal Memory Leak Vulnerability in OpenNDS Captive Portal Stored Cross-site Scripting (XSS) Vulnerability in Interact 7.9.79.5 Out-of-Bounds Memory Access in libvmod-digest: Authentication Bypass and Information Disclosure Path Truncation Vulnerability in os.path.normpath() Zimbra Collaboration Account Access Vulnerability Persistent XSS Vulnerability in TEF Portal 2023-07-17 TEF Portal 2023-07-17: Authenticated Remote Code Execution Vulnerability Unauthenticated OS Command Injection in SmartNode SN200 (aka SN200) 3.21.2-23021 Cross-Site Scripting (XSS) Vulnerability in PHP Jabbers Bus Reservation System 1.1 Length Parameter Inconsistency Vulnerability in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem Buffer Overflow Vulnerability in Samsung Exynos Processors Information Disclosure Vulnerability in EnterpriseDB Postgres Advanced Server Arbitrary File Read Vulnerability in EnterpriseDB Postgres Advanced Server Authenticated User Privilege Escalation via UTL_ENCODE in EnterpriseDB Postgres Advanced Server Authenticated User Privilege Escalation: Unrestricted Materialized View Refresh in EnterpriseDB Postgres Advanced Server Inadequate Security Measures in EPAS Allow Search_Path Attacks Authenticated User Bypasses Authorization and Accesses Implementation Functions in EnterpriseDB Postgres Advanced Server Privilege Escalation via _dbms_aq_move_to_exception_queue Function in EnterpriseDB Postgres Advanced Server Cross-Site Scripting Vulnerability in PHP Jabbers Shuttle Booking Software 1.0 Authenticated User Privilege Escalation: DBMS_PROFILER Data Removal Denial of Service Vulnerability in Array AG OS before 9.4.0.499 Stored Cross-Site Scripting (XSS) Vulnerability in Evergreen Content Poster Stored Cross-site Scripting (XSS) Vulnerability in WP Roadmap – Product Feedback Board Plugin CSRF Vulnerability in Patreon WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in PHP Jabbers Service Booking Script 1.0 CSRF Vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Laurence/OhMyBox.Info Simple Long Form Reverse Engineering Vulnerability in Symmetric Encryption of AppsAnywhere Server Privilege Escalation Vulnerability in AppsAnywhere macOS Client Autodesk AutoCAD 2024 and 2023 STP File Parsing Vulnerability Cross-Site Scripting (XSS) Vulnerability in PHP Jabbers Night Club Booking Software 1.0 Autodesk AutoCAD 2024 and 2023 Heap-Based Buffer Overflow Vulnerability Unauthorized Access to Autodesk Account Cases Data Leakage Vulnerability in Autodesk Customer Support Portal OS Command Injection Vulnerability in F-RevoCRM Version 7.3.7 and 7.3.8 Cross-Site Scripting (XSS) Vulnerability in PHP Jabbers Cleaning Business 1.0 Cross-Site Scripting Vulnerability in F-RevoCRM 7.3 Series Softing OPC UA C++ SDK Uncaught Exception Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Usermin 2.000 MIME Type Programs Tab Stored XSS Vulnerability in Usermin 2.001 SSH Configuration Tab Stored Cross-Site Scripting (XSS) Vulnerability in Usermin 2.000's Scheduled Cron Jobs Tab Stored XSS Vulnerability in Mail Forwarding and Replies Tab in Webmin and Usermin 2.000 Stored Cross-Site Scripting (XSS) Vulnerability in Usermin 2.001's Filter and Forward Mail Tab Usermin 2.000 Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities Stored XSS Vulnerability in Usermin 2.000 MIME Type Programs Tab Stored Cross-Site Scripting (XSS) Vulnerability in Usermin 2.000 Autoreply File Editing Cross-Site Scripting (XSS) Vulnerability in PHP Jabbers Taxi Booking 2.0 Stored Cross-Site Scripting (XSS) Vulnerability in Usermin SSH Configuration Tab Multiple Stored XSS Vulnerabilities in Usermin 2.000 Reflected Cross-site Scripting (XSS) Vulnerability in Usermin 2.000 File Manager Tab Reflected Cross-site Scripting (XSS) Vulnerability in Usermin 2.000 File Manager Tab Potential DoS Vulnerability in Django's uri_to_iri() Function CVE-2023-41165 User Account Existence Disclosure Vulnerability in Stormshield Network Security (SNS) XSS vulnerability in @webiny/react-rich-text-renderer allows content managers to execute malicious scripts Stored Cross-Site Scripting Vulnerability in NetScout nGeniusONE 6.3.4 Build 2298 Stored Cross-Site Scripting Vulnerability in NetScout nGeniusONE 6.3.4 Build 2298 Cross-Site Scripting (XSS) Vulnerability in PHP Jabbers Rental Property Booking 2.0 Reflected Cross-Site Scripting Vulnerability in NetScout nGeniusONE 6.3.4 build 2298 Stored Cross-Site Scripting Vulnerability in NetScout nGeniusONE 6.3.4 Build 2298 Stored Cross-Site Scripting Vulnerability in NetScout nGeniusONE 6.3.4 Build 2298 Denial of Service Vulnerability in AdGuard DNS 2.2 Arbitrary Code Execution Vulnerability in Apple Operating Systems Heap-based Buffer Overflow in libtiff's raw2tiff.c Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro Mobile Security (Enterprise) Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro Mobile Security (Enterprise) Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro Mobile Security (Enterprise) Arbitrary Command Execution Vulnerability in Trend Micro Apex One and Worry-Free Business Security Cross-Site Scripting (XSS) Vulnerability in Cute Http File Server 2.0 Incorrect Certificate Validation in InvokeHTTP on Apache NiFi MiNiFi C++ Versions 0.13 to 0.14 CVE-2023-41181 CVE-2023-41182 CVE-2023-41183 CVE-2023-41184 CVE-2023-41185 CVE-2023-41186 CVE-2023-41187 CVE-2023-41188 CVE-2023-41189 Cross-Site Scripting (XSS) Vulnerability in Academy LMS 6.0 (VDB-235966) CVE-2023-41190 CVE-2023-41191 CVE-2023-41192 CVE-2023-41193 CVE-2023-41194 CVE-2023-41195 CVE-2023-41196 CVE-2023-41197 CVE-2023-41198 CVE-2023-41199 Critical Command Injection Vulnerability in Beijing Baichuo Smart S85F Management Platform up to 20230722 (VDB-235967) CVE-2023-41200 CVE-2023-41201 CVE-2023-41202 CVE-2023-41203 CVE-2023-41204 CVE-2023-41205 CVE-2023-41206 CVE-2023-41207 CVE-2023-41208 CVE-2023-41209 Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S85F Management Platform CVE-2023-41210 CVE-2023-41211 CVE-2023-41212 CVE-2023-41213 CVE-2023-41214 CVE-2023-41215 CVE-2023-41216 CVE-2023-41217 CVE-2023-41218 CVE-2023-41219 Insecure File Upload Vulnerability in Student Information System v1.0 Allows Remote Code Execution CVE-2023-41220 CVE-2023-41221 CVE-2023-41222 CVE-2023-41223 CVE-2023-41224 CVE-2023-41225 CVE-2023-41226 CVE-2023-41227 CVE-2023-41228 CVE-2023-41229 CVE-2023-41230 Privilege Escalation Vulnerability in Intel ACAT Software Improved Bounds Checking to Address Out-of-Bounds Read Vulnerability Arbitrary Script Injection Vulnerability in Welcart e-Commerce Item List Page Registration Process Unauthenticated Reflected XSS Vulnerability in Everest Themes Everest News Pro Theme <= 1.1.7 Unauthenticated Reflected XSS Vulnerability in Happy Elementor Addons Pro Plugin <= 2.8.0 Unauthenticated Reflected XSS Vulnerability in Everest Themes Arya Multipurpose Pro Theme Unauthenticated Reflected XSS Vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons Plugin Blubrry PowerPress Podcasting Plugin SSRF Vulnerability Unauthenticated Access to GitHub Repository in answerdev/answer prior to v1.1.1 SureCart WordPress Ecommerce For Creating Fast Online Stores Plugin <= 2.5.0 - Authenticated Stored XSS Vulnerability Hassan Ali Snap Pixel Plugin <= 1.5.7 - Authenticated Stored XSS Vulnerability CSRF Vulnerability in Buildfail Localize Remote Images Plugin Stored XSS Vulnerability in JetBrains TeamCity Cloud Profiles Configuration Reflected XSS Vulnerability in JetBrains TeamCity Build Step Copying Insecure Password Requirements in GitHub Repository answerdev/answer Prior to v1.1.0 Reflected XSS Vulnerability in JetBrains TeamCity User Registration Denial of Service Vulnerability in Intel(R) QAT Software Drivers for Windows Plaintext Logging of TSIG Keys in BIG-IP DNS and LTM Improved Private Data Redaction for Log Entries in iOS 17.1 and iPadOS 17.1: Addressing Privacy Vulnerability Root Shell Access Vulnerability via ADB Protocol on TPC-110W Device Authentication Bypass Vulnerability in Dover Fueling Solutions MAGLINK LX Web Console Configuration Type Confusion Vulnerability in Foxit Reader 12.1.2.15356 Allows Arbitrary Code Execution Information Disclosure via Fake or Spoofed Email Headers in Best Practical Request Tracker (RT) GitHub Repository answerdev/answer Prior to v1.1.0: Insufficient Session Expiration Vulnerability Information Exposure in Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 via Mail-Gateway REST API Responses Unauthenticated CSV Export Vulnerability in Plixer Scrutinizer SQL Injection Vulnerability in Plixer Scrutinizer's csvExportReport Endpoint Unauthenticated Access to Debug Logs in Plixer Scrutinizer Authentication Bypass and Privilege Escalation in Netwrix Usercube (before 6.0.215) HTTP Request Tunneling Vulnerability in Qlik Sense Enterprise for Windows Path Traversal Vulnerability in Qlik Sense Enterprise for Windows (CVE-2023-XXXX) Apache Airflow HDFS Provider Incorrect Pip Package Installation Vulnerability Stack Overflow and Segmentation Fault Vulnerability in Samsung Open Source Escargot Critical Race Condition Vulnerability in answerdev/answer Repository (prior to v1.1.1) Denial of Service Vulnerability in Samsung Smart TV UE40D7000 Heap-based Buffer Overflow Vulnerability in QNAP Operating System Allows Code Execution via Network Authenticated Administrators Can Launch DoS Attack via Network: QNAP OS Vulnerability Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Title: Critical OS Command Injection Vulnerability in QNAP Operating Systems Title: Critical OS Command Injection Vulnerability in QNAP Operating Systems Title: Critical OS Command Injection Vulnerability in QNAP Operating Systems QuMagie SQL Injection Vulnerability Allows Code Injection via Network QuMagie SQL Injection Vulnerability Allows Code Injection via Network Video Station SQL Injection Vulnerability Title: Critical OS Command Injection Vulnerability in Video Station Allows Remote Command Execution QcalAgent OS Command Injection Vulnerability Inadequate Encryption Strength Vulnerability in Dell Data Protection Central 19.9 CVE-2023-41290 CVE-2023-41291 Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Confidentiality Breach Vulnerability in DDMP Module Service Hijacking Vulnerability in DP Module Affects Super Device Services Improper Permission Management in DisplayEngine Module: Dimming Screen Vulnerability Kernel Module Authorization Bypass: Threats to Integrity and Confidentiality Design Defect Vulnerability in HiviewTunner Module: Potential Service Hijacking Window Module Permission Control Vulnerability: Confidentiality at Risk PMS Module Denial of Service Vulnerability Parameter Verification Vulnerability in PMS Module: Potential System Restart Exploitation Unauthorized API Access Vulnerability in PMS Module: Potential Abnormal Feature Behavior Home Screen Module Redirection Permission Verification Vulnerability Distributed File System Module Command Injection Vulnerability Window Module Parameter Verification Vulnerability Unencrypted 5G SMS Messages in VPN Environment: Confidentiality at Risk Critical Vulnerability: Mutex Management Flaw in Bone Voice ID Trusted Application Module Critical Memory Overwriting Vulnerability in Security Module Threatens System Availability Input Module Screenshot Vulnerability: Confidentiality at Risk MediaPlaybackController Module Permission Control Vulnerability Sticky Broadcast Keep-Alive Vulnerability: Enabling Persistent Background Execution Audio Module Permission Control Vulnerability: Automatic App Activation Audio Module Permission Control Vulnerability: Triggering Automatic Activation of Apps CVE-2023-41313 Unauthenticated Access and Arbitrary File Retrieval Vulnerability in API Endpoints HTML Injection in Tolgee Localization Platform Invitation Emails Denial-of-Service (DoS) vulnerability in Apollo Router v1.28.0, v1.28.1, and v1.29.0 when GraphQL Subscriptions are enabled Arbitrary Code Execution via SVG Content-Disposition Vulnerability in matrix-media-repo Arbitrary Code Execution in Fides Webserver API Use-After-Free Vulnerability in Linux Kernel's Siano SMSUSB Module SQL Injection Vulnerability in GLPI's UI Layout Preferences Management Sensitive Field Enumeration Vulnerability in GLPI Vulnerability: Unauthorized Password Change and Account Takeover in GLPI Unauthenticated User Enumeration Vulnerability in GLPI Account Hijacking Vulnerability in GLPI Double Free Vulnerability in OP-TEE's shdr_verify_signature Function Kanban Hijacking Vulnerability in GLPI Software Vulnerability: Unfiltered Webhook Proxying in WireMock SQL Injection Vulnerability in Frappe Framework: Upgrade to Versions 13.46.1 and 14.20.0 Vulnerability: DNS Rebinding Attack in WireMock Proxy Mode Use-after-free vulnerability in cxgb4 driver in Linux kernel Remote Code Execution Vulnerability in knplabs/knp-snappy (CVE-2023-28115) Remote Command Execution Vulnerability in SOFARPC (Versions prior to 5.11.0) Denial of Service Vulnerability in Cilium Agent CiliumNetworkPolicy Bypass Vulnerability CVE-2023-41334 Temporary Password Storage Vulnerability in Synapse Matrix Homeserver Vulnerability: Unauthorized Entity Submission in Symfony UX Autocomplete Misdirection of HTTPS Requests in h2o Server Improper Access Restriction in Fiber Web Framework Prior to 2.49.2 Service Side Request Forgery (SSRF) Vulnerability in GeoServer Insufficient Filtering in Rogic No-Code Database Builder Allows for Stored XSS Attack via File Upload Path Traversal Vulnerability in NCSIST ManageEngine Mobile Device Manager (MDM) APP Allows Unauthorized Access to System Files Command Injection Vulnerability in ASUS RT-AX55's Authentication Module Vulnerability: Command Injection in ASUS RT-AX55's Token-Refresh Module Command Injection Vulnerability in ASUS RT-AX55's Authentication Module Command Injection Vulnerability in ASUS RT-AX55's Authentication Module Vulnerability in ASUS Router RT-AX88U: Externally-Controlled Format String Attack in Advanced Open VPN Function Heap Out-of-Bounds Memory Read Vulnerability in QEMU's Virtual NVMe Device Insufficient Authentication Measures in Chunghwa Telecom NOKIA G-040W-Q: Exposing Captcha and Brute Force Vulnerability Authentication Bypass Vulnerability in Chunghwa Telecom NOKIA G-040W-Q Command Injection Vulnerability in Chunghwa Telecom NOKIA G-040W-Q Weak Password Requirements in Chunghwa Telecom NOKIA G-040W-Q: Remote Administrator Access Vulnerability Unauthenticated Remote Attackers Can Exploit Chunghwa Telecom NOKIA G-040W-Q Firewall Vulnerability to Expose Partially Sensitive Information Vulnerability: ICMP Redirect Message Input Validation Bypass in Chunghwa Telecom NOKIA G-040W-Q Firewall Path Traversal Vulnerability in NCSIST ManageEngine Mobile Device Manager (MDM) APP Allows Unauthorized Access to System Files Insufficient Filtering and Validation in Galaxy Software Services Corporation Vitals ESP Allows Arbitrary File Upload and Execution Vulnerability in FRRouting FRR through 9.0: Processing of NLRIs with Zero Attribute Length in bgpd/bgp_packet.c Out-of-Bounds Read Vulnerability in FRRouting FRR through 9.0 Cross-site Scripting (XSS) Vulnerability in CrafterCMS Engine Vulnerability: Out-of-Bounds Read in FRRouting FRR FRRouting FRR 9.0 Vulnerability: Unchecked Length of RCV Software Version in bgpd/bgp_open.c Code Injection Vulnerability in MyBB Admin CP Templates UserSettingsController Vulnerability in Cerebrate 1.14 Allows Unauthorized User Settings Modification SQL Injection Vulnerability in /index.php Sort Parameter SAP Business One (B1i) - Version 10.0 XXE Injection Vulnerability Unauthenticated Data Access Vulnerability in SAP NetWeaver Application Server ABAP Unauthenticated Access to Admin View and Email Address Disclosure in SAP NetWeaver (Guided Procedures) - Version 7.50 OData Service Vulnerability: Checkbook Name Manipulation in S4 HANA (Manage Checkbook Apps) XML File Attachment Vulnerability in SAP S/4HANA Create Single Payment Application Android Client Vulnerability: Unauthorized Server Settings Modification via Forged Broadcast Intent Directory Traversal Vulnerability in BIG-IP Configuration Utility Double Free Vulnerability in Kostac PLC Programming Software Version 1.6.11.0 and Earlier Use After Free Vulnerability in Kostac PLC Programming Software Version 1.6.11.0 BGP Path Attribute Mishandling in Nokia Service Router Operating System (SR OS) 22.10 and SR Linux Denial of Service Vulnerability in Calico Typha and Calico Enterprise Typha Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.8.0 Flutter Downloader Component SQL Injection Vulnerability Vulnerability: Sensitive Information Exposure via Directory Listing in WP Ultimate CSV Importer Plugin Privilege Escalation Vulnerability in WP Ultimate CSV Importer Plugin Vulnerability: Remote Code Execution in WP Ultimate CSV Importer Plugin Privilege Escalation Vulnerability in Gevent WSGIServer Component Vulnerability: Remote Code Execution in WP Ultimate CSV Importer Plugin Arbitrary Code Execution via Cross Site Scripting in WP Githuber MD Plugin v.1.16.2 Arbitrary Code Execution via Cross Site Scripting in Wonder CMS v.3.2.0 - v.3.4.2 Arbitrary Code Execution via Cross Site Scripting in CSZCMS v.1.3.0 Remote Code Execution Vulnerability in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 Remote Code Execution via SQL Injection in Novel-Plus v.4.1.0 Arbitrary Code Execution and Privilege Escalation in Binalyze IREC.sys v.3.11.0 and Earlier Arbitrary Code Execution via Cross Site Scripting in phpkobo AjaxNewTicker v.1.0.5 Arbitrary Code Execution via Cross Site Scripting in phpkobo AjaxNewTicker v.1.0.5 Arbitrary Code Execution via Cross Site Scripting in phpkobo AjaxNewTicker v.1.0.5 Arbitrary Code Execution via Cross Site Scripting in phpkobo AjaxNewTicker v.1.0.5 Remote Code Execution Vulnerability in phpkobo AjaxNewsTicker v.1.0.5 Stored Cross-site Scripting (XSS) Vulnerability in pimcore/customer-data-framework prior to 3.4.2 Remote Code Execution Vulnerability in phpkobo AjaxNewsTicker v.1.0.5 Arbitrary Code Execution via Cross Site Scripting in phpkobo AjaxNewTicker v.1.0.5 PHPKobo AjaxNewTicker v.1.0.5 Cross Site Request Forgery Arbitrary Code Execution Vulnerability Arbitrary Code Execution via Cross Site Scripting in phpkobo AjaxNewTicker v.1.0.5 Use-After-Free Vulnerability in Linux Kernel's Netfilter Functionality with NFTA_RULE_CHAIN_ID Directory Traversal Vulnerability in Ivanti Avalanche 6.3.4.153: Unauthorized Access to Sensitive Information Reflected Cross-Site Scripting in Ditty WordPress Plugin (CVE-2021-12345) JPEG File Information Disclosure Vulnerability in cimg.eu Cimg Library v2.9.3 Remote Command Injection Vulnerability in Web-Based Management CSRF Vulnerability in User Activity Tracking and Log WordPress Plugin CVE-2023-41503 CVE-2023-41504 CVE-2023-41505 CVE-2023-41506 Multiple SQL Injection Vulnerabilities in Super Store Finder v3.6 Store Locator Component Critical Security Vulnerability: Hard Coded Password in Super Store Finder v3.6 Allows Unauthorized Access to Administration Panel Reflected Cross-Site Scripting in Store Locator WordPress Plugin Path Traversal Vulnerability in Frauscher Sensortechnik GmbH FDS101 Web Interface Privilege Escalation Vulnerability in BAN Users Plugin for WordPress (up to version 1.5.3) Cross Site Scripting (XSS) Vulnerability in phpjabbers Business Directory Script 3.2 via keyword parameter Cross Site Scripting (XSS) Vulnerability in phpjabbers PHP Forum Script 3.0 via keyword parameter SQL Injection Vulnerability in phpjabbers Business Directory Script 3.2 via column parameter Samba's DirSync Control Implementation Vulnerability Exposes Active Directory Passwords and Secrets SQL Injection Vulnerability in JEECG-Boot 3.5.3: Privilege Escalation and Sensitive Information Disclosure via jmreport/qurestSql Component SQL Injection Vulnerability in JEECG-Boot v3.5.3: Privilege Escalation and Sensitive Information Disclosure via /sys/replicate/check Component Remote Code Execution Vulnerability in jeecg-boot 3.5.3 via SSTI Injection in /jmreport/loadTableData Component Double Fetch Race Condition Vulnerability in KVM AMD Secure Encrypted Virtualization (SEV) Stack Overflow Vulnerability in Tenda AC7 and AC9 Routers via Parameter SSID Stack Overflow Vulnerability in Tenda AC9 V3.0 and AC5 V15.03.06.42_multi Stack Overflow Vulnerability in Tenda AC9 V3.0 V15.03.06.42_multi via wpapsk_crypto Parameter Stack Overflow Vulnerability in Tenda AC7 V1.0 V15.03.06.44 via security_5g Parameter Stack Overflow Vulnerability in Tenda AC7, AC9, and AC5 Routers Stack Overflow Vulnerability in Tenda AC7 and AC5 Routers via /goform/addressNat URL Stack Overflow Vulnerability in Tenda AC7 V1.0 V15.03.06.44 via timeZone Parameter Stack Overflow Vulnerability in Tenda AC7, AC9, and AC5 Routers Heap Out-of-Bounds Read Vulnerability in gawk Package Stack Overflow Vulnerability in Tenda AC9 V3.0 V15.03.06.42_multi via firewallEn Parameter Stack Overflow Vulnerability in Tenda AC9 V3.0 and AC5 Routers Stack Overflow Vulnerability in Tenda AC7, AC9, and AC5 Routers Stack Overflow Vulnerability in Tenda AC9 V3.0 and Tenda AC5 Arbitrary Code Execution via Crafted .shtml File Upload in Cockpit CMS v2.6.3 GitHub Repository omeka/omeka-s Prior to Version 4.0.3 Injection Vulnerability Vulnerability: Incorrect Access Control Mechanisms in MikroTik RouterOS Rest API Stored XSS vulnerabilities in Blood Bank & Donor Management v2.2: Full Name, Message, and Address parameters. Arbitrary File Read Vulnerability in Jeecg Boot v3.5.3 via /testConnection Interface Stored Cross-site Scripting (XSS) Vulnerability in Omeka-S GitHub Repository LDAP Injection Vulnerability in Phpipam before v1.5.2 via dname Parameter Time to SLA Plugin v10.13.5 - Cross-Site Scripting (XSS) Vulnerability in durationFormat Parameter Unrestricted File Upload Vulnerability in Omeka-S GitHub Repository Cross-Site Scripting (XSS) Vulnerability in Froala Editor v4.0.1 to v4.1.1 Cross-Site Scripting (XSS) Vulnerabilities in Dairy Farm Shop Management System v1.1 Multiple SQL Injection Vulnerabilities in Dairy Farm Shop Management System v1.1 Default Password Vulnerability in xui-xray v1.8.3 Reflected Cross-Site Scripting (XSS) Vulnerability in EyouCms v1.6.2 via /admin/twitter.php?active_t Directory Traversal Vulnerability in JFinalCMS v5.0.0 Stored Cross-Site Scripting Vulnerability in WooCommerce PDF Invoice Builder Plugin for WordPress CSZ CMS v1.3.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in install/index.php D-Link R15 before v1.08.02 Vulnerability: Unrestricted IPv6 Traffic Access Open Redirect Vulnerability in sanitize_url() Parameter of CouchCMS v2.3 Cross-Site Request Forgery Vulnerability in WooCommerce PDF Invoice Builder for WordPress DLL Hijacking Vulnerability in EzViz Studio v2.2.0 Stored XSS Vulnerability in Add Animal Details Function of Zoo Management System v1.0 Multiple SQL Injection Vulnerabilities in Zoo Management System v1.0 Admin Sign-In Page Reflected Cross-Site Scripting (XSS) Vulnerability in Student Management System v1.2.3 and Earlier Reflective Cross-Site Scripting (XSS) Vulnerability in Emlog Pro v2.1.14 via /admin/article.php?active_savedraft Cross-Site Scripting (XSS) Vulnerability in Emlog Pro v2.1.14 via /admin/article.php?action=write Segmentation Fault Vulnerability in Brocade Fabric OS Emlog Pro v2.1.14 XSS Vulnerability in /admin/store.php Component SQL Injection Vulnerability in Emlog Pro2.1.14 via uid Parameter at /admin/media.php Arbitrary File Upload Vulnerability in Gradio v3.27.0 Unvalidated Source of Routing Tables in O-RAN Software Community ric-plt-lib-rmr v4.9.0 E2 G-Release Vulnerability: Denial of Service (DoS) via Incorrect Messaging Procedure Path Traversal Vulnerability in eSST Monitoring v2.147.1 File Download Feature Buffer Overflow Vulnerability in Brocade Fabric OS Remote Code Execution Vulnerability in eSST Monitoring v2.147.1 via Gii Code Generator Critical Remote Code Execution Vulnerability Found in eSST Monitoring v2.147.1 NULL Pointer Dereference Vulnerability in Catdoc v0.95's xls2csv Component XML External Entity (XXE) Vulnerability in VerifichePeriodiche.aspx Component of GruppoSCAI RealGimm v1.1.37p38 SQL Injection Vulnerability in GruppoSCAI RealGimm v1.1.37p38: Unauthorized Database Access and Command Execution Arbitrary Code Execution via File Upload in GruppoSCAI RealGimm 1.1.37p38 Arbitrary File Upload Vulnerability in GruppoSCAI RealGimm 1.1.37p38's Gestione Documentale Module Critical Vulnerability: Local Information Disclosure of Health Data without Execution Privileges Improper Error Handling Vulnerability in ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 Multiple Reflected XSS Vulnerabilities in ErroreNonGestito.aspx Component of GruppoSCAI RealGimm 1.1.37p38 Vulnerability: Unauthorized Access to Master Password Hash in Buttercup v2.20.3 Open Redirect Vulnerability in Swapnil V. Patil Login and Logout Redirect Critical SQL Injection Vulnerability in Tongda OA (CVE-2021-236181) CSRF Vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta Plugin CVE-2023-41651 SQL Injection Vulnerability in David F. Carr RSVPMaker rsvpmaker Unauthenticated Reflected XSS Vulnerability in Beplus Sermon'e – Sermons Online Plugin CSRF Vulnerability in authLdap Plugin <= 2.5.8 Stored XSS Vulnerability in authLdap Plugin <= 2.5.9 Stored Cross-Site Scripting (XSS) Vulnerability in Groundhogg Inc. HollerBox Plugin <= 2.3.2 Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery Plugin CSRF Vulnerability in Jules Colle, BDWM Responsive Gallery Grid Plugin Critical SQL Injection Vulnerability in Tongda OA (VDB-236182) CSRF Vulnerability in WPSynchro WP Synchro Plugin <= 1.9.1 Stored Cross-Site Scripting (XSS) Vulnerability in PressPage Entertainment Inc. Smarty for WordPress Plugin <= 3.1.35 Unauthenticated Reflected XSS Vulnerability in Ulf Benjaminsson WP-dTree Plugin <= 4.4.5 Unauthenticated Reflected XSS Vulnerability in WP Bannerize Pro Plugin <= 1.6.9 Stored Cross-Site Scripting (XSS) Vulnerability in Stockdio Stock Quotes List Plugin <= 2.9.9 CSRF Vulnerability in Ulf Benjaminsson WP-dTree Plugin <= 4.4.5 CSRF Vulnerability in Leadster Plugin <= 1.1.2 CSRF Vulnerability in DAEXT Live News Plugin <= 1.06 Cross-Site Scripting (XSS) Vulnerability in Media Browser Emby Server 4.7.13.0 CSRF Vulnerability in Palasthotel Memcached Plugin <= 1.0.4 CSRF Vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center Plugin Improper Authorization Vulnerability in Fortinet FortiADC Version 7.4.0 and Earlier: Unauthorized Access to System Configuration Use After Free Vulnerability in FortiOS and FortiProxy Versions 7.0.0 - 7.2.4 Sensitive Information Exposure in FortiSIEM: Unauthorized Access to Windows Agent Password via Log Search CVE-2023-41677 Double Free Vulnerability in Fortinet FortiOS and FortiPAM FortiManager Management Interface Improper Access Control Vulnerability Information Disclosure Vulnerability in Templatecookie Adlisting 2.14.0 Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiSandbox Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiSandbox Path Traversal Vulnerability in Fortinet FortiSandbox CSRF Vulnerability in Felix Welberg SIS Handball Plugin SQL Injection Vulnerability in ilGhera Woocommerce Support System Stored Cross-Site Scripting (XSS) Vulnerability in Irina Sokolovskaya Goods Catalog Plugin <= 2.4.1 Critical Remote Code Execution Vulnerability in Ruijie RG-EW1200G 1.0(1)B1P5 Unauthenticated Reflected XSS Vulnerability in Pensopay WooCommerce PensoPay Plugin Hennessey Digital Attorney Theme XSS Vulnerability CSRF Vulnerability in edward_plainview MyCryptoCheckout Plugin CSRF Vulnerability in Realbig Team Realbig For WordPress Plugin CSRF Vulnerability in Easy WP Cleaner Plugin <= 1.9 Open Redirect Vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) Allows Redirect Access to Libraries Cross-Site Scripting (XSS) Vulnerability in DedeBIZ 6.2.10 Article Handler (VDB-236186) Improper Sanitization of User ID References in Document Comments Allows Script Injection Vulnerability: Injection of Malicious Script Code via CID References in E-Mail Processing Unrestricted Processing of User-Defined DAV User-Agent Strings Vulnerability Drive Search Expression Processing Resource Exhaustion Vulnerability Unrestricted User-Defined Mail Search Expression Processing Vulnerability Vulnerability: App Loader Redirection and Script Injection Path Traversal Vulnerability in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 Unsanitized User-Defined Script Code Execution in Upsell Shop URL Critical Stack-Based Buffer Overflow Vulnerability in SonicOS Firewall Critical Vulnerability: SonicOS SSL VPN Endpoint Allows Firewall Crash via Stack-Based Buffer Overflow SonicOS Hard-coded Password Vulnerability in 'dynHandleBuyToolbar' Demo Function SonicOS SSL VPN Tunnel Privilege Escalation Vulnerability File Type Control Bypass in Zscaler Proxy Versions 3.6.1.25 and Prior Privilege Escalation Vulnerability via File Control Remote Code Execution Vulnerability in Ivanti Connect Secure Versions Below 22.6R2 Absolute Path Traversal Vulnerability in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 Privilege Escalation Vulnerability in Ivanti Connect Secure Improper Access Control Logic in UniFi Network Application Allows Unauthorized Device Configuration Access Veeam ONE Read-Only User Role Vulnerability: Unauthorized Dashboard Schedule Viewing CVE-2023-41724 Unrestricted File Upload Vulnerability in Ivanti Avalanche EnterpriseServer Service Ivanti Avalanche Local Privilege Escalation Vulnerability Memory Corruption Vulnerability in Mobile Device Server Stored Cross-Site Scripting (XSS) Vulnerability in Rescue Themes Rescue Shortcodes Plugin Stored Cross-Site Scripting (XSS) Vulnerability in SendPress Newsletters Plugin <= 1.22.3.31 Cross-Site Scripting (XSS) Vulnerability in mooSocial mooStore 3.1.6 CSRF Vulnerability in SendPress Newsletters Plugin Stored Cross-Site Scripting (XSS) Vulnerability in I Thirteen Web Solution WordPress Publish Post Email Notification Plugin CSRF Vulnerability in CodePeople CP Blocks Plugin Stored XSS Vulnerability in YYDevelopment Back To The Top Button Plugin <= 2.1.5 Stored XSS Vulnerability in nigauri Insert Estimated Reading Time Plugin <= 1.2 Unauthorized Access to Sensitive Subscriber Information in Gopi Ramasamy Email Posts Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Email Posts to Subscribers Plugin <= 6.2 Stored Cross-Site Scripting (XSS) Vulnerability in WPGens Swifty Bar Plugin OS Command Injection Vulnerability in Synology Router Manager (SRM) Uncontrolled Resource Consumption Vulnerability in Synology Router Manager (SRM) Allows Remote DoS Attacks Cross-Site Scripting (XSS) Vulnerability in mooSocial mooStore 3.1.6 Path Traversal Vulnerability in Synology Router Manager (SRM) Allows Unauthorized File Access Information Disclosure Vulnerability in Synology Router Manager (SRM) Unrestricted IP Address Binding Vulnerability in Acronis Products Insecure Driver Communication Port Permissions Vulnerability Unrestricted Loading of Unsigned Libraries Vulnerability in Acronis Agent and Acronis Cyber Protect 15 (macOS) Excessive System Information Collection Leads to Sensitive Data Exposure in Acronis Products Remote Command Execution Vulnerability in Acronis Cloud Manager (Windows) Improper Input Validation in Acronis Cloud Manager (Windows) Leads to Sensitive Information Disclosure Remote Command Execution Vulnerability in Acronis Cloud Manager (Windows) Excessive System Information Collection Leads to Sensitive Data Exposure Cross-Site Scripting Vulnerability in mooSocial mooTravel 3.1.8 (VDB-236210) Vulnerability: Sensitive Information Disclosure in Acronis Agent (Linux, macOS, Windows) Improper Token Expiration Validation in Acronis Agent (Windows) before build 32047 Leads to Sensitive Information Disclosure Unauthorized Access to Sensitive Data in Apache Traffic Server Critical SQL Injection Vulnerability in SourceCodester Hospital Management System 1.0 (VDB-236211) Skype for Business Privilege Escalation Vulnerability Unveiling the Microsoft Office Spoofing Vulnerability: A Cloak for Cyber Attacks Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Windows CSRSS Elevation of Privilege Vulnerability Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution EmpowerID up to 7.205.0.0 Multi-Factor Authentication Code Handler Information Disclosure Vulnerability Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Windows Kernel Win32k Elevation of Privilege Vulnerability Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Exploiting the Layer 2 Tunneling Protocol for Remote Code Execution Improper Access Control Vulnerability in 'direct' Desktop App for macOS: Unauthorized Device Access ZTE ZXCLOUD iRAI Local Privilege Escalation Vulnerability ZTE ZXCLOUD iRAI Product: Illegal Memory Access Vulnerability Leading to System Crash Neutron Smart VMS Authentication Bypass Vulnerability ZTE ZXCLOUD iRAI Local Privilege Escalation Vulnerability ZTE MF258 XSS Vulnerability ZTE ZXCLOUD iRAI DLL Hijacking Vulnerability Command Injection Vulnerability in ZTE's ZXCLOUD iRAI Critical Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro Unauthorized Access to Database Backups in Pandora FMS: A Sensitive Information Exposure Vulnerability Uncontrolled Search Path Element Vulnerability in Pandora FMS: Leveraging Configuration File Search Paths for Unauthorized Access Unrestricted File Upload Vulnerability in Pandora FMS: Allowing Code Execution via PHP File Uploads Cross-Site Scripting (XSS) vulnerability in Pandora FMS allows for Cookie Hijacking and Unauthorized User Access Critical SQL Injection Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0 (VDB-236214) Uncontrolled Search Path Element Vulnerability in Pandora FMS: Leveraging Configuration File Search Paths for Unauthorized Access and Database Compromise Cross-Site Scripting (XSS) Vulnerability in Pandora FMS: Versions 700-773 Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS allows Cross-Site Scripting (XSS) in SNMP Trap Editor CVE-2023-41793 User-Controlled Key Authorization Bypass Vulnerability in WP Sunshine Sunshine Photo Cart Stored Cross-Site Scripting (XSS) Vulnerability in Gold Plugins Locations Plugin <= 4.0 CSV Injection vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing Critical SQL Injection Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0 (VDB-236215) UniConsent UniConsent CMP for GDPR CPRA GPP TCF Plugin <= 1.4.2 - Authenticated Stored XSS Vulnerability CSRF Vulnerability in AWP Classifieds Team Ad Directory & Listings Plugin Server-Side Request Forgery (SSRF) Vulnerability in Brainstorm Force Starter Templates Privilege Escalation Vulnerability in Pandora FMS: Impacting Availability Privilege Escalation Vulnerability in Pandora FMS: All Versions (700-773) Privilege Escalation Vulnerability in Pandora FMS: Unauthorized Access to Sensitive Files Critical Remote Code Execution Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0 Cross-Site Scripting (XSS) Vulnerability in Pandora FMS: Versions 700-773 Cross-Site Scripting (XSS) Vulnerability in Pandora FMS: Allowing Execution of Javascript Code in News Section Unrestricted Upload of Dangerous File Type in Pandora FMS: PHP Executable Upload Cross-Site Scripting (XSS) vulnerability in Pandora FMS allows unauthorized modification of Web Console user notification options Cross-Site Scripting (XSS) Vulnerability in Pandora FMS: Versions 700-774 Cross-Site Scripting (XSS) Vulnerability in Pandora FMS File Manager Section CVE-2023-41816 CVE-2023-41817 CVE-2023-41818 CVE-2023-41819 Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-236217) CVE-2023-41820 CVE-2023-41821 CVE-2023-41822 CVE-2023-41823 CVE-2023-41824 CVE-2023-41825 CVE-2023-41826 CVE-2023-41827 CVE-2023-41828 CVE-2023-41829 Improper Access Controls in SourceCodester Inventory Management System 1.0 (VDB-236218) CVE-2023-41830 HTTP Response Splitting Vulnerability in Apache Flink Stateful Functions 3.1.0, 3.1.1, and 3.2.0 Multipart Request Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiSandbox FortiManager CLI Command Injection Vulnerability Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-236219) DLL Hijack Vulnerability in Fortinet FortiClientWindows 7.0.9 via Malicious OpenSSL Engine Library Elevated Actions Exploit in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 CVE-2023-41842 Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiSandbox Versions 4.4.1, 4.4.0, 4.2.0-4.2.5, and 4.0.0-4.0.3 Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiSandbox Memory Corruption Vulnerability in Tecnomatix Plant Simulation Stored Cross-Site Scripting (XSS) Vulnerability in WEN Solutions Notice Bar Plugin <= 3.1.0 Critical SQL Injection Vulnerability in SourceCodester Online Hospital Management System 1.0 (VDB-236220) CSRF Vulnerability in Outbound Link Manager Plugin <= 1.2 CSRF Vulnerability in Dotsquares WP Custom Post Template CSRF Vulnerability in MailMunch Plugin CSRF Vulnerability in WP iCal Availability Plugin <= 1.0.3 CSRF Vulnerability in Softaculous Ltd. WpCentral Plugin <= 1.5.7 Stored XSS Vulnerability in Regpacks Regpack Plugin <= 0.1 ClickToTweet.Com Click To Tweet Plugin XSS Vulnerability CSRF Vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce Plugin <= 1.2 Stored XSS Vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce Plugin <= 1.2 Unrestricted Upload Vulnerability in SourceCodester Pharmacy Management System 1.0 (VDB-236221) Unauthenticated Cross-Site Scripting (XSS) Vulnerability in TravelMap Plugin <= 1.0.1 Unauthenticated Reflected XSS Vulnerability in Restrict Plugin <= 2.2.4 Unauthenticated Stored XSS Vulnerability in PeproDev CF7 Database Plugin <= 1.7.0 CVE-2023-41864 Unauthenticated Reflected XSS Vulnerability in AcyMailing Newsletter Team AcyMailing Plugin <= 8.6.2 Unauthenticated Reflected XSS Vulnerability in Codestag StagTools Plugin <= 2.3.7 Stored Cross-site Scripting (XSS) Vulnerability in instantsoft/icms2 prior to 2.16.1-git Unauthenticated Reflected XSS Vulnerability in Poll Maker Team Poll Maker Plugin <= 4.7.0 Unauthenticated Reflected XSS Vulnerability in Xtemos WoodMart Plugin <= 7.2.4 Unauthenticated Reflected XSS Vulnerability in Tyche Softwares Order Delivery Date for WooCommerce Plugin CSRF Vulnerability in Hardik Kalathiya WP Gallery Metabox Plugin CVE-2023-41877 Weak Default Password in MeterSphere's Selenium VNC Configuration Allows Unauthorized Access Guest Order Information Exposure in Magento LTS SQL Injection Vulnerability in instantsoft/icms2 prior to 2.16.1-git Miscompilation of WebAssembly `i64x2.shr_s` Instruction on Wasmtime x86_64 Platforms Vulnerability: Privacy Leakage in Vantage6 Collaboration Deletion Insufficient Authorization Check in vantage6 Prior to Version 4.0.0 Information Leakage in Piccolo ORM Allows Generation of Valid User List Arbitrary File Read Vulnerability in OpenRefine (Versions Prior to 3.7.5) Remote Code Execution Vulnerability in OpenRefine (Versions Prior to 3.7.5) Unfiltered URL Path in GLPI Login Page Allows Phishing Attack Post-Unicode Normalization Vulnerability in SHIRASAGI Content Management System Reflected Cross-site Scripting (XSS) Vulnerability in instantsoft/icms2 Insufficient Validation of Identity Provider Issuer in Sustainsys.Saml2 Library SQL Injection Vulnerability in FlyteAdmin List Endpoints Craft CMS Vulnerability: Update to 4.4.15 to Mitigate High-Impact Attack Vector Arbitrary URL Redirection in Home Assistant Login Unauthenticated Remote Triggering of Webhooks in Home Assistant Arbitrary JavaScript Execution via Cross-site Scripting (XSS) in Home Assistant Login Page WebSocket Authentication Bypass and Cross-Site Scripting (XSS) in Home Assistant Clickjacking Vulnerability in Home Assistant Server Arbitrary URL Loading Vulnerability in Home Assistant Companion for Android (GHSL-2023-142) Partial Server-Side Request Forgery in Home Assistant (GHSL-2023-162) GitHub Repository Admidio/Admidio Prior to 4.2.11: Insufficient Session Expiration Vulnerability Weak Authentication Bypass in Jetty OpenIdAuthenticator Privilege Escalation via XPC Misconfiguration in CoreCode MacUpdater 2FA Bypass Vulnerability in Zoho ManageEngine ADManager Plus REST APIs Reflected Cross-Site Scripting (XSS) Vulnerability in NETSCOUT nGeniusONE 6.3.4 Build 2298 Insecure Session Cookie Handling in Cerebrate before 1.15 NULL Pointer Dereference in FRRouting's bgp_nlri_parse_flowspec Function Critical File Inclusion Vulnerability in SourceCodester Resort Reservation System 1.0 (VDB-236234) Remote Heap Out-of-Bounds Read Vulnerability in lldpd Exynos 2200 GPU Double Free Vulnerability Buffer Overflow and Remote Code Execution in strongSwan's DH Proxy Filesystem Race Conditions in SchedMD Slurm 23.02.x and 22.05.x Arbitrary File Ownership Vulnerability in OpenPMIx PMIx Critical SQL Injection Vulnerability in SourceCodester Resort Reservation System 1.0 (CVE-2021-236235) DLL Hijacking Vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 Allows Privilege Escalation Critical SQL Injection Vulnerability in SourceCodester Resort Reservation System 1.0 (VDB-236236) Unrestricted 'name' Query Parameter in Jenkins Job Configuration History Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Job Configuration History Plugin Unrestricted 'timestamp' Query Parameter in Jenkins Job Configuration History Plugin Allows Directory Deletion Jenkins Job Configuration History Plugin XML External Entity (XXE) Vulnerability Improper Username Masking in Jenkins Pipeline Maven Integration Plugin Jenkins Azure AD Plugin Non-Constant Time Comparison Vulnerability Jenkins Google Login Plugin Vulnerability: Non-Constant Time Token Comparison Jenkins Bitbucket Push and Pull Request Plugin Vulnerability: Credential Capture via Crafted Webhook Payload CSRF Vulnerability in Jenkins Ivy Plugin Allows Deletion of Disabled Modules Jenkins SSH2 Easy Plugin 1.4 and Earlier Permission Verification Vulnerability Incorrect or Incomplete Patches for Linux Kernel's TUN/TAP Functionality Vulnerability (CVE-2023-1076) Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins TAP Plugin 2.3 and Earlier Vulnerability: Enumeration of AWS Credentials IDs in Jenkins AWS CodeCommit Trigger Plugin Jenkins AWS CodeCommit Trigger Plugin CSRF Vulnerability Allows SQS Queue Clearing Jenkins AWS CodeCommit Trigger Plugin HTTP Endpoint Permission Check Bypass Vulnerability HTML Injection Vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and Earlier Jenkins Assembla Auth Plugin Grants Unauthorized Permissions CSRF Vulnerability in Jenkins Frugal Testing Plugin 1.1 and Earlier Allows Unauthorized Access Unauthenticated Access to Jenkins Frugal Testing Plugin Stored XSS Vulnerability in Christoph Rado Cookie Notice & Consent Plugin <= 1.6.0 Critical Cross-Site Scripting (XSS) Vulnerability in Avirtum iFolders Plugin <= 1.5.0 Remote File Inclusion Vulnerability in Cockpit prior to version 2.6.3 CSRF Vulnerability in Laposta - Roel Bousardt Laposta Signup Basic Plugin Stored Cross-site Scripting (XSS) Vulnerability in cockpit-hq/cockpit prior to version 2.6.3 Android Agent Application Vulnerability: Unauthorized Access to Content-Provider and Sensitive Settings Modification Cross-Site Scripting Vulnerability in Welcart e-Commerce Credit Card Payment Setup Page FTP Service Denial-of-Service (DoS) Vulnerability in HMI GC-A2 Series Unencrypted Sensitive Information in BIG-IP and BIG-IQ Database Variables Vulnerability Authentication Bypass Vulnerability Privilege Escalation Vulnerability via HTTP POST Parameter Vulnerability: Unauthorized Access to Sensitive Information in Gallagher Controller 6000 Vulnerability: Arbitrary File Read via Symlink Validation Issue CVE-2023-41969 Arbitrary PHP Code Injection in Dolibarr ERP CRM <= v18.0.1 CVE-2023-41970 CVE-2023-41971 CVE-2023-41972 CVE-2023-41973 Use-After-Free Vulnerability in iOS and iPadOS Allows Arbitrary Code Execution Unnoticed Microphone Access Vulnerability in macOS Versions Use-after-free vulnerability in iOS, iPadOS, watchOS, macOS, Safari, and tvOS allows arbitrary code execution Cache Leakage Vulnerability Vulnerability: File System Modification via Race Condition Unauthorized Access to Customer Data in Dolibarr ERP CRM <= v17.0.3 Privacy Bypass Vulnerability Patched in iOS 17, iPadOS 17, and macOS Sonoma 14 Vulnerability: Bypassing Kernel Memory Mitigations in macOS Ventura 13.6 and other Apple Operating Systems Siri Access Vulnerability on Locked Devices Patched in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1 Improved Memory Handling to Prevent Denial-of-Service Vulnerability Arbitrary Code Execution Vulnerability in macOS Ventura 13.6, tvOS 17, iOS 16.7, and iPadOS 16.7 Vulnerability: Unauthorized Modification of Protected File System Vulnerability Patched: Improved Checks Prevent Unauthorized Access to Sensitive User Data in macOS Sonoma 14 Siri Access Vulnerability on Locked Devices Patched in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1, and iPadOS 17.1 Lock Screen Bypass Vulnerability in macOS Sonoma 14.1 Allows Arbitrary Code Execution Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-236289) Arbitrary Code Execution Vulnerability in Font File Processing Certificate Validation Bypass Vulnerability in macOS Ventura, iOS, and iPadOS Privilege Escalation Vulnerability in iOS and macOS Arbitrary Code Execution Vulnerability in macOS Sonoma 14 and Earlier Camera Extension Vulnerability: Unauthorized Access to Camera View Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS Improved Verification Checks in macOS Ventura 13.6 Siri Access Vulnerability on Locked Devices Patched in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1 Arbitrary File Upload and Execution Vulnerability in Arcserve UDP Authentication Bypass Vulnerability in Arcserve UDP Prior to Version 9.2 Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-236290) Arcserve UDP Path Traversal File Upload Vulnerability CSV Injection Vulnerability in IBM Security Guardium 11.3, 11.4, and 11.5 Improper Authority Checks in IBM Administration Runtime Expert for i 7.2-7.5 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-236291) Denial of Service Vulnerability in IBM UrbanCode Deploy Agent Sensitive Information Disclosure in IBM UrbanCode Deploy (UCD) HTML Injection Vulnerability in IBM UrbanCode Deploy (UCD) Versions 7.1 - 7.3.2.2 Insecure Cookie Handling in IBM Sterling B2B Integrator Standard Edition Arbitrary File Upload Vulnerability in IBM Planning Analytics Local 2.0 Denial of Service Vulnerability in IBM InfoSphere Information Server 11.7 Stored Cross-Site Scripting Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices Cross-Site Scripting Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Request Forgery Vulnerability in IBM CICS TX Standard, Advanced, and TXSeries for Multiplatforms Cross-Site Scripting (XSS) Vulnerability in IBM CICS TX Standard, Advanced, and TXSeries for Multiplatforms Stored Cross-Site Scripting Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices Uncontrolled Resource Consumption Vulnerability in IBM TXSeries for Multiplatforms and CICS TX CVE-2023-42032 CVE-2023-42033 CVE-2023-42034 CVE-2023-42035 CVE-2023-42036 CVE-2023-42037 CVE-2023-42038 CVE-2023-42039 Hardcoded Credential Vulnerability in NPort IAW5000A-I/O Series Firmware CVE-2023-42040 CVE-2023-42041 CVE-2023-42042 CVE-2023-42043 CVE-2023-42044 CVE-2023-42045 CVE-2023-42046 CVE-2023-42047 CVE-2023-42048 CVE-2023-42049 CVE-2023-42050 CVE-2023-42051 CVE-2023-42052 CVE-2023-42053 CVE-2023-42054 CVE-2023-42055 CVE-2023-42056 CVE-2023-42057 CVE-2023-42058 CVE-2023-42059 Use-After-Free Vulnerability in Linux Kernel's net/sched: cls_route Component CVE-2023-42060 CVE-2023-42061 CVE-2023-42062 CVE-2023-42063 CVE-2023-42064 CVE-2023-42065 CVE-2023-42066 CVE-2023-42067 CVE-2023-42068 CVE-2023-42069 Use-After-Free Vulnerability in Linux Kernel's net/sched: cls_fw Component CVE-2023-42070 CVE-2023-42071 CVE-2023-42072 CVE-2023-42073 CVE-2023-42074 CVE-2023-42075 CVE-2023-42076 CVE-2023-42077 CVE-2023-42078 CVE-2023-42079 Use-after-free vulnerability in Linux kernel's net/sched: cls_u32 component CVE-2023-42080 CVE-2023-42081 CVE-2023-42082 CVE-2023-42083 CVE-2023-42084 CVE-2023-42085 CVE-2023-42086 CVE-2023-42087 CVE-2023-42088 CVE-2023-42089 CSRF Vulnerability in POEditor WordPress Plugin CVE-2023-42090 CVE-2023-42091 CVE-2023-42092 CVE-2023-42093 CVE-2023-42094 CVE-2023-42095 CVE-2023-42096 CVE-2023-42097 CVE-2023-42098 CVE-2023-42099 CVE-2023-42100 CVE-2023-42101 CVE-2023-42102 CVE-2023-42103 CVE-2023-42104 CVE-2023-42105 CVE-2023-42106 CVE-2023-42107 CVE-2023-42108 CVE-2023-42109 Improper GPU Memory Processing Vulnerability CVE-2023-42110 CVE-2023-42111 CVE-2023-42112 CVE-2023-42113 CVE-2023-42114 CVE-2023-42115 CVE-2023-42116 CVE-2023-42117 CVE-2023-42118 CVE-2023-42119 Command Injection Vulnerability in Trane Thermostats Allows Root Access via USB Stick CVE-2023-42120 CVE-2023-42121 CVE-2023-42122 CVE-2023-42123 CVE-2023-42124 CVE-2023-42125 CVE-2023-42126 CVE-2023-42127 CVE-2023-42128 CVE-2023-42129 Insecure Direct Object References in Simplr Registration Form Plus+ WordPress Plugin (Versions up to 2.4.5) CVE-2023-42130 CVE-2023-42131 XML External Entity (XXE) Vulnerability in FD Application Apr. 2022 Edition (Version 9.01) and Earlier Vulnerability: Signed Partition Overwrite and Local Code Execution in PAX Android POS Devices Local Code Execution Vulnerability in PAX A920Pro/A50 Devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or Earlier Arbitrary Command Execution Vulnerability in PAX Android POS Devices Command Execution Vulnerability in PAX Android POS Devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or Earlier Out-of-bounds Read Vulnerability in KV STUDIO and KV REPLAY VIEWER Unrestricted Password Reset Vulnerability in AppPresser WordPress Plugin (up to version 4.2.5) Backdoor Creation Vulnerability in Shelly TRV 20220811-152343/v2.1.8@5afc928c Cleartext Transmission Vulnerability in Shelly TRV 20220811-15234 v.2.1.8: Local Attacker Can Obtain Wi-Fi Password Sensitive Information Disclosure in CloudExplorer Lite 1.3.1 via Login Key Component Sensitive Information Exposure in Advantech WebAccess Version 9.1.3 File Traversal Vulnerability in Orders Tracking for WooCommerce WordPress Plugin Improper Session Cookie Handling in PT-G503 Series v5.2 and Earlier SQL Injection Vulnerability in Lenosp 1.0.0-1.2.0 Log Query Module XML External Entity (XXE) Vulnerability in Eclipse IDE Arbitrary File Upload Vulnerability in lenosp 1.0-1.2.0's /user/upload Component Allows HTML Code Execution via Crafted JPG File Unicode Normalization Bypass in lockss-daemon (Classic LOCKSS Daemon) before 1.77.3 Cross Site Request Forgery (CSRF) vulnerability in IceCMS v2.0.1 Insecure Permissions Vulnerability in Smart Home Devices Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 (VDB-236365) Unrestricted File Upload Vulnerability in Chamilo LMS <= v1.11.24 Remote Code Execution via Command Injection in Chamilo LMS <= v1.11.24 Remote Code Execution via Command Injection in Chamilo LMS <= v1.11.24 WebCatalog Vulnerability: Unverified URL Access in Electron Shell Remote Code Execution via Unrestricted File Upload in Chamilo LMS <= v1.11.24 Remote Code Execution via Unrestricted File Upload in Chamilo LMS <= v1.11.24 Remote Code Execution via Unrestricted File Upload in Chamilo LMS <= v1.11.24 Cross Site Scripting (XSS) Vulnerability in Code-Projects Vehicle Management 1.0: Add Accounts via Invoice No, To, and Mammul Remote Code Execution via Unrestricted File Upload in Chamilo LMS <= v1.11.24 Insecure Permissions Vulnerability in Mobile Security Framework (MobSF) <=v3.7.8 Beta SQL Injection Vulnerability in Jeecg Boot v3.5.3 via /jeecg-boot/jmreport/show Component Unauthorized Service Vulnerability in ioLogik 4000 Series (ioLogik E4200) Firmware Title: Grocy <= 4.0.2 CSRF Vulnerability Buffer Overflow Vulnerability in Hutool v5.8.21's jsonArray Component Buffer Overflow Vulnerability in Hutool v5.8.21 via jsonObject.putByPath Buffer Overflow Vulnerability in Hutool v5.8.21 via JSONUtil.parse() SQL Injection Vulnerability in Dreamer CMS 4.1.3 Session Cookie Security Vulnerability in ioLogik 4000 Series (ioLogik E4200) Firmware Directory Traversal Vulnerability in mee-admin 1.5 Allows Arbitrary File Reading Arbitrary Code Execution and Information Disclosure Vulnerability in NPM IP Package v.1.1.8 and Earlier Blind SQL Injection Vulnerability in Tyk Gateway 5.0.3: Database Access and Dump via Crafted SQL Query Blind SQL Injection Vulnerability in Tyk Gateway Version 5.0.3 CVE-2023-42286 Title: Critical Security Vulnerability in ioLogik 4000 Series Firmware: Risk of Unauthorized Data Disclosures and Malicious Actions Remote Code Execution and Denial of Service Vulnerability in OpenImageIO oiio v.2.4.12.0 Denial of Service Vulnerability in GPAC GPAC v.2.2.1 and Earlier Buffer Overflow Vulnerability in OpenImageIO oiio v.2.4.12.0: Remote Code Execution and Denial of Service via read_subimage_data Function Information Gathering Vulnerability in ioLogik 4000 Series (ioLogik E4200) Firmware CVE-2023-42307 CVE-2023-42308 SQL Injection Vulnerability in Cevik Informatics Online Payment System (Version before 4.09) Remote Denial of Service Vulnerability in Geth (aka go-ethereum) via Crafted GraphQL Query CVE-2023-4232 Buffer Overflow Vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 via GetParentControlInfo Function Remote Code Execution via CSRF in icmsdev iCMSv.7.0.16 Insecure Permissions Vulnerability in iCMS v.7.0.16: Remote Information Disclosure CSRF Vulnerability in DouHaocms v.3.3 Allows Remote Code Execution Remote Privilege Escalation via Cross Site Scripting (XSS) in Netgate pfSense v.2.7.0 Remote Code Execution Vulnerability in Netgate pfSense v.2.7.0 via interfaces_gif_edit.php and interfaces_gre_edit.php Components Remote Code Execution Vulnerability in Netgate pfSense v.2.7.0 via Cross Site Scripting (XSS) in getserviceproviders.php Remote Code Execution and Sensitive Information Disclosure in PeppermintLabs Peppermint v.0.2.4 and Earlier CVE-2023-4233 Arbitrary Code Execution Vulnerability in EliteCMS v1.01 via manage_uploads.php Privilege Escalation via Indirect Object Reference (IDOR) in Fl3xx Dispatch and Crew Arbitrary Code Execution via Unrestricted File Upload in Fl3xx Dispatch and Crew Remote Code Execution and Sensitive Information Disclosure in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 CVE-2023-4234 CVE-2023-4235 Denial of Service Vulnerability in O-RAN Software Community ric-plt-e2mgr Exam Form Submission PHP Application - Remote Privilege Escalation via SQL Injection Vulnerability: Assertion Failure in BIND 9 DNS-over-TLS Handling Arbitrary File Viewing and Impact via Crafted Image in Midori-global Better PDF Exporter for Jira Server and Jira Data Center Arbitrary File Upload Vulnerability in Teller Web App v.4.4.0 Use-After-Free Vulnerability in xasprintf Function of BusyBox v.1.36.1 Use-After-Free Vulnerability in BusyBox v.1.36.1: Denial of Service via Crafted awk Pattern Use-After-Free Vulnerability in BusyBox v.1.36.1 via Crafted awk Pattern in awk.c Copyvar Function Heap Buffer Overflow in BusyBox v1.36.1: Vulnerability in next_token function at awk.c:1159 Insecure Key Handling in Ansible Automation Platform Arbitrary Code Execution via Crafted Script in Summernote Rich Text Editor v.0.8.18 and Earlier Remote Code Execution and Denial of Service Vulnerability in mystenlabs Sui Blockchain v.1.6.3 Arbitrary File Upload Vulnerability in Prevent Files / Folders Access WordPress Plugin Sensitive Information Disclosure in TDSQL Chitu Management Platform v.10.3.19.5.0 via get_db_info function in install.php Privilege Escalation in Real Estate Manager Plugin for WordPress Remote Code Execution and Information Disclosure Vulnerability in zzCMS v.2023 via ueditor Component in controller.php Cross Site Scripting Vulnerability in Jodit Editor v.4.0.0-beta.86 Arbitrary Code Execution via SQL Injection in FIT2CLOUD RackShift v1.7.1 SQL Injection Vulnerability in D-Link Online Behavior Audit Gateway DAR-7000 V31R02B1413C via editrole.php Critical Vulnerability in lol-html Library: Arbitrary HTML Inputs Trigger Panics CVE-2023-42419 Information Disclosure Vulnerability in FULL - Customer Plugin for WordPress Remote Code Execution and Information Disclosure Vulnerability in Turing Video Turing Edge+ EVC5FD v.1.38.6 Arbitrary Code Execution via 'Insert Link' Parameter in Froala Editor v.4.1.1 CubeCart Directory Traversal Vulnerability: Remote Deletion of Directories and Files Buffer Overflow Vulnerability in Intel NUC BIOS Firmware Allows Privilege Escalation via Local Access Arbitrary File Upload Vulnerability in FULL - Customer Plugin for WordPress Arbitrary HTML Injection in BlueSpiceAvatars Extension Allows Profile Image Manipulation Cross-Site Request Forgery Vulnerability in [Product Name] Stored Cross-Site Scripting Vulnerability in GROWI Presentation Feature (Versions < v3.4.0) User Interface Spoofing Vulnerability Fixed in macOS Sonoma 14.1 SSRF Bypass Vulnerability in GeoNode Use-After-Free Vulnerability in Linux Kernel's nf_tables Component Vulnerability: Lack of Reentrancy Checks in Vyper Smart Contracts Unauthenticated Access to Session Replays in JumpServer Memory Corruption Vulnerability in Vyper Smart Contract Language Out-of-bounds Access Vulnerability in phonenumber Library XML External Entity (XXE) Vulnerability in Gradle Session Hijacking Vulnerability in Pow.Store.Backend.MnesiaCache Out-of-bounds Access Vulnerability in blurhash-rs 0.1.1 Vulnerability: Contestation Period Manipulation in Hydra Layer-Two Scalability Solution for Cardano Vulnerability: Malicious Head Initializer Exploits PT Extraction in Hydra Unauthenticated Access Vulnerability in WooCommerce PDF Invoice Builder for WordPress Arbitrary Data Injection Vulnerability in Mastodon Server (Versions 4.2.0-beta1 to 4.2.0-rc1) Domain Name Spoofing Vulnerability in Mastodon Server HTML Injection Vulnerability in Mastodon Translation Feature Vulnerability: Unauthorized Forging of Read Receipts in Synapse Matrix Homeserver SQLpage Vulnerability: Database Connection Information Exposure Wazuh API Administrator Key Exposure Vulnerability Vulnerability: Path Traversal and File Corruption in Sudo-rs Plone REST API Denial of Service Vulnerability Stored Cross Site Scripting Vulnerability in Zope Prior to Versions 4.8.10 and 5.8.5 Remote Crash Vulnerability in Fast DDS Cross-Site Request Forgery (CSRF) vulnerability in GiveWP WordPress Plugin Bypassing Bounds Checking in Vyper's _abi_decode() Function SQL Injection Vulnerability in GLPI ITIL Actors Input Field Vulnerability in GLPI Document Upload Process Allows File Deletion Stack Overflow Vulnerability in Wazuh Platform Allows Local Privilege Escalation Type Confusion Vulnerability in Spotlight RPC Functions in Netatalk 3.1.x before 3.1.17 Vulnerability: Row Hammer Attack Exploit in Sudo (CVE-2021-3156) Division by Zero Vulnerability in QEMU SCSI Disk Emulation Unauthenticated Remote Phone Call Vulnerability in com.cutestudio.colordialer Application Unauthenticated Phone Call Placement Vulnerability in com.full.dialer.top.secure.encrypted Application Cross-Site Request Forgery Vulnerability in GiveWP Plugin for WordPress Remote Code Execution Vulnerability in Imou Life Android App Arbitrary JavaScript Code Execution in wave.ai.browser Application File Type Validation Bypass in SAP BusinessObjects Business Intelligence Platform Privilege Escalation in S/4HANA Manage (Withholding Tax Items) - Version 106 SAP BusinessObjects Web Intelligence - Version 420 XSS Vulnerability Vulnerability: Insecure File Storage Location in Statutory Reporting Application SAP Business Objects Web Intelligence - JavaScript Injection Vulnerability SAP NetWeaver AS Java (GRMG Heartbeat application) Vulnerability Stored XSS Vulnerability in SAP Business Objects Business Intelligence Platform Hidden Access XSS Vulnerability in Biller Direct System Cross-Site Request Forgery Vulnerability in GiveWP WordPress Plugin (Versions up to 2.33.3) Brute Force Vulnerability in NetWeaver AS Java Logon Application - Version 7.50 Vulnerability: Weak Access Controls in SAP Commerce Cloud - Composable Storefront Critical Vulnerability: GPU Use After Free in Samsung Exynos 2200 Mobile Processor Race Condition Vulnerability in Samsung Exynos Processors: System Termination Risk Unquoted Search Path or Element Vulnerability in Fortect Soundminer Path Traversal Vulnerability EisBaer Scada - Path Traversal Vulnerability EisBaer Scada - Critical Resource Incorrect Permission Assignment Vulnerability Command Injection Vulnerability in Zavio IP Cameras with Firmware Version M2.1.6.05 EisBaer Scada Vulnerability: Unauthorized Exposure of Sensitive Information EisBaer Scada Vulnerability: Improper Authorization EisBaer Scada Vulnerability: Use of Hard-coded Cryptographic Key EisBaer Scada Vulnerability: Plaintext Storage of Password EisBaer Scada - Exposed Dangerous Method or Function Vulnerability Command Injection Vulnerability in Dasan Networks - W-Web versions 1.22-1.27 Reflected Cross-Site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP Arbitrary Code Injection via Redirect Parameter in Liferay Portal and Liferay DXP Arbitrary Code Injection via Language Override Edit Screen in Liferay Portal Reflected Cross-Site Scripting Vulnerability in EventPrime WordPress Plugin Unnecessary Read Permissions in Gamma Role in Apache Superset Dataset Link Spoofing Vulnerability in Apache Superset Improper Input Validation and Uncontrolled Resource Consumption in Apache Commons Compress TAR Parsing Concurrent Export Denial of Service Vulnerability in Apache Superset Information Disclosure Vulnerability in Apache Superset Memory Buffer Overflow Vulnerability in OnSinView2 Stack-based Buffer Overflow Vulnerability in OnSinView2 Unauthenticated Email Manipulation Vulnerability in JFrog Artifactory CVE-2023-42509 CSRF Vulnerability in EventPrime WordPress Plugin Unauthenticated Booking Purchase Vulnerability in EventPrime WordPress Plugin Remote Crash Vulnerability in WithSecure Products Remote Crash Vulnerability in WithSecure Products via Processing of Compressed Files Remote Crash Vulnerability in WithSecure Products via Processing of Import Struct in PE File Remote Crash Vulnerability in WithSecure Products via PE File Unpacking Infinite Loop Vulnerability in WithSecure Products Infinite Loop Vulnerability in WithSecure Products Remote Crash Vulnerability in WithSecure Products via Crafted Data File Decompression Improper Input Validation Vulnerability in libsec-ril's ProcessWriteFile: Exposing Sensitive Information Arbitrary Code Execution Vulnerability in libsec-ril's ProcessNvBuffering (SMR Nov-2023 Release 1) Critical Out-of-Bound Write Vulnerability in libsec-ril Prior to SMR Nov-2023 Release 1 Stored Cross-Site Scripting Vulnerability in AI ChatBot WordPress Plugin Unauthenticated Wi-Fi and Wi-Fi Direct Activation Vulnerability in SecSettings Access Control Bypass Vulnerability in SmsController FotaAgent Vulnerability: Remote Interception of Firmware Information USB Gadget Interface Vulnerability: Arbitrary Code Execution in Kernel File Disclosure Vulnerability in ChooserActivity Out-of-bounds Write Vulnerability in read_block of vold prior to SMR Nov-2023 Release 1 Out-of-Bounds Read and Write Vulnerability in libsaped prior to SMR Nov-2023 Release 1 Out-of-Bounds Read and Write Vulnerability in get_head_crc in libsaped Out-of-Bounds Read and Write Vulnerability in libsaped's saped_rec_silence Function PendingIntent Hijacking Vulnerability in Samsung Health's ChallengeNotificationManager Stored Cross-Site Scripting Vulnerability in AI ChatBot WordPress Plugin Improper Access Control Vulnerability in Samsung Account: Unauthorized Access to Sensitive Information via Implicit Intent Improper Authorization in Samsung Push Service Allows Unauthorized Access to Unique ID Improper Access Control Vulnerability in Samsung Push Service: Local Device Identification Bixby Voice Broadcast Receiver Vulnerability Local File Access Vulnerability in Quick Share prior to 13.5.52.0 Implicit Intent Vulnerability: Unauthorized Location Data Access in Android Phone Implicit Intent Vulnerability in Samsung Account Allows Unauthorized Access to Arbitrary Files Implicit Intent Vulnerability in Samsung Account: Arbitrary File Access via startEmailValidationActivity Implicit Intent Vulnerability in startMandatoryCheckActivity in Samsung Account (prior to version 14.5.00.7) Allows Unauthorized Access to Arbitrary Files Implicit Intent Vulnerability in startNameValidationActivity in Samsung Account (prior to version 14.5.00.7) Allows Unauthorized Access to Arbitrary Files Out-of-Bounds Write Vulnerability in W3M's checkType() Function Implicit Intent Vulnerability in Samsung Account Allows Unauthorized Access to Sensitive Files Implicit Intent Vulnerability in startTncActivity in Samsung Account Database Tampering Vulnerability in Firewall Application on Android Devices Sandbox Data Exposure Vulnerability in Samsung Email Samsung Pass Authentication Bypass Vulnerability EasySetup Implicit Intent Vulnerability: Exposing Bluetooth Address in Versions Prior to 11.1.13 Contacts App Vulnerability: Unauthorized Access to Sensitive Information via Implicit Intent Out-of-Bound Write Vulnerability in libIfaaCa Prior to SMR Dec-2023 Release 1 HDCP Out of Bounds Write Vulnerability Enables Code Execution in HAL Knox Guard Lock Bypass Vulnerability via System Time Manipulation Double Free Vulnerability in tcprewrite's tcpedit_dlt_cleanup() Function Heap Out-of-Bounds Write Vulnerability in dec_mono_audb of libsavsac.so Heap Out-of-Bounds Write Vulnerability in Bootloader Prior to SMR Dec-2023 Release 1: Arbitrary Code Execution Heap overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 Heap overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 Improper Access Control in KnoxCustom Service: System Privilege Broadcast Vulnerability Smart Clip Local Privilege Escalation Vulnerability Local Code Execution Vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 Stack-based buffer overflow vulnerability in softsimd prior to SMR Dec-2023 Release 1 due to improper size check. Arbitrary File Access Vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 AR Emoji Sandbox Data Exposure Vulnerability Buffer Overflow Vulnerability in /subsys/net/l2/wifi/wifi_shell.c KnoxCustomManagerService Access Control Vulnerability: Unauthorized Access to Device SIM PIN Remote Unlock Vulnerability in Find My Mobile Prior to Version 7.3.13.4: Exploiting Samsung Account Password Reset with SMS Verification Samsung Account Web SDK Implicit Intent Hijacking Vulnerability Search Widget 3.4 and Earlier: PendingIntent Hijacking Vulnerability Exposes Data Access Local Privilege Escalation Vulnerability in GameHomeCN Samsung Pass Authentication Bypass Vulnerability Samsung Pass Authentication Bypass Vulnerability Lock Screen Bypass Vulnerability in Samsung Voice Recorder Insufficient Permissions Vulnerability in Samsung Data Store Allows Unauthorized Access to Location Information Insecure Protocol Usage in SogouSDK of Chinese Samsung Keyboard: Keystroke Data Exposure Vulnerability Vulnerability in Bluetooth Mesh Implementation: Acceptance of OOB Public Key during Provisioning MCSLaunch Deeplink URL Validation Vulnerability in Galaxy Store JavaScript API Access Vulnerability in Galaxy Store InstantPlay Deeplink (Version 4.5.64.4 and earlier) Buffer Overflow Vulnerabilities in Zephyr eS-WiFi Driver Source Code Off-by-one buffer overflow vulnerability in Zephyr fuse file system. Buffer Overflow Vulnerability in Zephyr mgmt Subsystem with Disabled Asserts Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Liferay Portal and Liferay DXP Stored Cross-Site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP Arbitrary Code Injection via 'description' Field in Liferay Portal and Liferay DXP Zephyr IEEE 802.15.4 nRF 15.4 Driver Buffer Overflow Vulnerability Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Zephyr Bluetooth Subsystem Buffer Overflow Vulnerability Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in ValidationTools Local Information Disclosure Vulnerability in DM Service Sim Service Vulnerability: Unauthorized Permission Usage Records and Local Information Disclosure Local Information Disclosure Vulnerability in IFAA Service Missing Permission Check in IFAA Service Allows Local Information Disclosure Engineermode Vulnerability: Local Information Disclosure without Execution Privileges Engineermode Vulnerability: Local Information Disclosure without Execution Privileges Buffer overflow vulnerability in usb_dc_native_posix.c at line 359 Engineermode Vulnerability: Local Information Disclosure without Execution Privileges Engineermode Vulnerability: Local Information Disclosure without Execution Privileges Engineermode Vulnerability: Local Information Disclosure without Execution Privileges Out of Bounds Write Vulnerability in FaceID Service: Local Denial of Service without Additional Execution Privileges Local Information Disclosure Vulnerability in DM Service Local Privilege Escalation Vulnerability in SIM Service Reflected Cross-Site Scripting (XSS) Vulnerability in MOVEit Transfer's Web Interface Directory Traversal Vulnerability in WS_FTP Server Local Command Execution Vulnerability in Chef InSpec Unrestricted File Upload Vulnerability in WS_FTP Server SQL Injection Vulnerability in MOVEit Transfer Machine Interface CVE-2023-42661 CVE-2023-42662 Unauthorized Access to Task Instances in Apache Airflow Post-Authentication Command Injection Vulnerability in Tp-Link ER7206 Omada Gigabit VPN Router Sensitive Information Exposure Vulnerability Denial of Service Vulnerability in Samba's rpcecho Development Server Samba Vulnerability: Multiple Incompatible RPC Listeners Disruption Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure GPU Driver Vulnerability: Out of Bounds Write Leading to Local Denial of Service GPU Driver Vulnerability: Out of Bounds Read Leading to Local Denial of Service Local Privilege Escalation Vulnerability in Ion Service Potential Out of Bounds Write Vulnerability in GSP Driver Allows for Local Denial of Service Potential Out of Bounds Read Vulnerability in GSP Driver Allows for Local Denial of Service Potential Out of Bounds Read Vulnerability in GSP Driver Allows for Local Denial of Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service User Activity Log WordPress Plugin 1.6.6 and Earlier Allows Unauthorized Export of Activity Logs, Exposing PII Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in WiFi Service Local Privilege Escalation Vulnerability in Telecom Service Missing Permission Check in Omacp Service Allows Local Information Disclosure Missing Permission Check in Omacp Service Allows Local Information Disclosure Missing Permission Check in Omacp Service Allows Local Information Disclosure Reflected Cross-Site Scripting Vulnerability in Min Max Control WordPress Plugin Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Firewall Service Vulnerability: Local Information Disclosure via Missing Permission Check Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in imsservice Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Stored Cross-Site Scripting Vulnerability in Photospace Responsive WordPress Plugin Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Missing Permission Check in Firewall Service Allows Local Information Disclosure Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Remote Information Disclosure without Execution Privileges Telephony Service Vulnerability: Remote Information Disclosure without Execution Privileges Local Information Disclosure Vulnerability in Dialer App Video Service Vulnerability: Out of Bounds Read Leading to Local Denial of Service GPU Memory Leakage Vulnerability Critical Vulnerability: Out of Bounds Read in Video Service Allows Local Denial of Service Local Denial of Service Vulnerability in FLV Extractor Logic Error in Camera Service Allows Local Privilege Escalation Camera Service Vulnerability: Out of Bounds Read Leading to Local Denial of Service GPU Driver Vulnerability: Out of Bounds Read Leading to Local Denial of Service GPU Driver Vulnerability: Out of Bounds Read Leading to Local Denial of Service TeleService Vulnerability: Out of Bounds Read Leading to Local Denial of Service GPU Driver Vulnerability: Out of Bounds Write Leading to Local Denial of Service Out of Bounds Read Vulnerability in phasecheckserver Allows Local Denial of Service Out of Bounds Write Vulnerability in RIL Service: Local Denial of Service with System Execution Privileges Stack Overflow Vulnerability in exFAT Driver of Linux Kernel IMS Service Vulnerability: Unauthorized Write Permission Usage and Local Information Disclosure Local Denial of Service Vulnerability in Gnss Service: Out of Bounds Read Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure with Missing Permission Check Local Privilege Escalation Vulnerability in Telecom Service Telecom Service Vulnerability: Local Information Disclosure via Missing Permission Check Local Privilege Escalation Vulnerability in Telecom Service Engineermode Service Vulnerability: Local Privilege Escalation via Missing Permission Check Directory Traversal Vulnerability in WPvivid WordPress Plugin (Versions up to 0.9.89) Local Privilege Escalation Vulnerability in Telecom Service App Telecom Service Vulnerability: Local Information Disclosure via Missing Permission Check Local Denial of Service Vulnerability in sysui: Missing Permission Check Local Privilege Escalation Vulnerability in Telecom Service Telecom Service Vulnerability: Local Denial of Service via Missing Permission Check Local Privilege Escalation Vulnerability in Telecom Service Local Privilege Escalation Vulnerability in Power Manager Local Privilege Escalation Vulnerability in Camera Service Local Privilege Escalation Vulnerability in Telecom Service EngineerMode Service Vulnerability: Local Information Disclosure via Missing Permission Check Local Denial of Service Vulnerability in GNSS Service: Out of Bounds Write Local Denial of Service Vulnerability in GNSS Service: Out of Bounds Write Integer Overflow Vulnerability in Linux Kernel Allows Userspace Allocation of skb_shared_info Netfilter Subsystem Array Indexing Vulnerability Linux Kernel IPv4 Stack NULL Pointer Dereference Vulnerability Out-of-Bounds Read Vulnerability in Linux Kernel's RSVP Classifier Race Condition in Netfilter Subsystem of Linux Kernel Can Cause Kernel Panic CVE-2023-42757 Cross-Site Request Forgery Vulnerability in Absolute Privacy WordPress Plugin (up to version 2.1) Cross-Site Scripting (XSS) Vulnerability in SNMP Configuration Privilege Escalation Vulnerability in Intel NUC 8 Compute Element BIOS Firmware Vulnerability: Persistent Access to iControl REST Admin Resource for Non-Admin Users Insufficient Length of Cookie Session ID Allows Remote Session Hijacking Cross-Site Request Forgery Vulnerability in Realia WordPress Plugin (up to version 1.4.0) Allows Unauthorized User Email Changes Vulnerability: Lack of Authentication Challenge for Sixnet UDR Messages over TCP/IP in Red Lion SixTRAK and VersaTRAK Series RTUs ACERA 1320 and 1310 Firmware Authentication Bypass Vulnerability Improper Default Permissions in OpenHarmony v3.2.2 and Prior Versions Allow Local Attacker to Access Confidential Information Information Disclosure Vulnerability in Intel(R) SGX DCAP Software for Windows Unrestricted Registration Vulnerability in MasterStudy LMS WordPress Plugin Apache Airflow Information Disclosure Vulnerability Unauthorized Access to Task Instances in Apache Airflow (CVE-2023-42664) Remote Unauthenticated Message Injection Vulnerability in FortiAnalyzer Relative Path Traversal Vulnerability in Fortinet FortiWLM Client-side code execution vulnerability in Fortinet FortiManager and FortiAnalyzer OS Command Injection Vulnerability in FortiManager & FortiAnalyzer Versions 6.2.0 - 7.4.0 CVE-2023-42789 IP Address Spoofing Vulnerability in User Activity Log WordPress Plugin CVE-2023-42790 Relative Path Traversal Vulnerability in Fortinet FortiManager Apache Airflow Unauthorized Write Access Vulnerability Authentication Bypass Vulnerability in JetBrains TeamCity Server (CVE-2023-XXXX) Incomplete Cleanup Vulnerability in Apache Tomcat: Potential Denial of Service on Windows Incomplete Cleanup Vulnerability in Apache Tomcat Directory Traversal and Privilege Escalation in CP-8031 and CP-8050 Master Modules Uninitialized Variable Flaw in CP-8031 and CP-8050 Master Modules Vulnerability: Git Repository Reset in AutomataCI Release Job Buffer Overflow Vulnerability in Moonlight-common-c Unvalidated Input Vulnerability in Silicon Labs TrustZone Implementation Buffer Overflow Vulnerability in Moonlight-common-c Buffer Overflow Vulnerability in Moonlight-common-c Unverified Object Instantiation Vulnerability in GLPI Versions 10.0.7 and Prior Unrestricted File Upload Vulnerability in BigBlueButton Path Traversal Vulnerability in BigBlueButton prior to version 2.6.0-beta.1 Panic Vulnerability in Quinn-proto Prior to Versions 0.9.5 and 0.10.5 Vulnerability: Insecure $\mathsf{cid}$ Signing and Verification in Hydra SQL Injection Vulnerability in Frappe LMS Versions 1.0.0 and Prior Reflected Cross-Site Scripting (XSS) Vulnerability in Common Voice 1.88.2 Arbitrary Code Execution Vulnerability in Redisson Java Redis Client IP Address Spoofing Vulnerability in Activity Log WordPress Plugin SSID Command Injection Vulnerability in systeminformation Library for Node.JS (Versions 5.0.0 - 5.21.6) AES-GCM Decryption Failure Vulnerability Server-Side Request Forgery Vulnerability in Galaxy Platform Denial of Service Vulnerability in Kyverno's Notary Verifier Denial of Service Vulnerability in Kyverno's Notary Verifier Denial of Service Vulnerability in Kyverno's Notary Verifier Denial of Service Vulnerability in Kyverno's Notary Verifier Vulnerability: Translation Parsing Exploit in Pimcore Admin-UI-Classic-Bundle Unverified SSH Private Key Authentication Vulnerability in JumpServer Directory Traversal Vulnerability in JumpServer Vulnerability: Unauthorized Data Loss in EmbedPress WordPress Plugin Vulnerability: Exposed Random Number Seed in JumpServer API Out-of-Bounds Read Vulnerability in Go Markdown Parser Unbounded Font Glyph Access Vulnerability in xrdp_painter.c Vulnerability Patched: User-Sensitive Data Exposure via Logging in Multiple Apple Operating Systems Privilege Escalation Vulnerability in iOS and iPadOS Versions Before 16.6 Arbitrary Code Execution Vulnerability Fixed in macOS Sonoma 14 Root Privilege Escalation Vulnerability Patched in macOS Ventura 13.5 Vulnerability Patched: Unauthorized Access to SSH Passphrases in macOS Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress Improved Private Data Redaction for Log Entries in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4: Addressing a Privacy Vulnerability Vulnerability Patched: User Fingerprinting Exploit Resolved in Latest Apple Updates Root Privilege Escalation Vulnerability Patched in macOS Big Sur, Monterey, and Ventura Arbitrary Code Execution Vulnerability in macOS Sonoma 14, Safari 17, iOS 17, and iPadOS 17 Improved File Handling to Address Privacy Vulnerability Logic Issue in macOS Sonoma 14.1 Allows Unauthorized Access to User Data Vulnerability: Unauthorized Access to Network Volumes in Home Directory Sandbox Escape Vulnerability in macOS Ventura, Sonoma, and Monterey Improved State Management to Prevent Unauthorized Access to Sensitive User Data Reflected Cross-Site Scripting Vulnerability in Post Timeline WordPress Plugin Vulnerability Patched: User-Sensitive Data Accessible by Unauthorized Apps Arbitrary Code Execution Vulnerability in macOS and iOS macOS Sonoma 14.1 Patch: Enhanced Security Measures to Prevent Unauthorized Access to User Data Address Bar Spoofing Vulnerability Vulnerability: Symlink Resolution Exploit in macOS Hidden Photos Album Authentication Bypass Vulnerability Passive Wi-Fi MAC Address Tracking Vulnerability Passkey Access Vulnerability Heap Corruption Vulnerability in Apple Operating Systems Kernel Memory Bypass Vulnerability in iOS, iPadOS, macOS, and watchOS Improved Permissions Logic Fixes Vulnerability Allowing App Access to Sensitive User Data Arbitrary Code Execution Vulnerability in Apple Devices Vulnerability: Logic Issue Allows Unauthorized Access to User-Sensitive Data Denial-of-Service Vulnerability in macOS Endpoint Security Clients Silent Persistence of Apple ID on Erased iOS and iPadOS Devices Memory Handling Vulnerability in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1 Improved Private Data Redaction for Log Entries in macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1 Vulnerability Patched: User-Sensitive Data Access by Unauthorized Apps Vulnerability: Unauthorized Modification of Protected File System File System Vulnerability Patched in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1 macOS Sonoma 14.1 Patch: Logic Issue Allows Unauthorized Screen Unlocking Image Processing Vulnerability: Memory Disclosure through Out-of-Bounds Read Image Processing Vulnerability: Memory Disclosure through Out-of-Bounds Read Arbitrary Code Execution Vulnerability in macOS Ventura 13.5, iOS 16.6, and Other Apple Platforms Memory Corruption Vulnerabilities in libxml2 Use-After-Free Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Memory Handling Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Sensitive User Data Access Vulnerability Patched in macOS Sonoma 14, iOS 17, and iPadOS 17 Arbitrary Code Execution Vulnerability in macOS and iOS Vulnerability: Accessibility Keyboard Allows Display of Secure Text Fields with Physical Keyboard Improved Bounds Checks in macOS Sonoma 14: Mitigating Denial-of-Service and Memory Disclosure Vulnerability Vulnerability: Unauthorized Modification of Protected File System Improved Private Data Redaction for Log Entries in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1 Memory Handling Vulnerability in macOS Sonoma 14.2 Allows Arbitrary Code Execution Memory Handling Improvement Fixes Arbitrary Code Execution Vulnerability in macOS Sonoma 14.2 Image Processing Denial-of-Service Vulnerability Fixed in Safari and Apple Operating Systems Improved Redaction of Sensitive Information in macOS and iOS: Kernel Memory Disclosure Vulnerability Improper Bounds Checking Leading to Arbitrary Code Execution in macOS Sandbox Restriction Bypass Vulnerability in macOS Ventura 13.6.4 and macOS Sonoma 14.2 Image Processing Vulnerability: Memory Disclosure Privacy Preference Bypass Vulnerability in macOS Stored Cross-Site Scripting Vulnerability in WP Matterport Shortcode WordPress Plugin Arbitrary Code Execution Vulnerability in Safari and Apple Operating Systems Keystroke Monitoring Vulnerability in macOS CVE-2023-42892 CVE-2023-42893 Contact Information Exposure Vulnerability CVE-2023-42896 Siri Access Vulnerability in iOS 17.2 and iPadOS 17.2 Allows Unauthorized Data Access Arbitrary Code Execution Vulnerability in Image Processing Arbitrary Code Execution Vulnerability in Image Processing Reflected Cross-Site Scripting Vulnerability in WP Matterport Shortcode WordPress Plugin macOS Sonoma 14.2 Patch: Enhanced Security Measures to Prevent Unauthorized Access to User-Sensitive Data Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: App Termination and Code Execution Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Remote Code Execution (RCE) Vulnerability in Frauscher Sensortechnik GmbH FDS101 Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination CVE-2023-42913 Sandbox Escape Vulnerability Fixed in Multiple Apple Operating Systems Curl Version 8.4.0 Patch Fixes Multiple Vulnerabilities Vulnerability: Out-of-Bounds Read with Improved Input Validation in Apple Software Memory Corruption Vulnerability in Apple Devices: Arbitrary Code Execution Exploit Improved Private Data Redaction for Log Entries in macOS Sonoma 14.2, iOS 17.2, and iPadOS 17.2: Addressing a Privacy Vulnerability SQL Injection Vulnerability in Frauscher Sensortechnik GmbH FDS101 CVE-2023-42920 Sensitive Location Information Exposure Vulnerability Unauthenticated Access to Private Browsing Tabs in iOS and iPadOS 17.2 Vulnerability: Logic Issue Allows Unauthorized Access to Sensitive User Data Memory Corruption Vulnerabilities in macOS Sonoma 14.2: Arbitrary Code Execution and App Termination Elevated Privileges Vulnerability Patched in iOS 17.1 and iPadOS 17.1 Improved Checks Address Vulnerability Allowing Unauthorized Access to Protected User Data in macOS Sonoma 14 Privilege Escalation in Premium Packages - Sell Digital Products Securely WordPress Plugin (Versions up to 5.7.4) CVE-2023-42930 CVE-2023-42931 Vulnerability: Logic Issue Allows Unauthorized Access to Protected User Data Privilege Escalation Vulnerability Patched in macOS Sonoma 14 Privilege Escalation Vulnerability in macOS Sonoma 14, iOS 17, and iPadOS 17 macOS Ventura 13.6.4 Patch: Local Attacker Can View Previous User's Desktop from Fast User Switching Screen CVE-2023-42936 Improved Private Data Redaction for Log Entries in iOS 16.7.5 and iPadOS 16.7.5: Addressing Privacy Vulnerability CVE-2023-42938 Privacy Leak in App Privacy Report: Unexpected Saving of Private Browsing Activity Unauthenticated Remote Code Execution in URL Shortify WordPress Plugin Improper Screen Sharing Content Disclosure Vulnerability Bluetooth Denial-of-Service Vulnerability in iOS and iPadOS Vulnerability: Privilege Escalation via Symlink Handling macOS Sonoma 14.1 Patch: Fixing Unauthorized Bluetooth Access Vulnerability Improved Redaction of Sensitive Information in Apple Operating Systems CVE-2023-42947 Improper GPU Memory Processing Vulnerability CVE-2023-42950 Cache Handling Vulnerability in iOS and iPadOS 17.1 Privilege Escalation Vulnerability in iOS, iPadOS, and macOS Enhanced Permissions Restrictions Prevent Unauthorized Access to User Data CVE-2023-42954 CVE-2023-42956 PTC Codebeamer Admin User Clickjacking Vulnerability CVE-2023-42962 Arbitrary Directory Listing Vulnerability in Mmm Simple File List WordPress Plugin CVE-2023-42974 Stored Cross-Site Scripting Vulnerability in 123.chat WordPress Plugin Replay Attack Vulnerability in Digi RealPort Protocol Allows Unauthorized Access Unfiltered File Upload Vulnerability in Import XML and RSS Feeds WordPress Plugin Jenkins Fortify Plugin CSRF Vulnerability Allows Unauthorized Access to Stored Credentials Unauthenticated SQL Injection Vulnerability in Asset Management System v1.0 Authenticated SQL Injection Vulnerability in Asset Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Empty Password Vulnerability in IBM Security Access Manager Container Remote Access Vulnerability in IBM Security Verify Access 10.0.0.0 through 10.0.6.1 Privilege Escalation Vulnerability in IBM CICS TX Standard and Advanced Versions Jenkins Fortify Plugin 22.1.38 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs Sensitive Information Disclosure in IBM InfoSphere Information Server 11.7 HTML Injection Vulnerability in Jenkins Fortify Plugin 22.1.38 and Earlier Business Logic Errors in Froxlor GitHub Repository Information Exposure Vulnerability in IBM QRadar SIEM 7.5 Allows Delegated Admin Tenant User to Access Data from Other Domains Default Password Vulnerability in IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem, and IBM Storage Virtualize 8.3 Products CVE-2023-43043 Directory Traversal Vulnerability in IBM License Metric Tool 9.2 Improper Authentication in IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 CVE-2023-43051 CVE-2023-43054 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.5.0 Privilege Escalation Vulnerability in IBM Robotic Process Automation 23.0.9 Elevated Privilege Vulnerability in IBM i Facsimile Support Cross-Site Scripting Vulnerability in Dell Unity Prior to 5.3 Restricted Shell Bypass Vulnerability in Dell Unity Prior to 5.3 XML External Entity Injection Vulnerability in Dell Unity Dell SmartFabric Storage Software v1.4 (and earlier) OS Command Injection Vulnerability Dell SmartFabric Storage Software v1.4 CLI OS Command Injection Vulnerability CSRF Vulnerability in Lock User Account WordPress Plugin Path Traversal Vulnerability in Dell SmartFabric Storage Software v1.4 (and earlier) Dell SmartFabric Storage Software v1.4 (and earlier) Cross-Site Scripting Vulnerability Improper Access Control Vulnerability in Dell SmartFabric Storage Software v1.4 (and earlier) CLI Improper Input Validation in Dell SmartFabric Storage Software v1.4 (and earlier) Allows Unauthorized Data Access Arbitrary File Creation Vulnerability in Dell Unity 5.3 Dell PowerScale OneFS Denial-of-Service Vulnerability Improper Access Control in Dell OpenManage Server Administrator: Privilege Escalation Vulnerability Stored Cross-Site Scripting Vulnerability in User Submitted Posts Plugin for WordPress Default Permissions Vulnerability in PowerProtect Agent for File System Man-in-the-Middle Vulnerability in Dell Unity's vmadapter Component Improper Access Control Vulnerability in Dell Command | Configure Insufficient Permissions Vulnerability in Dell PowerScale OneFS 8.2.x - 9.5.0.x Dell Client BIOS Pre-Boot DMA Vulnerability Insufficient Protection in Dell Rugged Control Center Allows Unauthorized Access SQL Injection Vulnerabilities in ESC Internet Election Service Unauthenticated Local User Can Bypass GNOME Shell Lock Screen and View Desktop Session Windows Command Injection Vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Versions 23.2.1 and 23.2.2 XSS Vulnerability in Zimbra Collaboration Allows Unauthorized Access to User Mailboxes Unsanitized Parameter XSS Vulnerability in Zimbra Collaboration Arbitrary File Upload Vulnerability in Vrm 360 3D Model Viewer WordPress Plugin Font Corruption Vulnerability in Qt on Windows Remote Code Execution in Artifex Ghostscript through 10.01.2 via Crafted PostScript Documents Buildkite Elastic CI for AWS: Arbitrary Directory Ownership Change Vulnerability Arbitrary Code Execution and Impact in Chalet Application CSRF Vulnerability in Extreme Networks Switch Engine (EXOS) Privilege Escalation Vulnerability in Extreme Networks Switch Engine (EXOS) via Crafted Telnet Commands Privilege Escalation Vulnerability in Extreme Networks Switch Engine (EXOS) Chalet Application Directory Traversal Vulnerability in Extreme Networks Switch Engine (EXOS) Information Disclosure Vulnerability in Samsung Exynos Processors and Wearable Processors Information Disclosure Vulnerability in File.createTempFile on Unix-like Systems IP Traffic Leakage Vulnerability in BIG-IP APM Clients IP Traffic Leakage Vulnerability in BIG-IP APM Clients Command Injection Vulnerability in D-LINK DIR-806 Wireless Router Command Injection Vulnerability in D-LINK DIR-806 Wireless Router Command Injection Vulnerability in D-LINK DIR-806 Wireless Router Buffer Overflow Vulnerability in General Device Manager 2.5.2.2 SQL Injection Vulnerability in szvone vmqphp <=1.13 Allows Unauthorized Access to Administrator Password Hash Unauthenticated Access Vulnerability in Netis 360RAC1200 v1.3.4517 Unauthorized Access Vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n Command Injection Vulnerability in TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n Command Injection Vulnerability in TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n Remote Code Execution Vulnerability in Franfinance v.2.0.27 Arbitrary Code Execution Vulnerability in wpDataTables WordPress Plugin Vulnerability: Incorrect Access Control in TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 SQL Injection Vulnerability in Projectworldsl Assets Management System Cross Site Request Forgery (CSRF) vulnerability in PHPJabbers Limo Booking Software 1.0 allows unauthorized addition of admin user CSRF Vulnerability in SPA-Cart 1.9.0.3 Allows Remote Account Deletion CSRF Vulnerability in SPA-Cart 1.9.0.3 Allows Unauthorized Admin User Addition Reflected Cross-Site Scripting Vulnerability in Woo Custom Emails for WordPress Authentication Bypass and Administrator Account Takeover in Macrob7 Macs Framework CMS 1.1.4f Email Validation Denial of Service Vulnerability in Zod 3.22.2 Vulnerability: Unauthorized Pipeline Schedule Update to Protected Branch Arbitrary Code Execution Vulnerability in Afterlogic Aurora Files v9.7.3 via Crafted .sabredav File Uncontrolled Modification of Object Attributes in CrushFTP prior to 10.5.1 CSRF Vulnerability in Herd Effects WordPress Plugin Allows Arbitrary Effect Deletion Arbitrary Password Change Vulnerability in Reprise License Manager v15.1 NodeBB Forum Software XML-RPC Remote Code Execution Vulnerability HTML Injection Vulnerability in SpringbootCMS 1.0 Allows for Remote Code Execution and Cookie Theft SQL Injection Vulnerability in SpringbootCMS 1.0 Background Cross Site Scripting (XSS) Vulnerability in Submitty before v22.06.00 Incorrect Access Control in Submitty v22.06.00: Arbitrary Post Deletion Vulnerability Stack Overflow Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 via zn_jb Parameter in arp_sys.asp Function Stack Overflow Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 via tgfile.asp Function Stack Overflow Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 via popupId Parameter in H5/hi_block.asp Function Stack Overflow Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 via prev Parameter in H5/login.cgi Function Arithmetic Overflow Vulnerability in Satellite Personal Access Token Creation Stack Overflow Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 via yyxz.data Function Stack Overflow Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 via hi_up Parameter in qos_ext.asp Function Command Injection Vulnerability in D-LINK DWL-6610 FW_v_4.3.0.8B003C Stack Overflow Vulnerability in D-LINK DWL-6610 Firmware v4.3.0.8B003C: Exploiting the update_users Function Command Injection Vulnerability in D-LINK DWL-6610 FW_v_4.3.0.8B003C Command Injection Vulnerability in D-LINK DWL-6610 FW_v_4.3.0.8B003C Command Injection Vulnerability in D-LINK DWL-6610 FW_v_4.3.0.8B003C config_upload_handler Function Unauthenticated Remote Code Execution in NextGen Healthcare Mirth Connect (CVE-2023-37679 Incomplete Patch) Stored Cross-site Scripting (XSS) Vulnerability in cockpit-hq/cockpit prior to version 2.4.3 Arbitrary File Write Vulnerability in SeaCMS V12.9 via admin_ip.php Heap-based Buffer Overflow in radareorg/radare2 prior to 5.9.0 Arbitrary Code Writing Vulnerability in SeaCMS v12.8's admin_ping.php File Arbitrary File Upload Vulnerability in DedeCMS 5.7.111 and Earlier Vulnerability in Broadcom RAID Controller Web Interface Allows Unauthorized Access to Active Sessions Stored XSS Vulnerability in DedeBIZ v6.2.11 Website Column Management Function Stored XSS Vulnerability in YZNCMS v1.3.0: Arbitrary Code Execution via Crafted Title Parameter Multiple Remote Code Execution Vulnerabilities in DedeBIZ v6.2.11 via file_manage_control.php Stack Overflow Vulnerability in D-Link DIR-823G v1.0.2B05 SetWifiDownSettings Stack Overflow Vulnerability in D-Link DIR-816 A2 v1.10CNB05 via statuscheckpppoeuser Parameter Stack Overflow Vulnerability in D-Link DIR-816 A2 v1.10CNB05 Router Stack Overflow Vulnerability in D-Link DIR-816 A2 v1.10CNB05 via parameter nvmacaddr in form2Dhcpip.cgi Stack Overflow Vulnerability in D-Link DIR-816 A2 v1.10CNB05 Router Insecure Defaults in Broadcom RAID Controller Web Interface Expose Vulnerability Stack Overflow Vulnerability in D-Link DIR-816 A2 v1.10CNB05 via sip_address Parameter in ipportFilter Stack Overflow Vulnerability in D-Link DIR-823G v1.0.2B05 via SetWLanRadioSecurity Stack Overflow Vulnerability in D-Link DIR-816 A2 v1.10CNB05 Router Vulnerability: Broadcom RAID Controller Web Interface Exploitable via Libcurl with LSA Vulnerabilities Buffer Overflow Vulnerability in XNSoft Nconvert 7.136: User Mode Write AV via Crafted Image File XNSoft Nconvert 7.136 Exception Handler Chain Corruption Vulnerability Buffer Overflow Vulnerability in XNSoft Nconvert 7.136 via Crafted Image File Path Traversal Vulnerability in Gladys Assistant v4.26.1 and Below: Unauthorized File Extraction via Non-Sanitized User Input Insecure Default TLS Configuration in Broadcom RAID Controller Web Interface Cross-Site Scripting (XSS) Vulnerability in Milesight UR Series Admin Panel Milesight Router Vulnerability: Unauthorized Access to Sensitive Components Froala Editor v.4.1.1 Markdown Component Cross-site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in emlog pro v2.1.14's Publish Article Title Field Deserialization Vulnerability in Deyue Remote Vehicle Management System v1.1 Arbitrary File Upload Vulnerability in pigcms up to 7.0 Vulnerability: Sensitive Data Exposure and Local User Access in Broadcom RAID Controller Web Interface Remote Command Execution (RCE) Vulnerability in dst-admin v1.5.0 via userId Parameter at /home/playerOperate Insecure Access Control Allows Unauthorized Deletion of Video Files in 70mai A500s v1.2.119 SQL Injection Vulnerability in Phpjabbers PHP Shopping Cart 4.2 via id Parameter CSRF Vulnerability in DedeCMS v5.7 Backend Management Interface Arbitrary Admin Account Addition Vulnerability in Seacms v12.8 CVE-2023-43279 Vulnerability in Broadcom RAID Controller Web Interface Allows Local Users to Access Sensitive Data and Encryption Keys Double Free Vulnerability in stbi_load_gif_main function of Nothings Stb Image.h v.2.28 Arbitrary Code Execution Vulnerability in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 Insecure Default HTTP Configuration in Broadcom RAID Controller Web Interface Exposes SESSIONID Cookie Vulnerability Arbitrary Code Execution via Deserialization Vulnerability in emlog pro v.2.1.15 and Earlier CVE-2023-43292 Cross Site Request Forgery Vulnerability in Passwordstate v.Build 9785 and Earlier Channel Access Token Leakage Vulnerability in animal-art-lab v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in SCOL Members Card Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in DA BUTCHERS Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in urban_project mini-app on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in DARTS SHOP MAXIM Mini-App on Line v13.6.1 Vulnerability: Channel Access Token Leakage in sanTas Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Craftbeer Bar Canvas Mini-App on Line v13.6.1 Leakage of Channel Access Token Allows Crafted Malicious Notifications in PARK DANDAN Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Studio Kent Mini-App on Line v13.6.1 Stored Cross-Site Scripting (XSS) Vulnerability in Webmin 2.002 and Below via Cluster Cron Job Tab Input Field Insecure Default TLS Configuration in Broadcom RAID Controller Web Interface Zyxel PMG2005-T20B Firmware Buffer Overflow Vulnerability Privilege Escalation Vulnerability in Coign CRM Portal v.06.06 CVE-2023-43318 IceWarp WebClient 10.3.5 Sign-In Page Cross Site Scripting (XSS) Vulnerability Improper Permissions on Broadcom RAID Controller Log File Expose Web Interface Vulnerability Privilege Escalation via Two-Factor Authentication Bypass in Proxmox Server Solutions Arbitrary Code Execution via File Upload in Digital China Networks DCFW-1800-SDC v.3.0 Command Injection Vulnerability in ZPE Systems Nodegrid OS External Service Interaction Vulnerability in mooSocial 3.1.8 Reflected XSS Vulnerability in mooSocial v3.1.8 Allows Session Cookie Theft and Account Impersonation Reflected Cross-Site Scripting (XSS) Vulnerability in mooSocial v3.1.8 Allows Session Cookie Theft and Account Impersonation Vulnerability: Insecure SSL Cipher Ordering in Broadcom RAID Controller Web Interface Cross-Site Scripting (XSS) Vulnerability in Small CRM v3.0 Add User Function Access Control Bypass in Sangoma Technologies FreePBX Cesanta mjs v2.20.0 Function Pointer Hijacking Vulnerability Arbitrary Code Execution via Cross-Site Scripting (XSS) in cmsmadesimple v.2.2.18 Unauthenticated Access to Private Files via Broadcom RAID Controller Web Server Arbitrary Code Execution via Cross-Site Scripting (XSS) in Evolution v.3.2.3 Arbitrary Code Execution via Crafted Payload in Evolution Evo v.3.2.3 Cross-Site Scripting (XSS) Vulnerability in opensolution Quick CMS v.6.7 Arbitrary Code Execution via Cross-Site Scripting (XSS) in opensolution Quick CMS v.6.7 Arbitrary Code Execution via Cross-Site Scripting (XSS) in opensolution Quick CMS v.6.7 Arbitrary Code Execution via Cross-Site Scripting (XSS) in opensolution Quick CMS v.6.7 Cross-Site Scripting (XSS) Vulnerability in opensolution Quick CMS v.6.7 Unauthenticated Access to Private Server-Side Files in Broadcom RAID Controller Web Server Arbitrary Code Execution Vulnerability in CMSmadesimple v.2.2.18 Arbitrary Code Execution via Cross Site Scripting in CMSmadesimple v.2.2.18 Arbitrary Code Execution via Cross Site Scripting in CMSmadesimple v.2.2.18 Arbitrary Code Execution via Cross Site Scripting in CMSmadesimple v.2.2.18 Arbitrary Code Execution via Cross Site Scripting in CMSmadesimple v.2.2.18 Arbitrary Code Execution via Cross Site Scripting in CMSmadesimple v.2.2.18 Arbitrary Code Execution via Cross Site Scripting in CMSmadesimple v.2.2.18 News Menu Title Parameter Arbitrary Code Execution via Cross Site Scripting in CMSmadesimple v.2.2.18 Insecure Default HTTP Configuration in Broadcom RAID Controller Web Interface Exposes Cookies to Attacks Arbitrary Code Execution via Cross Site Scripting in CMSmadesimple v.2.2.18 Buffer Overflow Vulnerability in Vorbis-tools v.1.4.2: Arbitrary Code Execution and Denial of Service in WAV to OGG Conversion Code Execution Vulnerability in Searchor 2.4.2 Improper Session Handling Vulnerability in Broadcom RAID Controller Web Interface on Gateway Installation SQL Injection Vulnerability in Hoteldruid v3.0.5 via numcaselle Parameter at /hoteldruid/creaprezzi.php SQL Injection Vulnerability in Hoteldruid v3.0.5 via n_utente_agg Parameter SQL Injection Vulnerability in Hoteldruid v3.0.5 via id_utente_log Parameter at /hoteldruid/personalizza.php Multiple SQL Injection Vulnerabilities in Hoteldruid v3.0.5 at /hoteldruid/clienti.php Cross-Site Scripting (XSS) Vulnerability in Hoteldruid v3.0.5 Arbitrary Code Execution via Cross-Site Scripting (XSS) in Hoteldruid v3.0.5 Insecure Default HTTP Configuration in Broadcom RAID Controller Web Interface: Lack of X-Content-Type-Options Headers SQL Injection Vulnerability in Tianchoy Blog v.1.8.8 Login.php Allows Remote Information Disclosure Arbitrary Code Execution via Directory Traversal in itechyou dreamer CMS v.4.1.3 Insecure File Permissions in Broadcom RAID Controller Web Interface Expose Private Keys Privilege Escalation Vulnerability in Broadcom RAID Controller via Log File Session Prints Privilege Escalation to Root: Insecure Folder Creation in Broadcom RAID Controller Web GUI Insecure Defaults in Broadcom RAID Controller Web Interface Expose Vulnerability Vulnerability: Sensitive Password Exposure in Broadcom RAID Controller Web Interface URL Insufficient Randomness Vulnerability in Broadcom RAID Controller Web Interface Arbitrary Code Execution Vulnerability in HummerRisk v.1.10 thru 1.4.1 Client-Side Control Bypass in Broadcom RAID Controller Web Interface Allows Unauthorized Data Access Arbitrary Code Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 Arbitrary Code Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 Arbitrary Code Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 Arbitrary Code Execution and Sensitive Information Disclosure in Service Provider Management System v.1.0 Remote Privilege Escalation in Service Provider Management System v.1.0 Arbitrary Code Execution and Information Disclosure in Resort Reservation System v.1.0 via XSS Vulnerability Vulnerability in KNX Devices: Unauthorized Lockout and Password Reset Issue SQL Injection Vulnerability in janobe Online Job Portal v.2020: Remote Code Execution via login.php SQL Injection Vulnerability in janobe Online Job Portal v.2020: Remote Code Execution via ForPass.php Reflected Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 23.8.0 SQL Injection Vulnerability in janobe Online Voting System v.1.0: Remote Code Execution via checklogin.php Information Disclosure Vulnerability in MLFlow REST API Command Injection Vulnerability in Telstra Smart Modem Gen 2 (Arcadyan LH1000) Firmware < 0.18.15r Unauthenticated Firmware and Configuration Upload Vulnerability in Telstra Smart Modem Gen 2 (Arcadyan LH1000) Remote Code Execution Vulnerability in Shenzhen TCL Browser TV Web BrowseHere Command Execution Vulnerability in Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 Cross-Site Scripting Vulnerability in Welcart e-Commerce Item List Page (Versions 2.7 to 2.8.21) Plaintext Logging of Shared Secret in TACACS+ Audit Forwarding Critical System Property Modification Vulnerability Enables Unauthorized ADB Access Use After Free Vulnerability in Google Chrome Device Trust Connectors CVE-2023-43490 CVE-2023-43491 Stack-Based Buffer Overflow in Weintek's cMT3000 HMI Web CGI Device SQL Injection Vulnerability in Welcart e-Commerce Item List Page (Versions 2.7 to 2.8.21) Allows Unauthorized Access to Sensitive Data Sensitive Build Variable Exposure in Jenkins Build History Widget Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.423 and Earlier Arbitrary Code Execution Vulnerability in Jenkins Plugin Installation File Upload Vulnerability in Jenkins LTS Versions File Upload Vulnerability in Jenkins LTS 2.414.1 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Build Failure Analyzer Plugin Spoofing Vulnerability in Fullscreen Mode of Google Chrome on Android Jenkins Build Failure Analyzer Plugin CSRF Vulnerability Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier: Missing Permission Check Allows Unauthorized Access CSRF Vulnerability in Jenkins Build Failure Analyzer Plugin Allows Deletion of Failure Causes Sensitive Information Leakage in COMOS Caching System SEH-based Buffer Overflow in COMOS (All versions < V10.4.4) Ptmcast Executable Improper Access Controls in COMOS SMB Shares Vulnerability ClearPass OnGuard Linux Agent Privilege Escalation Vulnerability SQL Injection Vulnerability in ClearPass Policy Manager Unauthorized State-changing Actions in ClearPass Policy Manager Web Interface ClearPass Policy Manager Web Interface Remote Notification Vulnerability Use After Free Vulnerability in Google Chrome Network Component Arbitrary Command Execution Vulnerability in ClearPass Policy Manager IPv6 Extension Header Vulnerability: Transient Denial of Service (DoS) in WLAN Firmware Transient Denial of Service Vulnerability in GATT Service Data Parsing Event Ring Memory Corruption Vulnerability Memory Corruption Vulnerability in IOCTL Calls for Internal Memory Mapping and Unmapping CVE-2023-43515 Firmware Vulnerability: Memory Corruption via Malformed Message Payload Exploiting Improper Access Control in HAB: Memory Corruption in Automotive Multimedia Invalid MP2 clip leads to memory corruption in video parsing Videoinfo Memory Corruption Vulnerability Type Confusion Vulnerability in V8 Allows Remote Heap Corruption Beacon TID Parsing Vulnerability CVE-2023-43521 Empty or NULL Encrypted Key Vulnerability 11AZ RTT Management Action Frame Vulnerability CVE-2023-43524 CVE-2023-43525 CVE-2023-43526 CVE-2023-43527 CVE-2023-43528 CVE-2023-43529 Heap Buffer Overflow in ANGLE in Google Chrome CVE-2023-43530 CVE-2023-43531 ACPI Config Memory Corruption Vulnerability Beacon Length Vulnerability in WLAN Firmware Access Point TID to Link Mapping Action Request Frame Memory Corruption Vulnerability Negative Display IDs Trigger Memory Corruption Vulnerability One-Character File Parsing Vulnerability in Internet Explorer CVE-2023-43539 Heap Buffer Overflow in Skia in Google Chrome CVE-2023-43540 CVE-2023-43541 CVE-2023-43546 CVE-2023-43547 CVE-2023-43548 CVE-2023-43549 Heap Corruption Vulnerability in V8 in Google Chrome (Chromium Security Severity: High) CVE-2023-43550 CVE-2023-43552 CVE-2023-43553 Use after free vulnerability in Audio in Google Chrome prior to 116.0.5845.96 Stored XSS Vulnerability in JetBrains TeamCity Nodes Configuration Buffer Overflow Vulnerability in Lenovo Desktop Products' LemSecureBootForceKey Module Buffer Over-read Vulnerability in Lenovo Desktop Products' LemSecureBootForceKey Module Buffer Overflow Vulnerability in Lenovo Desktop OemSmi Module XML External Entity (XXE) Injection Vulnerability in Google Chrome Local Privilege Escalation Vulnerability in OemSmi Driver's SMI Callback Function Buffer Overflow Vulnerability in Lenovo Desktop BiosExtensionLoader Module Buffer Over-read Vulnerability in Lenovo Desktop BiosExtensionLoader Module Buffer Overflow Vulnerability in LEMALLDriversConnectedEventHook Module in Lenovo Desktop Products Buffer Over-read Vulnerability in LEMALLDriversConnectedEventHook Module in Lenovo Desktop Products Buffer Overflow Vulnerability in Lenovo Desktop UltraFunctionTable Module Buffer Overflow Vulnerability in Lenovo Desktop Products' WMISwSmi Module Buffer Overflow Vulnerability in Lenovo Desktop ReFlash Module Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Lenovo Desktop SmiFlash Module Buffer Overflow Vulnerability in Lenovo SmuV11Dxe Driver Use After Free Vulnerability in DNS in Google Chrome Buffer Overflow Vulnerability in Lenovo Desktop Products Buffer Overflow Vulnerability in Lenovo Desktop Update_WMI Module Zoom Client Vulnerability: Unauthorized Privilege Escalation via Network Access Information Disclosure Vulnerability in Zoom Mobile App and SDKs Improper Access Control in Zoom Mobile App and SDKs for iOS: Information Disclosure Vulnerability Path Traversal Vulnerability in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows Allows Privilege Escalation via Network Access Insufficient Control Flow Management in Zoom Clients: Network-based Information Disclosure Vulnerability App Launcher Spoofing Vulnerability in Google Chrome on iOS Zoom Rooms for macOS Local Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Zoom Rooms for macOS Obfuscation of Security UI in Color Implementation in Google Chrome Data Integrity Vulnerability in Buildroot 2023.08.1 and dev commit 622698d7847: Arbitrary Command Execution via Man-in-the-Middle Attack Unauthenticated Access and Information Disclosure Vulnerability in Emerson Rosemount GC370XA, GC700XA, and GC1500XA Products Autofill Bypass Vulnerability in Google Chrome on Android SQL Injection Vulnerability in Welcart e-Commerce Order Data Edit Page (Versions 2.7 to 2.8.21) Privilege Escalation Vulnerability in BIG-IP Edge Client Installer on macOS Arbitrary File Read and Write Vulnerability in OpenHarmony v3.2.2 and Prior Versions Cross-Site Scripting Vulnerability in Welcart e-Commerce Order Data Edit Page (Versions 2.7 to 2.8.21) Buffer Overflow in Mbed TLS 2.x and 3.x ZIP Extraction File Overwrite Vulnerability Shared Secret Leakage in Croc Messaging Protocol Croc Protocol Cleartext IP Address Disclosure Vulnerability Arbitrary File Transfer Vulnerability in Croc Heap Buffer Overflow in Mojom IDL in Google Chrome Terminal Device Attack via ANSI Escape Sequences in Croc Command Line Shared Secret Vulnerability HTTP/2 Connection Exhaustion Vulnerability User Enumeration Vulnerability in Mendix Forgot Password XML External Entity (XXE) Vulnerability in CX-Designer Ver.3.740 and Earlier DLL Injection Vulnerability in Simcenter Amesim (All versions < V2021.1) ACERA Firmware Path Traversal Vulnerability NTRIP Stream Parsing Integer Underflow Vulnerability in GPSd 3.25.1~dev Dialog URL Spoofing Vulnerability in Google Chrome on Android Vulnerability: Inadequate Measurement of Config Partition Allows Unauthorized Access to Encrypted Vault Vulnerability: Unauthorized SSH Access via Mutable /config Partition Stack Overflow Vulnerability in VTPM Server Process Vulnerability: Unauthorized Configuration Override and Debug Function Exploitation Vulnerability: Inadequate PCR Configuration for Key Sealing/Unsealing Vulnerability: Insecure Sealing of Vault Key with SHA1 PCRs Vulnerability: Unvalidated Root Filesystem in EVE OS Allows Unauthorized Access Weak Vault Key Generation Vulnerability Obfuscation of Security UI in Google Chrome Permission Prompts SQL Injection Vulnerability in TaxonWorks Out-of-Bounds Array Access Vulnerability in libcue Denial of Service (DoS) Vulnerability in SnappyInputStream Mutation XSS (mXSS) Vulnerability in AntiSamy Authentication Bypass Vulnerability in Sing-box Proxy System Circular Relationship Denial of Service Vulnerability in OpenFGA Regular Expression Denial of Service (ReDoS) in get-func-name prior to 2.0.1 Cross-Site Scripting Vulnerability in baserCMS File Upload Feature Directory Traversal Vulnerability in baserCMS Prior to Version 4.8.0 Cross-Site Request Forgery Vulnerability in baserCMS Content Preview Feature Obfuscation of Security UI in Google Chrome Fullscreen Vulnerability Vulnerability: Brute-force Attack on JumpServer Password Reset Verification Code Remote Code Execution and Privilege Escalation in JumpServer via MongoDB Session Exploit Unauthenticated Authentication Bypass in JumpServer's Core API Remote HTTP Download and File Write Vulnerability in TorchServe Remote Code Execution Vulnerability in Composer Vulnerability: Sandbox Escape in Matrix-Hookshot Improper Escaping of Encrypted Topic Titles in discourse-encrypt Plugin Leads to XSS Vulnerability Cross-site Scripting (XSS) Vulnerability in discourse-calendar Plugin Cross-site Scripting Vulnerability in Discourse Digest Email Preview UI Use After Free Vulnerability in Google Chrome Extensions Bypassing SSH Key Verification in Warpgate Code Execution Vulnerability in Cachet Status Page System Unauthenticated Arbitrary File Read Vulnerability in ShokoServer Vulnerability: Unauthorized Module Disabling in PrestaShop Unrestricted Module Listing Vulnerability in PrestaShop Back Office Incomplete Fix for CVE-2019-14232: Denial of Service Vulnerability in Django Truncator Methods Insufficient Data Authenticity Verification in Apache InLong: Unauthorized Access to Admin Account Apache InLong SQL Injection Vulnerability Authorization Bypass Through User-Controlled Key Vulnerability in Apache InLong Excessive Length HTTP Header Denial of Service Vulnerability in Tungstenite Crate Bypassing Enterprise Policies via Crafted HTML Page in Google Chrome Extensions API Bypassing Enterprise Policies via Crafted HTML Page in Google Chrome Extensions API Bypassing File Restrictions via Crafted HTML Page in Google Chrome on ChromeOS Arbitrary File Upload and Download Vulnerability in SICK APU FTP Server RDT400 in SICK APU Vulnerability: Modification of Assumed-Immutable Data (MAID) Cross-Site Scripting (XSS) Vulnerability in SICK APU RDT400 Unrestricted Login Attempts Vulnerability in SICK APU RDT400 Unprivileged Remote Data Modification Vulnerability in SICK APU RDT400 Apache Superset: Remote Code Execution via Improper Payload Validation and REST API Response Type Cross-Site Scripting (XSS) Vulnerability in Os Commerce via tracking_number Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce's product_info[][name] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via title Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via translation_value[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via email_templates_key Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce Cross-Site Scripting (XSS) Vulnerability in Os Commerce Cross-Site Scripting (XSS) Vulnerability in Os Commerce's configuration_title[1](MODULE) Parameter Cross-Site Scripting (XSS) Vulnerability in phpRecDB 1.3.1 Cross-Site Scripting (XSS) Vulnerability in Os Commerce Cross-Site Scripting (XSS) Vulnerability in Os Commerce via admin_firstname Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via access_levels_name Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via title Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via SKIP_CART_PAGE_TITLE[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via MAX_DISPLAY_NEW_PRODUCTS_TITLE[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via MSEARCH_HIGHLIGHT_ENABLE_TITLE[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via MSEARCH_ENABLE_TITLE[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via SHIPPING_GENDER_TITLE[1] Parameter Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Os Commerce via BILLING_GENDER_TITLE[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via PACKING_SLIPS_SUMMARY_TITLE[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce Cross-Site Scripting (XSS) Vulnerability in Os Commerce's orders_status_name[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce Cross-Site Scripting (XSS) Vulnerability in Os Commerce via orders_products_status_name_long[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via orders_products_status_manual_name_long[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce's stock_indication_text[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via stock_delivery_terms_text[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce Insufficient Permission Validation in Devolutions Remote Desktop Manager: Remote Tools Vulnerability Cross-Site Scripting (XSS) Vulnerability in Os Commerce via countries_name[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via zone_name Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via tax_class_title Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via company_address Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce Allows Unauthorized Script Execution Cross-Site Scripting (XSS) Vulnerability in Os Commerce via formats_titles[7] Parameter Unfiltered Input Vulnerability in 'bookisbn' Parameter of cart.php Resource Vulnerability: Unauthorized Access and Data Manipulation in WP Remote Users Sync Plugin Insecure File Upload Vulnerability in Online Book Store Project v1.0 Time-of-Check-Time-of-Use Race Condition Vulnerability in Buildkite Elastic CI for AWS Authentication Bypass Vulnerability in Zultys MX Series SQL Injection Vulnerability in Zultys MX Web Interface OS Command Injection Vulnerability in Zultys MX Series Patch Manager Bypassing Appliance Mode Restrictions via BIG-IP External Monitor OS Command Injection Vulnerability in WRC-X3000GS2-W, WRC-X3000GS2-B, and WRC-X3000GS2A-B (v1.05 and earlier) Vulnerability: Unauthorized Viewing of Archived Channels in Mattermost Permalink Previews Stack-based Overflow Vulnerability in Zavio IP Cameras with Firmware Version M2.1.6.05 OpenHarmony v3.2.4 and Prior: Local Attacker Information Leak via Out-of-Bounds Read Weak Encryption Vulnerability in ELECOM and LOGITEC Routers: Guessing Encryption Key and Intercepting Wireless LAN Communication Stored Cross-Site Scripting Vulnerability in Serial Codes Generator and Validator with WooCommerce Support WordPress Plugin Denial of Service Vulnerability in WithSecure Products via Fuzzed PE32 File Vulnerability: Denial of Service (Infinite Loop) in WithSecure Products Unauthenticated Remote Code Execution Vulnerability in WithSecure Policy Manager 15 and Policy Manager Proxy 15 XSS Vulnerability in WithSecure Policy Manager 15 on Windows and Linux Denial of Service Vulnerability in WithSecure Products Local Privilege Escalation Vulnerability in WithSecure Products via lhz Archive Unpack Handler Denial of Service Vulnerability in WithSecure Products via aepack Archive Unpack Handler CVE-2023-43768 CVE-2023-43769 Cross-Site Scripting (XSS) Vulnerability in Roundcube Email Client Denial of Service Vulnerability in nqptp-message-handlers.c in nqptp before 1.2.3 Denial-of-Service Vulnerability in Eaton SMP Gateway Web Server Weak Encoding Algorithm Used for Storing Device Password in Eaton easyE4 PLC Insecure Password Storage in Eaton easySoft Software Vulnerability: Sentry Token Leakage in GitLab CE/EE Insecure Temporary File Handling in Cadence 0.9.2 Insecure Temporary File Vulnerability in Cadence through 0.9.2 Plesk Onyx 17.8.11 AccessKeyId and secretAccessKey Exposure Vulnerability Boundary Condition Vulnerability in libX11's _XkbReadKeySyms() Function Allows Unauthorized Memory Reading Denial of Service Vulnerability in libX11's PutSubImage() Function Integer Overflow Vulnerability in libX11's XCreateImage() Function Boundary Condition Vulnerability in libXpm Allows Out-of-Bounds Read libXpm Out-of-Bounds Read Vulnerability Code Owner Approval Bypass Vulnerability in GitLab EE CVE-2023-43790 Privilege Escalation Vulnerability in Label Studio Code Injection Vulnerability in baserCMS Mail Form Bypassing Authentication in Bull Dashboard of Misskey Social Media Platform SQL Injection Vulnerability in Nocodb Allows Unauthorized Database Querying Server Side Request Forgery (SSRF) Vulnerability in GeoServer WPS User Enumeration Vulnerability in Synapse Matrix Homeserver Cross-Site Scripting Vulnerability in BigBlueButton Guest Lobby Server-Side Request Forgery (SSRF) Vulnerability in BigBlueButton Unsanitized External URL Handling and Renderer Process Isolation Vulnerability in Altair GraphQL Client Desktop Application Insecure Logging of Credentials in Ansible Automation Platform Privilege Escalation in Arduino Create Agent via Crafted HTTP POST Request Arbitrary File Deletion Vulnerability in Arduino Create Agent Privilege Escalation via Crafted HTTP POST Request in Arduino Create Agent Arbitrary File Deletion Vulnerability in Arduino Create Agent HTTP Redirect Information Leakage in urllib3 Incomplete URL Validation in Nexkey Allows Authentication Bypass Soft Serve Prior to Version 0.6.2: Bypass of Public Key Authentication in Keyboard-Interactive SSH Unverified Password Change Vulnerability in GitHub Repository instantsoft/icms2 prior to 2.16.1-git Unbounded Cardinality Vulnerability in OpenTelemetry Autoinstrumentation SQL Injection Vulnerability in GLPI Versions 10.0.0 to 10.0.10 Unauthorized Access to Private Poll Results in Discourse Buffer Overflow Vulnerability in Delta Electronics Delta Industrial Automation DOPSoft v2 Buffer Overflow Vulnerability in Delta Electronics Delta Industrial Automation DOPSoft v2 Buffer Overflow Vulnerability in Delta Electronics Delta Industrial Automation DOPSoft v2 Buffer Overflow Vulnerability in Delta Electronics Delta Industrial Automation DOPSoft Allows Remote Code Execution Stack-Based Buffer Overflow in Delta Electronics Delta Industrial Automation DOPSoft Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in tdevs Hyip Rio 2.1 Delta Electronics Delta Industrial Automation DOPSoft DPS File Remote Code Execution Vulnerability Stack-Based Buffer Overflow in Delta Electronics Delta Industrial Automation DOPSoft Allows Remote Code Execution Delta Electronics Delta Industrial Automation DOPSoft DPS File Remote Code Execution Vulnerability Delta Electronics Delta Industrial Automation DOPSoft Remote Code Execution Vulnerability Delta Electronics Delta Industrial Automation DOPSoft DPS File Remote Code Execution Vulnerability Arbitrary Code Execution via Relative Path Traversal in Shihonkanri Plus Ver9.0.3 and Earlier Apache Guacamole Integer Overflow Vulnerability Cross-site scripting (XSS) vulnerability in Subrion v4.2.1 allows arbitrary script execution via crafted payload in 'Title' parameter Critical Vulnerability in MicroWorld eScan Anti-Virus 7.0.32 on Linux: Local Privilege Escalation via runasroot File Cross-site Scripting (XSS) Vulnerability in Subrion v4.2.1 Financial Configuration Panel Authenticated Arbitrary PHP Code Injection in Super Store Finder 3.7 and below Jizhicms 2.4.9 Backend SQL Injection Vulnerability Arbitrary Code Execution via SVG File Upload in Personal Management System v1.4.64 Unencrypted Sensitive Data Exposure in MaximaTech Portal Executivo 21.9.1.140 NULL Pointer Dereference Vulnerability in JFS File System in Linux Kernel Arbitrary File Read Vulnerability in Dreamer CMS v4.1.3 Stored XSS Vulnerability in Dreamer CMS v4.1.3 via /admin/u/toIndex Component PHP Object Injection Vulnerability in Essential Blocks Plugin for WordPress Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02 via formSetWanNonLogin Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02 via formSetWanPPPoE Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02 via formLanguageChange Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02: Exploiting formSetWanDhcpplus Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02 via formSetWAN_Wizard55 Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02 via formSetWanPPTP Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02: Exploiting formSetWAN_Wizard7 Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02 via formSetWanL2TP Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02 via websGetVar Function Buffer Overflow Vulnerability in D-Link DIR-619L B1 2.02 via formSetWAN_Wizard56 Function Use-after-free vulnerability in VMware's vmxnet3 ethernet NIC driver in Linux Kernel Root Certificate Vulnerability in Net2 Software Installation Hidden XSS Exploitation via File Upload Vulnerability in WBCE v.1.6.1 Hidden XSS Exploit via File Upload Vulnerability in CMSmadesimple v.2.2.18 Cross Site Scripting (XSS) Vulnerability in e017 CMS v.2.3.2 via Crafted Script in Name Field Arbitrary Code Execution via Cross Site Scripting (XSS) in e017 CMS v.2.3.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Subrion CMS v.4.2.1 Installation October v.3.4.16 Installation XSS Vulnerability: Arbitrary Web Script Execution via Crafted Payload in dbhost Field Multiple Cross-Site Scripting (XSS) Vulnerabilities in Rite CMS 3.0 Administration Menu Multiple Cross-Site Scripting (XSS) Vulnerabilities in Rite CMS 3.0 Administration Menu Cross-Site Scripting (XSS) Vulnerability in Rite CMS 3.0 Administration Menu Stored Cross-Site Scripting Vulnerability in EventON WordPress Plugin Cross-site Scripting (XSS) Vulnerability in Subrion v4.2.1 Transactions Panel Arbitrary Device Locking Vulnerability in Tenda RX9 Pro Firmware V22.03.02.20 Buffer Overflow Vulnerability in Tenda RX9 Pro v22.03.02.20 HTTP Server Component Buffer Overflow Vulnerabilities in Libde265 v1.0.12: Exploiting num_tile_columns and num_tile_row Parameters Double Decrement Vulnerability in btrfs_get_root_ref in Linux Kernel's btrfs Filesystem Command Injection Vulnerability in Netis N3Mv2-V1.0.1.865 Diagnostic Tools Page Command Injection Vulnerability in Netis N3Mv2-V1.0.1.865 Changing Username and Password Function Command Injection Vulnerability in Netis N3Mv2-V1.0.1.865 via Hostname Parameter in WAN Settings Command Injection Vulnerability in Netis N3Mv2-V1.0.1.865 Wake-On-LAN (WoL) Function Critical Buffer Overflow Vulnerability in Macrium Reflect 8.1.7544 and Below Null Pointer Dereference in stbi__convert_format function of Nothings stb 2.28: Denial of Service (DoS) Vulnerability SQL Injection Vulnerability in Hansun CMS v1.0 via /ajax/ajax_login.ashx Component Arbitrary Web Script Injection Vulnerability in Popup Box WordPress Plugin IDOR Vulnerability in EMSigner v2.8.7: Unauthorized Access to Sensitive Data Arbitrary User Modification Vulnerability in EMSigner v2.8.7 Unauthenticated Account Takeover via Password Reset Token in EMSigner v2.8.7 Unrestricted Backend Access Vulnerability in WriterCMS v1.1.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Xolo CMS v0.11 Global Buffer Overflow Vulnerability in OptiPNG v0.7.7 SQL Injection Vulnerability in Hospital Management System via app_contact Parameter Cleartext Storage of Sensitive Information in Control iD Gerencia Web 1.30 Vulnerability: HTML and SMTP Injections in LiquidFiles Registration Page Use-After-Free Vulnerability in btrfs_get_dev_args_from_path in Linux Kernel Stored Cross Site Scripting (XSS) Vulnerability in SourceCodester Task Management System 1.0 Stored Cross-site Scripting (XSS) Vulnerability in cockpit-hq/cockpit prior to version 2.6.4 Cross-Site Scripting (XSS) Vulnerability in SSCMS 7.2.2 Column Management Component Stored Cross-Site Scripting (XSS) Vulnerability in SSCMS 7.2.2 Material Management Component Cross-Site Scripting (XSS) Vulnerability in SSCMS 7.2.2 Content Management Component Arbitrary Code Execution and File Manipulation Vulnerability in com.phlox.tvwebbrowser TV Bro Application Remote Code Execution Vulnerability in YeaLinkSIP-T19P-E2 v.53.84.0.15 Privilege Escalation Vulnerability in DLINK DPH-400SE FRU 2.2.15.8 Authentication Bypass Vulnerability in Dromara SaToken Buffer Overflow Vulnerability in Zyxel ATP and USG Series Firmware 5.37 Privilege Escalation Vulnerability in CatoNetworks CatoClient SQL Injection Vulnerability in ETS Soft ybc_blog v4.4.0 and earlier Integer overflow vulnerability in QuickSec IPSec toolkit allows for DoS on Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, and VPN series firmware versions 4.30-5.37 SQL Injection Vulnerability in Presto Changeo Testsitecreator v1.1.1 via disable_json.php Deserialization Vulnerability in Presto Changeo TestSiteCreator up to 1.1.1 via delete_excluded_folder.php Server-Side Request Forgery (SSRF) Vulnerability in Bon Presta boninstagramcarousel SQL Injection Vulnerability in Presto Changeo AttributeGrid up to 2.0.3 via disable_json.php Arbitrary User Information Download Vulnerability in Smart Soft AdvancedExport SQL Injection Vulnerability in SunnyToo stblogsearch v1.0.0 SQL Injection Vulnerability in DM Concept Configurator Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Nature Fitness Saijo Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Mokumoku Chohu Mini-App on Line v13.6.1 Bypassing Request Security in Grafana Enterprise through Punycode Encoding Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in cherub-hair mini-app on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in PRIMA CLINIC Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in STOCKMAN GROUP Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in smaregi_app_market Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Cleaning_makotoya mini-app on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in picot.golf mini-app on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Q Co Ltd Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Yoruichi Hobby Base Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Books-futaba Mini-App on Line v13.6.1 Leakage of Channel Access Token in COLORFUL_laundry Mini-App on Line v13.6.1 Plain Text Password Storage Vulnerability in Skyhigh Secure Web Gateway Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Otakara Lapis Totuka Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Ailand Clinic Mini-App on Line v13.6.1 Arbitrary Code Execution via File Upload in mojoPortal v.2.7.0.0 Arbitrary Code Execution via File Upload in mojoPortal v.2.7.0.0 Skin Management OS Command Injection Vulnerability in Dell SmartFabric Storage Software v1.4 (and earlier) Remote Code Execution Vulnerability in mojoPortal v.2.7.0.0 via Crafted Script in layout.master Skin File Arbitrary Code Execution via Cross Site Scripting in mojoPortal v.2.7.0.0 Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 Multiple Stack Overflows in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01's formSetMacFilterCfg Function Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 PHP Object Injection Vulnerability in Essential Blocks Plugin for WordPress Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 Stack Overflow Vulnerability in Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 SQL Injection Vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (Supercheckout) v.8.0.3 and Earlier SQL Injection Vulnerability in Addify Addifyfreegifts v.1.0.2 and Earlier: Remote Code Execution via Crafted Script in getrulebyid Function Arbitrary File Saving Vulnerability in Reprise License Manager v15.1 Sensitive Information Disclosure Vulnerability in ZPE Systems Nodegrid OS CVE-2023-44038 CVE-2023-44039 Privilege Escalation in Donation Forms by Charitable WordPress Plugin CVE-2023-44040 Stored XSS Vulnerability in Black Cat CMS 1.4.1 Allows Arbitrary Code Execution via Crafted Website Header Parameter Reflected XSS Vulnerability in Black Cat CMS 1.4.1 via Website Title Parameter SQL Injection Vulnerability in Super Store Finder v3.6 and Below via Search Parameter at /admin/stores.php SQL Injection Vulnerability in Sourcecodester Toll Tax Management System v1 Cross Site Scripting (XSS) Vulnerability in Sourcecodester Expense Tracker App v1 Reflected XSS Vulnerability in KC Group E-Commerce Software (CVE-2023-1123) Arbitrary Code Execution via File Upload in Simple and Nice Shopping Cart Script v.1.0 Critical SQL Injection Vulnerability in Codecanyon Credit Lite 1.5.4 Arbitrary Code Execution via Cross Site Scripting in Small CRM v3.0 Signature Verification Vulnerability in Studio Network Solutions ShareBrowser before 7.0 on macOS (PMP-2636) High CPU Load Vulnerability in BIND DNS Server Remote Code Execution Vulnerability in PGYER Codefever v.2023.8.14-2ce4006 via branchList Component Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation SQL Injection Vulnerability in Pandora FMS: Arbitrary SQL Execution Cross-Site Scripting (XSS) Vulnerability in Pandora FMS Visual Consoles Unrestricted Upload Vulnerability in NBS&HappySoftWeChat 1.1.6 CVE-2023-44090 CVE-2023-44091 CVE-2023-44092 Unverified Public Key Vulnerability in Package Names: A Threat to Service Confidentiality Distributed File Module Type Confusion Vulnerability: Device Restart Exploitation Surfaceflinger Module UAF Vulnerability: System Crash Exploitation Device Authentication Module Vulnerability: Brute-Force Attack Exploitation and Service Confidentiality Risk Improper Management of Device Serial Numbers: A Threat to Service Confidentiality Critical Vulnerability: Lack of Encryption in Card Management Module Jeopardizes Service Confidentiality Kernel Module Data Verification Vulnerability: Disrupting WLAN Connectivity Critical Remote OS Command Injection Vulnerability in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 (VDB-237513) Bluetooth Module Broadcast Permission Control Vulnerability: Threat to Service Confidentiality Bluetooth Module Vulnerability: Broadcast Notification Permission Control Weakness Bluetooth Broadcast Permission Control Vulnerability: Disabling Bluetooth Functionality Bluetooth Module Out-of-Bounds Read Vulnerability: Implications for Service Confidentiality Bluetooth Module Broadcast Permission Control Vulnerability Window Management Module Permissions Vulnerability API Permission Management Vulnerability in Fwk-Display Module: Abnormal Feature Behavior Design Process Defects in Screen Projection Module: A Threat to Service Availability and Integrity Distributed File Module Type Confusion Vulnerability: Device Restart Exploitation Huks TA Module Clone Vulnerability: Threat to Service Confidentiality Critical Remote OS Command Injection Vulnerability in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 (VDB-237514) Audio Module Out-of-Bounds Access Vulnerability: A Threat to Availability Device Authentication Module Vulnerability: Brute-Force Attack Exploitation and Confidentiality Impact Confidentiality Impacting Out-of-Bounds Access Vulnerability in Device Authentication Module API Permission Verification Vulnerability in DFR Module: A Threat to Service Confidentiality Array Out-of-Bounds Vulnerability in dataipa Module: Impact on Service Confidentiality Critical Vulnerability: Improper Permission Control in Booster Module Jeopardizes Service Confidentiality Unauthorized App Execution Vulnerability in APPWidget Module Inaccurate Trust Relationships in Distributed Scenarios: A Threat to Service Confidentiality Undefined Permissions Vulnerability in MeeTime Module: A Threat to Availability and Confidentiality Kernel Module Mutual Exclusion Vulnerability: A Threat to Availability Critical Remote Command Injection Vulnerability in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 (VDB-237515) Arbitrary Code Injection and Root Access Vulnerability in Spectrum Power 7 (All versions < V23Q4) Intent Redirection Vulnerability in LG ThinQ Service: Arbitrary Access to Not Exported Activities Vulnerability: Arbitrary File Theft via Implicit Intents in LockScreenSettings App Arbitrary File Theft and Overwrite Vulnerability in Bluetooth App Arbitrary File Theft Vulnerability in Screen Recording App Arbitrary File Theft and Overwrite Vulnerability in Personalized Service App LG Call Management App Vulnerability: Sensitive Data Disclosure via Implicit Broadcasts LG Call Management App Vulnerability: Sensitive Data Disclosure via Implicit Intents Arbitrary File Deletion Vulnerability in LGInstallService Vulnerability: Intent Forwarding in LG Messaging App Critical Command Injection Vulnerability in Beijing Baichuo Smart S85F Management Platform (CVE-2023-0807) Code Injection Vulnerability in Inkdrop Markdown Editor Stored Cross-Site Scripting Vulnerability in Bamboo Mcr Bamboo Columns Unauthenticated Reflected XSS Vulnerability in Dreamfox Payment Gateway Plugin for WooCommerce Stored Cross-Site Scripting (XSS) Vulnerability in jesweb.Dev Anchor Episodes Index Plugin CSRF Vulnerability in Checkfront Online Booking System Plugin <= 3.6 Critical Remote Authentication Bypass Vulnerability in Ruijie RG-EW1200G 07161417 r483 Sensitive Information Exposure Vulnerability in ProfilePress Membership Plugin Improper Authentication in Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979: Sensitive Information Disclosure and Manipulation Cleartext Storage of Sensitive Information in Memory Vulnerability in Acronis Cyber Protect 15 (Linux, macOS, Windows) Improper Authorization Leads to Sensitive Information Disclosure and Manipulation in Acronis Cyber Protect 15 (Linux, Windows) Log File Information Disclosure Vulnerability in Acronis Cyber Protect 15 (Linux, Windows) before build 35979 Spell-jacking Vulnerability in Acronis Cyber Protect 15 (Linux, Windows) before build 35979 Leads to Sensitive Information Disclosure Insecure Folder Permissions in Acronis Cyber Protect 15 (Windows) before build 35979: Local Privilege Escalation Vulnerability Insufficient Token Field Masking in Acronis Cyber Protect 15 (Linux, Windows) before build 35979 Leads to Sensitive Information Disclosure Cleartext Storage Vulnerability in Acronis Cyber Protect 15 (Linux, Windows) before build 35979 Cross-Site Request Forgery (CSRF) Vulnerability in Acronis Cyber Protect 15 (Linux, Windows) before build 35979 Allows Sensitive Information Manipulation Cross-Site Request Forgery Vulnerability in Acronis Cyber Protect 15 (Linux, Windows) before build 35979 Allows Sensitive Information Manipulation Unfiltered Input Vulnerability in process_search.php Unfiltered Character Injection Vulnerability in process_login.php Unfiltered Character Injection Vulnerability in 'age' Parameter of process_registration.php Arbitrary File Write Vulnerability in SeaCMS V12.9 via admin_notify.php Improper Access Controls in Entry Duplication Component of Devolutions Remote Desktop Manager: Unauthorized Sharing of Personal Vault Entry Arbitrary File Write Vulnerability in SeaCMS V12.9 via admin_ping.php Arbitrary File Write Vulnerability in SeaCMS V12.9 via admin_smtp.php Arbitrary File Write Vulnerability in SeaCMS V12.9 via admin_weixin.php Authenticated Reflected Cross-Site Scripting Vulnerability in Online Movie Ticket Booking System v1.0 Authenticated Stored Cross-Site Scripting Vulnerability in Online Movie Ticket Booking System v1.0 Title: Juniper Networks Junos OS and Junos OS Evolved Reachable Assertion Vulnerability Leading to Denial of Service (DoS) Stack-based Buffer Overflow Vulnerability in Juniper Networks Junos OS CLI Command Stack-based Buffer Overflow Vulnerability in Juniper Networks Junos and Junos EVO CLI Command Stack-based Buffer Overflow Vulnerability in Juniper Networks Junos OS CLI Command LMS5xx TCP SYN-based Denial-of-Service Vulnerability Improper Implementation of Storm Control in Juniper Networks Junos OS QFX5k Devices Allows for L2 Loop and DDoS Attacks Unchecked Return Value Vulnerability in Juniper Networks Junos OS and Junos OS Evolved VxLAN Packet Forwarding Engine (PFE) DMA Memory Leak Vulnerability Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in AS PATH Processing of Juniper Networks Junos OS and Junos OS Evolved Sensitive Information Exposure in Junos OS Evolved 'file copy' Command TOCTOU Race Condition Vulnerability in Juniper Networks Junos OS Telemetry Processing Origin Validation Bypass Vulnerability in Juniper Networks Junos OS Evolved on PTX10003 Series LMS5xx Vulnerability: Hard-coded Credentials Enable Unauthorized Access and Disruption Origin Validation Vulnerability in MAC Address Validation on Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 Devices Unauthenticated DoS Vulnerability in Juniper Networks Junos OS on QFX5000 and EX4000 Series Memory Leak Vulnerability in Juniper Networks Junos OS QFX5000 Series Improper Memory Release Vulnerability in Juniper Networks Junos OS Root Privilege Backdoor Vulnerability in Juniper Networks Junos OS Improper Restriction of Communication Channel to Intended Endpoints Vulnerability in Juniper Networks Junos OS Evolved Unauthenticated Adjacent Attack on Juniper Networks Junos OS Evolved PTX10003 Series Out-of-Bounds Write Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Check for Unusual or Exceptional Conditions Vulnerability in Juniper Networks Junos OS SIP ALG Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on MX Series Lack of Transport Layer Security (TLS) in SICK LMS5xx allows unauthorized interception and disclosure of sensitive information Incorrect Permission Assignment Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Packet Flooding Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400, and EX4600 Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (rpd) Improper Authorization Leads to Sensitive Information Disclosure in Acronis Cyber Protect 15 (Linux, Windows) Improper Authorization Leads to Sensitive Information Disclosure and Manipulation in Acronis Cyber Protect 15 (Linux, Windows) Stored XSS Vulnerability in Protection Plan Name of Acronis Cyber Protect 15 (Linux, Windows) Missing Authorization in Acronis Cyber Protect Home Office (Windows) before build 40713: Sensitive Information Disclosure and Manipulation Vulnerability Improper Soft Link Handling Vulnerability in Acronis Agent (Linux, macOS, Windows) Timing Side-Channel Vulnerability in NSS Code for PKCS#1 v1.5 Padding Missing Authorization in Acronis Agent (Linux, macOS, Windows) before build 29258: Sensitive Information Disclosure and Manipulation Vulnerability Missing Authorization in Acronis Agent (Linux, macOS, Windows) before build 31637: Sensitive Information Disclosure and Manipulation Vulnerability Missing Authorization in Acronis Agent (Linux, macOS, Windows) before build 31477: Sensitive Information Disclosure and Manipulation Vulnerability Excessive System Information Collection Leads to Sensitive Data Exposure in Acronis Agent (Windows) Vulnerability: Sensitive Information Disclosure in Acronis Agent (Linux, macOS, Windows) Cross-Origin Pixel-Stealing Vulnerability in PowerVR Image Compression (PVRIC) on Imagination 2018 and Later GPU Devices Local Privilege Escalation Vulnerability in SonicWall Net Extender MSI Client SonicWall NetExtender Pre-Logon Privilege Escalation Vulnerability Local Privilege Escalation Vulnerability in SonicWall Directory Services Connector Windows MSI Client 4.1.21 and Earlier Versions Stored Cross-site Scripting (XSS) Vulnerability in cockpit-hq/cockpit prior to version 2.6.3 DLL Search Order Hijacking Vulnerability in SonicWall NetExtender Client SMA100 SSL-VPN Management Interface OS Command Injection Vulnerability CVE-2023-44227 Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Onclick Show Popup Plugin <= 8.1 Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider Plugin <= 8.1 Stored Cross-Site Scripting Vulnerability in WP Event Manager Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Popup Contact Form Plugin <= 7.1 CSRF Vulnerability in NickDuncan Contact Form Plugin CSRF Vulnerability in WP Hide Pages Plugin <= 1.0 CSRF Vulnerability in FooGallery Plugin <= 2.2.44 CSRF Vulnerability in Devnath Verma WP Captcha Plugin CSRF Vulnerability in Moriyan Jay WP Site Protector Plugin CSRF Vulnerability in Joakim Ling Remove Slug from Custom Post Type Plugin Stored XSS Vulnerability in Jobin Jose WWM Social Share On Image Hover Plugin <= 2.2 Buffer Overflow Vulnerability in Zephyr OS BLE Devices: Potential DoS and RCE Exploitation CSRF Vulnerability in Peter Butler Timthumb Vulnerability Scanner Plugin CSRF Vulnerability in Keap Keap Landing Pages Plugin Stored Cross-Site Scripting (XSS) Vulnerability in 2J Slideshow Team Slideshow Plugin CSRF Vulnerability in Instant CSS Plugin <= 1.2.1 Unauthenticated Reflected XSS Vulnerability in FooGallery Plugin <= 2.2.44 Leap Contractor Contact Form Website to Workflow Tool Plugin XSS Vulnerability CSRF Vulnerability in Matias's Shockingly Simple Favicon Plugin Improper Access Control Vulnerability in FortiEDRCollectorWindows Authorization Bypass Vulnerability in Fortinet FortiManager and FortiAnalyzer Elevated Action Exploitation in Fortinet FortiOS and FortiProxy HA Clusters Path Traversal Vulnerability in Fortinet FortiWAN Versions 5.1.1 - 5.2.1 Privilege Escalation via Crafted JWT Tokens in Fortinet FortiWAN Sensitive Information Exposure Vulnerability in Fortinet FortiManager and FortiAnalyzer Server-side Request Forgery Vulnerability in Fortinet FortiAnalyzer and FortiManager CSRF Vulnerability in Hometory Mang Board WP Plugin <= 1.7.6 CSRF Vulnerability in Mediavine Control Panel Plugin CSRF Vulnerability in Woocommerce ESTO Plugin (<= 2.23.1) CSRF Vulnerability in Dinesh Karki Block Plugin Update Plugin <= 3.3 Stored XSS Vulnerability in Renzo Johnson Blocks Plugin <= 1.6.41 Riyaz Social Metrics Plugin <= 2.2 Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Arrow Plugins The Awesome Feed – Custom Feed Plugin <= 2.2.5 Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Popup Contact Form Plugin <= 7.1 Stored Cross-Site Scripting (XSS) Vulnerability in Jewel Theme WP Adminify Plugin <= 3.1.6 Unauthenticated SQL Injection Vulnerabilities in Online Art Gallery v1.0 Out of Bounds Memory Read Vulnerability in V8 in Google Chrome CSS Comment Injection Vulnerability in PostCSS Denial of Service Vulnerability in Pillow's ImageFont Cross-Site Scripting Vulnerability in Citadel Versions Prior to 994 Signature Malleability Vulnerability in Consensys gnark-crypto through 0.11.2 Cross-Site Scripting (XSS) Vulnerability in OPNsense Lobby Dashboard Cross-Site Scripting (XSS) Vulnerability in OPNsense Lobby Dashboard OS Command Injection Vulnerability in Dell PowerProtect DD CLI Path Traversal Vulnerability in Dell PowerProtect DD Dell PowerProtect DD OS Command Injection Vulnerability Out of Bounds Memory Read Vulnerability in CSS in Google Chrome Elevation of Privilege Vulnerability in Dell Pair Installer Improper Access Control in Dell Repository Manager Installation Module Privilege Escalation and Arbitrary Code Execution Vulnerability in Dell SupportAssist SQL Injection Vulnerability in Dell PowerProtect DD Improper Access Control Vulnerability in Dell PowerProtect DD DOM-based Cross-Site Scripting Vulnerability in Dell PowerProtect DD Improper Resource Control in Dell PowerScale OneFS: Denial of Service Vulnerability Improper Access Control Vulnerability in Dell Command | Configure Use After Free Vulnerability in Google Chrome Loader Improper Access Control Vulnerability in Dell Command | Monitor OS Command Injection Vulnerability in Dell DM5500 5.14.0.0 Improper Access Control in Dell Repository Manager Installation Module Unintentional Information Disclosure Vulnerability in Dell Secure Connect Gateway Application and Appliance Unintentional Information Disclosure Vulnerability in Dell Secure Connect Gateway Application and Appliance Improper Resource Control in Dell PowerScale OneFS: Information Disclosure Vulnerability Hard-coded Credential Vulnerability in Dell ELab-Navigator 3.1.9 Active Debug Code Security Vulnerability in Dell PowerEdge and Precision BIOS Versions 1.4.4 Active Debug Code Security Vulnerability in Dell PowerEdge and Precision BIOS Versions 1.4.4 Vulnerability Title: Use After Free Heap Corruption in Vulkan in Google Chrome Plain-text Password Storage Vulnerability in Dell DM5500 5.14.0.0 Reflected Cross-Site Scripting Vulnerability in Dell DM5500 5.14.0.0 and Prior Improper Authentication Vulnerability in Dell DM5500 5.14.0.0 and Prior Sensitive Data Exposure Vulnerability in RVTools Privilege Escalation Vulnerability in Dell DM5500 Appliance Stack-based Buffer Overflow Vulnerability in Dell DM5500 5.14.0.0 Path Traversal Vulnerability in Dell DM5500 Appliance Allows Remote Configuration File Overwrite Open Redirect Vulnerability in Adaptive Media Administration Page in Liferay DXP 2023.Q3 before Patch 6 and 7.4 GA through Update 92 Stored Cross-Site Scripting (XSS) Vulnerabilities in Liferay Portal and Liferay DXP Out of Bounds Memory Read Vulnerability in Google Chrome Stored Cross-Site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in Liferay Portal and Liferay DXP Unauthorized Access to Sensitive Information in Apache ServiceComb Service-Center Apache ServiceComb Service-Center SSRF Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in SINEC NMS (All versions < V2.0) Arbitrary Code Execution Vulnerability in X509 Certificate Validation Hardcoded Key Vulnerability in RUGGEDCOM and SCALANCE Devices Weak Checksum Algorithm Allows Unauthorized Configuration Changes Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository Cockpit-HQ/Cockpit Prior to 2.6.4 Authentication Bypass Vulnerability in Web Interface Configuration Denial of Service Vulnerability in Web Interface Configuration Changes SMTP Server Response Spoofing Vulnerability Use After Free Vulnerability in Adobe Acrobat for Edge Allows Application Denial-of-Service Improper Authentication Vulnerability in Adobe FrameMaker Allows Unauthorized Access and Password Leakage Out-of-Bounds Read Vulnerability in Adobe Animate Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Bridge Access of Uninitialized Pointer Vulnerability Use After Free Vulnerability in Adobe Bridge Allows Memory Disclosure Adobe Bridge Access of Uninitialized Pointer Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in cockpit-hq/cockpit prior to version 2.6.4 Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Adobe Photoshop Out-of-Bounds Read Vulnerability Allows Memory Disclosure Adobe Photoshop Out-of-Bounds Read Vulnerability Leading to Memory Disclosure Adobe Photoshop Out-of-Bounds Read Vulnerability Leading to Memory Disclosure Adobe Photoshop Out-of-Bounds Read Vulnerability Leading to Memory Disclosure Adobe Photoshop Out-of-Bounds Read Vulnerability Leading to Memory Disclosure Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Unauthenticated Access to GitHub Repository hamza417/inure Prior to Build88 Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure CVE-2023-44341 CVE-2023-44342 CVE-2023-44343 CVE-2023-44344 CVE-2023-44345 CVE-2023-44346 CVE-2023-44347 Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Improper Input Validation in GitHub Repository hamza417/inure (Build88) Arbitrary Code Execution via Deserialization Vulnerability in Adobe ColdFusion Arbitrary Code Execution via Deserialization Vulnerability in Adobe ColdFusion Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe ColdFusion Arbitrary Code Execution via Deserialization Vulnerability in Adobe ColdFusion Improper Input Validation Vulnerability in Adobe ColdFusion Allows Security Feature Bypass Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-237557) Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Use After Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Adobe Prelude Access of Uninitialized Pointer Vulnerability Adobe Acrobat Reader Uninitialized Pointer Access Vulnerability Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-237558) Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Input Field Sanitization Vulnerability Privilege Escalation Vulnerability in RUGGEDCOM and SCALANCE Networking Devices Vulnerability: Dual Decomposition of In-Circuit Values in gnark Library Cross-Site Scripting Vulnerability in baserCMS Site Search Feature Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-237559) Authenticated Backend User PHP Code Execution Vulnerability in October CMS Arbitrary PHP Execution Vulnerability in October CMS Stored XSS Vulnerability in October CMS Media Manager SSRF and API Manipulation Vulnerability in Discourse-Jira Plugin Client-Side Request Forgery Vulnerability in Home Assistant Companion for iOS and macOS (GHSL-2023-161) Denial of Service Vulnerability in Vapor HTTP1 Error Handler Improper Permissions Handling in Gradle Symlinked Files Vulnerability: Server Disk Space Exhaustion via Malicious Requests in Discourse Title: Remote Code Execution Vulnerability in Zope's Title Property Improper Validation of Quantity Input in SourceCodester Card Holder Management System 1.0 HTMLSanitizer Vulnerability: Bypassing Sanitization with Foreign Content User summaries accessible to anonymous users in Discourse Code Injection Vulnerability in Garden's Cryo Library Reflected Cross-Site Scripting (XSS) Vulnerability in Piwigo prior to 14.0.0beta4 Insufficient Access-Level Checks on MantisBT Wiki Redirection Page Path Traversal Vulnerability in Autolab's Assessment Functionality CVE-2023-44396 Permission Bypass Vulnerability in CloudExplorer Lite Gateway Filter Out-of-Bounds Write Vulnerability in Exiv2 v0.28.0 Account Existence Verification Vulnerability in ZITADEL's Password Reset Flow Critical SQL Injection Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0 (CVE-2021-237561) Persistent Account Access Vulnerability in Uptime Kuma (Versions Prior to 1.23.3) Bypassing `canView` Permission Checks in Silverstripe CMS GraphQL Server Vulnerability: Electron macOS App Bundle Tampering CVE-2023-44403 CVE-2023-44404 CVE-2023-44405 CVE-2023-44406 CVE-2023-44407 CVE-2023-44408 CVE-2023-44409 Critical SQL Injection Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0 (VDB-237562) CVE-2023-44410 CVE-2023-44411 CVE-2023-44412 CVE-2023-44413 CVE-2023-44414 CVE-2023-44415 CVE-2023-44416 CVE-2023-44417 CVE-2023-44418 CVE-2023-44419 Critical SQL Injection Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0 (VDB-237563) CVE-2023-44420 CVE-2023-44421 CVE-2023-44422 CVE-2023-44423 CVE-2023-44424 CVE-2023-44425 CVE-2023-44426 CVE-2023-44427 CVE-2023-44428 CVE-2023-44429 Critical SQL Injection Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12 CVE-2023-44430 CVE-2023-44431 CVE-2023-44432 CVE-2023-44433 CVE-2023-44434 CVE-2023-44435 CVE-2023-44436 CVE-2023-44437 CVE-2023-44438 CVE-2023-44439 Critical SQL Injection Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0 (VDB-237565) CVE-2023-44440 CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444 CVE-2023-44445 CVE-2023-44446 CVE-2023-44447 CVE-2023-44448 CVE-2023-44449 Critical SQL Injection Vulnerability in Mini-Tmall up to 20230811 (VDB-237566) CVE-2023-44450 CVE-2023-44451 CVE-2023-44452 Critical SQL Injection Vulnerability in OpenRapid RapidCMS 1.3.1 (VDB-237567) IP Address Spoofing Vulnerability in pretix Pillow EPS File Parsing Vulnerability in pretix Buffer Overflow and Remote Code Execution in Linux Kernel's Ceph Messenger_v2 Vulnerability: Bypassing CVE-2023-36258 Fix in langchain_experimental 0.0.14 Server-Side Request Forgery in LemonLDAP::NG OpenID Connect Issuer (CVE-2020-10770) Critical SQL Injection Vulnerability in OpenRapid RapidCMS 1.3.1 (VDB-237568) CSRF Vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts Plugin <= 1.1 CSRF Vulnerability in Bernhard Kau Backend Localization Plugin CVE-2023-44472 CSRF Vulnerability in Michael Tran Table of Contents Plus Plugin Unauthenticated Reflected XSS Vulnerability in MD Jakir Hosen Tiger Forms Plugin CSRF Vulnerability in Michael Simpson Add Shortcodes Actions And Filters Plugin CSRF Vulnerability in CopyRightPro Plugin <= 2.1 Stored Cross-Site Scripting (XSS) Vulnerability in Boxy Studio Cooked Plugin <= 1.7.13 Stored XSS Vulnerability in Jim Krill WP Jump Menu Plugin <= 3.6.4 Critical Vulnerability in OpenRapid RapidCMS 1.3.1: Weak Password Recovery via admin/run-movepass.php Authenticated SQL Injection in 'setcasualleave' Parameter of Leave Management System Project v1.0 Authenticated SQL Injection in 'setearnleave' Parameter of Leave Management System Project v1.0 Authenticated SQL Injection in 'setsickleave' Parameter of Leave Management System Project v1.0 Private Key Disclosure in Apache Santuario - XML Security for Java Stored Cross-Site Scripting Vulnerability in Online Blood Donation Management System v1.0 HTTP/2 Denial of Service Vulnerability: Stream Reset Exploit Width Mishandling Vulnerability in libvpx: Crash during Encoding (CVE-2020-25655) Critical SQL Injection Vulnerability in SourceCodester Free and Open Source Inventory Management System 1.0 (VDB-237570) Critical Remote Code Injection Vulnerability in jeecgboot JimuReport up to 1.6.0 (VDB-237571) Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository Cockpit-HQ/Cockpit Prior to 2.6.4 Denial-of-Service Vulnerability in EDR-810, EDR-G902, and EDR-G903 Series Reflected Cross-site Scripting (XSS) Vulnerability in pimcore/pimcore prior to 10.6.8 CSRF Vulnerability in GitHub Repository wallabag/wallabag (<= 2.6.3) CSRF Vulnerability in GitHub Repository wallabag/wallabag (<= 2.6.3) Authorization Bypass Vulnerability in openshift-logging LokiStack Information Disclosure Vulnerability in Grafana Google Sheets Data Source Plugin NULL Pointer Dereference Vulnerability in vmxnet3_rq_cleanup in Linux Kernel Unsanitized SVG File Upload Vulnerability in WordPress Plugin 1.2.1 Insufficiently Random Values Vulnerability in Poly Trio and VVX Series Denial of Service Vulnerability in Poly CCX 400, CCX 600, Trio 8800, and Trio C60 Critical Vulnerability: Remote OS Command Injection in Poly Trio and VVX Series Unverified Password Change Vulnerability in Poly Trio and VVX Series Remote Attack Vulnerability in Poly CCX 400, CCX 600, Trio 8800, and Trio C60 Web Interface Critical Backdoor Vulnerability in Poly Trio 8800 7.2.6.0019 Poly Trio Devices: Missing Authorization Vulnerability Arbitrary Website Access Vulnerability in e-Gov Client Application Unauthenticated Access Vulnerability in Profile Extra Fields by BestWebSoft Plugin for WordPress Weak Encryption in mycli 1.27.0 Exposes Sensitive Data via /mycli/config.py D-Link DAR-7000 V31R02B1413C: SQL Injection Vulnerability in /importexport.php D-Link DAR-7000 V31R02B1413C: SQL Injection Vulnerability in /log/mailrecvview.php Integer Overflow Vulnerability in PlutoSVG's plutosvg_load_from_memory Component Reflected Cross-Site Scripting Vulnerability in Order Tracking Pro Plugin for WordPress Cryptographically Weak PRNG in Objectplanet Opinio Allows Unauthenticated Account Takeover Command Injection Vulnerability in Zyxel NAS326 and NAS542 Firmware Remote Command Execution in Zyxel NAS326 and NAS542 Firmware ASUSTOR Data Master (ADM) Arbitrary File Movement Vulnerability Cross-Site Scripting (XSS) Vulnerability in GDidees CMS 3.0 via Crafted Page Title Payload Reflected Cross-Site Scripting in Locatoraid Store Locator WordPress Plugin Cross Site Scripting (XSS) Vulnerabilities in Concrete CMS v.9.2.1 via Header and Footer Tracking Codes Multiple Cross Site Scripting (XSS) Vulnerabilities in Concrete CMS Forms Arbitrary Code Execution via Cross Site Scripting (XSS) in Concrete CMS 9.2.0-9.2.2 Arbitrary File Upload and Cross-Site Scripting (XSS) via Thumbnail File Upload in Concrete CMS v9.2.1 XSS Vulnerability in Concrete CMS Installation Name Parameter Arbitrary Code Execution via Cross Site Scripting (XSS) in Concrete CMS 8.5.12 and below, and 9.0 through 9.2.1 Cross Site Scripting (XSS) Vulnerability in Concrete CMS v.9.2.1 via SEO - Extra from Page Settings RiteCMS 3.0 File Upload Vulnerability: Local File Upload and XSS via SVG File Cross-Site Scripting (XSS) Vulnerability in Zenario CMS v.9.4.59197 Allows Arbitrary Code Execution via Spare Aliases from Alias Zenario CMS v.9.4.59197 Cross-Site Scripting (XSS) Vulnerability in Organizer - Spare Alias Zenario CMS v.9.4.59197 Cross-Site Scripting (XSS) Vulnerability in Page Layout User Registration Bypass Vulnerability in Mattermost CVE-2023-4479 Remote Privilege Escalation Vulnerability in Dromara SaToken (<=1.36.0) Cross Site Scripting (XSS) Vulnerability in LimeSurvey _generaloptions_panel.php Component Arbitrary File Read and Write Vulnerability in Fusion File Manager Stack Overflow Vulnerability in D-Link DIR-820L 1.05B03 cancelPing Function Stack Overflow Vulnerability in D-Link DIR-820L 1.05B03's sub_4507CC Function Insecure Permissions Vulnerability in D-Link DIR-820L 1.05B03 BGP UPDATE Message DoS Vulnerability in Juniper Networks Junos OS CSRF Vulnerability in MooSocial v.3.1.8 Allows Remote Code Execution and Information Disclosure via Admin Password Change Function Arbitrary Code Execution via Cross Site Scripting (XSS) in mooSocial v.3.1.8 Arbitrary Code Execution via Cross Site Scripting (XSS) in mooSocial v.3.1.8 Stored Cross-Site Scripting Vulnerability in Auto Amazon Links WordPress Plugin Potential Denial of Service Vulnerability in Gifsicle through 1.94 Arbitrary Code Execution Vulnerability in Expense Management System v.1.0 Cross Site Scripting Vulnerability in ZenTaoPMS v.18.6: Information Disclosure via Crafted Script Arbitrary Code Execution Vulnerability in ZenTao Office Conversion Settings Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05: Exploiting CurrentPassword Parameter in CheckPasswdSettings Function Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05: AdminPassword Parameter in SetDeviceSettings Function Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05 via EndTime Parameter Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05 Allows DoS Attacks Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05: Exploiting MacAddress Parameter in SetWanSettings Function Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05: Exploiting GuardInt Parameter in SetWLanRadioSettings Function Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05 Router Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05 via Mac Parameter in SetParentsControlInfo Function Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05: Exploiting SSID Parameter in SetWLanRadioSettings Function Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05 Allows DoS Attacks Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05 via TXPower Parameter Buffer Overflow Vulnerability in D-Link DIR-823G A1V1.0.2B05 Arbitrary Code Execution Vulnerability in SeaCMS v.12.8 via admin_notify.php Arbitrary Code Execution Vulnerability in SeaCMS v.12.8 via admin_Weixin.php Arbitrary Code Execution Vulnerability in SeaCMS v.12.8 via admin_template.php Unauthenticated Blind SQL Injection Vulnerability in ARDEREG Sistema SCADA Central Login Page CVE-2023-44852 CVE-2023-44853 CVE-2023-44854 CVE-2023-44855 CVE-2023-44856 CVE-2023-44857 Authentication Bypass Vulnerability in Johnson Controls Metasys NAE55, SNE, SNC Engines and Facility Explorer F4-SNC Engines Denial of Service Vulnerability in NETIS SYSTEMS N3Mv2 v.1.0.1.865 Local Privilege Escalation in GE CIMPLICITY 2023 Local File Inclusion Vulnerability in Dropbox Folder Share for WordPress Plugin Uninitialized PRNG in Z/IP Gateway Products: Predictable S0 Encryption Key Vulnerability SQL Injection Vulnerability in WP Job Portal WordPress Plugin Buffer Overflow Vulnerability in Easy Address Book Web Server 1.6: Remote Code Execution via Long Username String JavaScript Injection Vulnerability in Easy Address Book Web Server 1.6 Stored Cross-Site Scripting Vulnerability in Easy Address Book Web Server 1.6 Stack-based Buffer Overflow Vulnerability in Easy Chat Server 3.1: Remote Code Execution via Long Username String Cross-Site Scripting (XSS) Vulnerability in Easy Chat Server 3.1 and Earlier Arbitrary Code Execution via ID Parameter in BigTree CMS v.4.5.7 Developer Settings Remote Code Execution Vulnerability in D-Link DSL-3782 Router Cross-Site Scripting (XSS) Vulnerability in Easy Chat Server 3.1 and Earlier SQL Injection Vulnerability in Koha Library Software 23.0.5.04 and Earlier: Remote Information Disclosure Arbitrary File Read Vulnerability in Koha Library Software 23.05.04 and Earlier Cross-Site Scripting (XSS) Vulnerability in Easy Chat Server 3.1 and Earlier Arbitrary File Upload Vulnerability in Emlog Pro v2.2.0 Arbitrary File Upload Vulnerability in Emlog Pro v2.2.0's /admin/plugin.php Component Unauthenticated Access to Restricted Pages in Tenda N300 Wireless N VDSL2 Modem Router Authorization Bypass Through User-Controlled Key Vulnerability in Apache ZooKeeper Unauthorized Access to Sensitive Information in Perfect Images Plugin Sensitive Information Exposure in Aruba HiSpeed Cache Stored Cross-Site Scripting (XSS) Vulnerability in Robin Wilson BBP Style Pack Plugin <= 5.6.7 Stored Cross-Site Scripting (XSS) Vulnerability in Cytech BuddyMeet Plugin <= 2.2.0 Stored XSS Vulnerability in Abandoned Cart Lite for WooCommerce Plugin Stored XSS Vulnerability in Timely Booking Button Plugin CVE-2023-44989 Information Disclosure Vulnerability in HP ThinUpdate Utility Stored Cross-Site Scripting (XSS) Vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional Plugin <= 1.0.7.1 Sensitive Information Exposure Vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI) CSRF Vulnerability in QuantumCloud AI ChatBot Plugin CSRF Vulnerability in Bainternet ShortCodes UI Plugin <= 1.9.8 CSRF Vulnerability in WP Doctor WooCommerce Login Redirect Plugin CSRF Vulnerability in Naresh Parmar Post View Count Plugin CSRF Vulnerability in Nitin Rathod WP Forms Puzzle Captcha Plugin CSRF Vulnerability in Category Meta Plugin <= 1.2.8 CVE-2023-44999 Stored Cross-Site Scripting Vulnerability in Order Tracking Pro Plugin for WordPress CVE-2023-45000 SQL Injection vulnerability in Castos Seriously Simple Stats Unauthenticated Reflected XSS Vulnerability in Arrow Plugins Social Feed Plugin Unauthenticated Reflected XSS Vulnerability in wp3sixty Woo Custom Emails Plugin Unauthenticated Reflected XSS Vulnerability in Castos Seriously Simple Stats Plugin <= 1.5.1 Unauthenticated Reflected XSS Vulnerability in ByConsole WooODT Lite Plugin Unauthenticated Reflected XSS Vulnerability in Fotomoto Plugin <= 1.2.8 Stored XSS Vulnerability in WPJohnny Comment Reply Email Plugin Ineffective User Authentication in OpenText Visual COBOL and Enterprise Server Stored Cross-Site Scripting (XSS) Vulnerability in Alex MacArthur Complete Open Graph Plugin <= 3.4.5 CSRF Vulnerability in Igor Buyanov WP Power Stats Plugin Unauthenticated SQL Injection in Online Bus Booking System v1.0 Unauthenticated SQL Injection Vulnerability in Online Bus Booking System v1.0 Unauthenticated SQL Injection in Online Bus Booking System v1.0 Unauthenticated SQL Injection Vulnerabilities in Online Bus Booking System v1.0 Stored Cross-Site Scripting Vulnerability in Translate WordPress with GTranslate WordPress Plugin Information Disclosure in Best Practical Request Tracker (RT) 5 before 5.0.5 via Transaction Search OS Command Injection Vulnerability in QNAP Operating Systems Allows Remote Command Execution Title: QNAP Operating System Path Traversal Vulnerability Allows Unauthorized Access to Sensitive Data Title: QNAP Operating System Path Traversal Vulnerability Allows Unauthorized Access to Sensitive Data Title: Uncontrolled Resource Consumption Vulnerability in QNAP Operating Systems Allows for DoS Attacks Improper Initialization Vulnerability in Galleon Allows Unauthorized Access to Remote HTTP Services Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Heap-based Buffer Overflow in CUPS and libppd Allows for Code Execution Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating Systems SQL Injection Vulnerability in Pressference Exporter CSRF Vulnerability in LeadSquared Suite Plugin <= 0.7.4 CSRF Vulnerability in Repuso Social Proof Testimonials and Reviews Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ciprian Popescu YouTube Playlist Player Plugin <= 4.6.7 LDAP Passback Vulnerability in Staff / Employee Business Directory for Active Directory Plugin for WordPress Stored Cross-site Scripting (XSS) Vulnerability in Jetpack – WP Security, Backup, Speed, & Growth Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Image Vertical Reel Scroll Slideshow Plugin <= 9.0 Versions CSRF Vulnerability in dan009 WP Bing Map Pro Plugin < 5.0 Versions Unauthenticated Reflected XSS Vulnerability in AWESOME TOGI Product Category Tree Plugin <= 2.5 SQL Injection vulnerability in InspireUI MStore API (MStore API: n/a-4.0.6) allows unauthorized database access. Stored Cross-Site Scripting (XSS) Vulnerability in 100plugins Open User Map Plugin <= 1.3.26 Stored XSS Vulnerability in Hitsteps Web Analytics Plugin <= 5.86 CSRF Vulnerability in KaizenCoders Short URL Plugin <= 1.6.8 Gumroad Plugin <= 3.1.0: Stored XSS Vulnerability LDAP Passback Vulnerability in Active Directory Integration / LDAP Integration Plugin for WordPress CSRF Vulnerability in Fla-shop.Com Interactive World Map Plugin Unauthenticated Reflected XSS Vulnerability in Thomas Scholl canvasio3D Light Plugin <= 2.4.6 CSRF Vulnerability in ReCorp AI Content Writing Assistant Plugin Unauthenticated Reflected XSS Vulnerability in Daisuke Takahashi(Extend Wings) OPcache Dashboard Plugin <= 0.3.1 Unauthenticated Reflected XSS Vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit Plugin (<= 1.42) Sensitive Information Exposure in Smackcoders Export All Posts, Products, Orders, Refunds & Users Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ashish Ajani WordPress Simple HTML Sitemap Plugin <= 2.1 CSRF Vulnerability in Supsystic Contact Form Plugin SQL Injection Vulnerability in Video Gallery by Total-Soft Plugin Unauthenticated Reflected XSS Vulnerability in 10Web Form Builder Team Form Maker Plugin Unauthenticated Stored XSS Vulnerability in 10Web Form Builder Team Form Maker Plugin Stored XSS Vulnerability in Kardi Order Auto Complete for WooCommerce Plugin <= 1.2.0 Stored Cross-Site Scripting (XSS) Vulnerability in Michael Koch Mendeley Plugin Plugin <= 1.3.2 SQL Injection Vulnerability in Advanced Page Visit Counter Plugin for WordPress Memory Leakage Vulnerability in SWSMI_Shadow DXE Driver Allows Unauthorized NVRAM Variable Modification Memory Leakage Vulnerability in 534D0140 DXE Driver Allows Unauthorized Writing to NVRAM Variables Memory Leakage Vulnerability in 534D0740 DXE Driver Allows Unauthorized NVRAM Variable Modification Memory Leakage Vulnerability in DustFilterAlertSmm SMM Driver Allows Unauthorized NVRAM Write Access NvmramSmm SMM Driver Memory Leakage Vulnerability Denial-of-Service Vulnerability in Gerbv Versions 2.4.0 - 2.10.0 Privilege Escalation Vulnerability in HyperCloud Data Loss Vulnerability in SoftIron HyperCloud Storage Nodes Vulnerability: Improper Initialization Process in SoftIron HyperCloud CVE-2023-4509 CSRF Vulnerability in OTWthemes Blog Manager Light Plugin CSRF Vulnerability in YAS Global Team Permalinks Customizer Plugin Open Redirect Vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin CSRF Vulnerability in Urvanov Syntax Highlighter Plugin CSRF Vulnerability in GoodBarber Plugin <= 1.0.22 CSRF Vulnerability in Mailrelay Plugin <= 2.1.1 CSRF Vulnerability in ZAKSTAN WhitePage Plugin <= 1.1.5 Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15: BT SDP Dissector Infinite Loop Unauthenticated SQL Injection in Online Examination System v1.0 Authenticated SQL Injection in Online Examination System v1.0 via Unfiltered 'ch' Parameter in /update.php?q=addqns Resource Authenticated SQL Injection in Online Examination System v1.0 via 'demail' Parameter in /update.php Resource Authenticated SQL Injection in Online Examination System v1.0 via 'eid' Parameter in /update.php?q=rmquiz Resource Authenticated SQL Injection in Online Examination System v1.0 via Unfiltered 'fdid' Parameter Authenticated SQL Injection in Online Examination System v1.0 via Unfiltered 'n' Parameter CBOR Dissector Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.6 Authenticated SQL Injection in Online Examination System v1.0 via 'qid' Parameter in /update.php?q=quiz&step=2 Resource Authenticated SQL Injection in Online Examination System v1.0 via 'desc' Parameter in /update.php?q=addquiz Resource Fiber Web Framework CSRF Vulnerability Persistent Denial of Service Vulnerability in Synapse Server ACLs Memory Leak Vulnerability in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15: Denial of Service via Packet Injection or Crafted Capture File Vulnerability: Slow and Excessive Storage Removal in Frontier's Ethereum Compatibility Layer Unauthenticated POST Request Vulnerability in Discourse's MessageBus Bypassing NAXSI Web Application Firewall (WAF) via `X-Forwarded-For` IP Matching in Versions 1.3 to 1.6 Arbitrary Code Execution in Babel-Traverse Plugin Cross-Site Scripting (XSS) Vulnerability in XWiki Platform Unvalidated Title Parameter Allows Code Execution in XWiki Platform Reflected Cross-Site Scripting (XSS) in XWiki Platform's Page Creation Form Cross-Site Scripting (XSS) Vulnerability in XWiki Platform Remote Code Execution via Script Injection in Change Request Application XML External Entity Injection (XXE) Vulnerability in fontTools Subsetting Module Stored Cross-Site Scripting Vulnerability in Mmm Simple File List WordPress Plugin Vulnerability: Group-based JIT MFA Bypass in The Bastion CSRF Vulnerability in Fiber Web Framework: Unauthorized Actions and Token Forgery Unbounded Cardinality Vulnerability in OpenTelemetry-Go Contrib Undici HTTP/1.1 Client Cookie Leakage Vulnerability Cross-Site Scripting (XSS) and XWiki Syntax Injection in com.xwiki.identity-oauth:identity-oauth-ui Race condition vulnerability in Redis Unix socket permissions adjustment Remote Code Execution Vulnerability in XXL-RPC Arbitrary Custom Fields Vulnerability in Discourse Rate Limit Reset Vulnerability in Nextcloud Server Bypassing Brute Force Protection in Nextcloud Talk Conversation Passwords Unvalidated Email Address Length in Nextcloud Calendar App Leads to Server Overload Plaintext Storage of OAuth2 Tokens in Nextcloud Server Blind SSRF Vulnerability in Engelsystem's Import Schedule Functionality OS Command Injection Vulnerability in web2py 2.24.1 and Earlier Arbitrary File Deletion Vulnerability in 1E Client Installer CWE-306: Missing Authentication in IGSS Update Service Allows for Remote Code Execution Vulnerability: Resource Script Substitution in 1E Client Arbitrary Code Execution via 1E-Exchange-URLResponseTime Instruction Blind SQL Injection Vulnerability in 1E Platform Arbitrary Code Execution Vulnerability in 1E-Exchange-CommandLinePing Instruction AIX SMB Client Denial of Service Vulnerability Privilege Escalation in IBM AIX 7.2, 7.3, and VIOS 3.1 via piodmgrsu Command Denial of Service Vulnerability in IBM AIX's 7.3 Python Implementation Arbitrary Command Execution Vulnerability in IBM AIX and VIOS Denial of Service Vulnerability in IBM AIX and VIOS Stored Cross-Site Scripting (XSS) Vulnerability in Hestia Control Panel (HestiaCP) prior to version 1.8.6 Privilege Escalation and Denial of Service Vulnerability in IBM AIX and VIOS Kernel Denial of Service Vulnerability in IBM AIX 7.2, 7.3, and VIOS 3.1 AIX Windows Denial of Service Vulnerability NFS Kernel Extension Denial of Service Vulnerability in IBM AIX and VIOS Privilege Escalation and Denial of Service Vulnerability in IBM AIX and VIOS TCP/IP Kernel Extension Denial of Service Vulnerability in IBM AIX 7.2, 7.3, and VIOS 3.1 Denial of Service Vulnerability in IBM App Connect Enterprise and IBM Integration Bus on Windows CVE-2023-45177 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI Denial of Service Vulnerability GOOSE Input Validation Vulnerability Leads to Device Reboot Vulnerability: Decoding of Encrypted Password Key in IBM i Access Client Solutions Improper Authority Checks in IBM i Access Client Solutions Remote Code Execution Vulnerability in IBM i Access Client Solutions CVE-2023-45186 Session Invalidation Vulnerability in IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 Access to Client Vault Credentials in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak HTTP Header Injection Vulnerability in IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 Inadequate Account Lockout Setting in IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 Denial of Service Vulnerability in IBM Db2 Federated Server (CVE-2020-4414) Default Credentials Vulnerability in MR-GM2 and MR-GM3 Firmware Vulnerability: Information Leakage in FTPD before NetBSD-ftpd 20230930 and tnftpd before 20231001 Buffer Overflow Vulnerability in Mbed TLS 3.2.x through 3.4.x: Remote Code Execution Vulnerability: Stored Cross-Site Scripting and Arbitrary Usermeta Update in FV Flowplayer Video Player Plugin for WordPress Multiple Open Redirect Vulnerabilities in Online Examination System v1.0 Multiple Open Redirect Vulnerabilities in Online Examination System v1.0 Multiple Open Redirect Vulnerabilities in Online Examination System v1.0 Type Confusion Vulnerability in Tecnomatix Plant Simulation Allows Code Execution (ZDI-CAN-21268) Insecure Permissions in SICAM PAS/PQS: Arbitrary Code Injection and Privilege Escalation Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability Stored XSS Vulnerability in Zimbra Collaboration (ZCS) Allows Execution of Malicious JavaScript via PDF Preview Command Injection and Denial of Service Vulnerabilities in D-Link DAP-X1860 Repeater CVE-2023-45209 Unauthenticated Remote Code Execution (RCE) via Web Shell in Import XML and RSS Feeds WordPress Plugin Improper Access Control Vulnerability in Pleasanter 1.3.47.0 and Earlier Remote Code Execution Vulnerability in Westermo Lynx Device Sensitive Information Exposure in BIG-IP TMOS Shell Command GitLab Directory Commit LF Character Vulnerability Insecure Transmission of Sensitive Information in Android Client Application Cross-Site Scripting (XSS) Vulnerability in autorefresh Parameter User Privacy Vulnerability in Mattermost Boards Stack-based Overflow Vulnerability in Zavio IP Cameras with Firmware Version M2.1.6.05 Hardcoded Credentials Vulnerability in BIG-IP SPK TMM Containers Cross-Site Scripting (XSS) Vulnerability in dns.0.server Parameter Improper Access Control Vulnerability in User Editing Functionality Out-of-Bounds Read Vulnerability in EDK2's Network Package Cross-Site Scripting (XSS) Vulnerability in Real Time Automation 460 Series Products Buffer Overflow Vulnerability in EDK2's Network Package via Long Server ID Option in DHCPv6 Client Out-of-Bounds Read Vulnerability in EDK2's Network Package Infinite Loop Vulnerability in EDK2's Network Package: Exploiting IPv6 Destination Options Header Parsing Infinite Loop Vulnerability in EDK2's Network Package when Parsing PadN Option in IPv6 Destination Options Header Buffer Overflow Vulnerability in EDK2's Network Package: Exploiting DNS Servers Option in DHCPv6 Advertise Message Buffer Overflow Vulnerability in EDK2's Network Package: Exploiting Server ID Option in DHCPv6 Proxy Advertise Message Predictable TCP Initial Sequence Number Vulnerability in EDK2's Network Package Predictable TCP Initial Sequence Number Vulnerability in EDK2's Network Package Remote Code Execution Vulnerability in tac_plus Vulnerability: Sensitive Information Disclosure in Acronis Agent (Linux, macOS, Windows) Acronis Agent Vulnerability: Sensitive Information Leak through Log Files Vulnerability: Sensitive Information Disclosure in Acronis Agent (Linux, macOS, Windows) Vulnerability: Sensitive Information Disclosure in Acronis Agent (Linux, macOS, Windows) Missing Authorization in Acronis Agent (Linux, macOS, Windows) before build 35895: Sensitive Information Disclosure and Manipulation Vulnerability Vulnerability: Sensitive Information Disclosure in Acronis Agent (Linux, macOS, Windows) Improper Authentication in Acronis Agent (Linux, macOS, Windows) before build 36343 leads to Sensitive Information Disclosure and Manipulation Missing Authorization in Acronis Agent (Linux, macOS, Windows) before build 36497: Sensitive Information Disclosure and Manipulation Vulnerability DLL Hijacking Vulnerability in Acronis Agent (Windows) before build 36497 HuddlyCameraService DLL Hijacking Vulnerability Privilege Escalation and File Manipulation Vulnerability in HuddlyCameraService CSRF Vulnerability in Zizou1988 IRivYou Plugin <= 2.2.1 CSRF Vulnerability in Hitsteps Web Analytics Plugin CSRF Vulnerability in David Cole Simple SEO Plugin Stack Disclosure Vulnerability in glibc's getaddrinfo Function CSRF Vulnerability in PINPOINT.WORLD Pinpoint Booking System Plugin CSRF Vulnerability in Matt McKenny Stout Google Calendar Plugin CSRF Vulnerability in SendPulse Free Web Push Plugin CSRF Vulnerability in Automated Editor Plugin <= 1.3 Directory Traversal Vulnerability in Yamcs 5.8.6 Storage Functionality Arbitrary File Deletion Vulnerability in Yamcs API Storage Functionality Cross-Site Scripting (XSS) Vulnerability in Yamcs 5.8.6 via Malicious JavaScript File Upload Unsafe Deserialization Vulnerability in JSCAPE MFT Server Allows Arbitrary Code Execution Arbitrary JavaScript Execution via HTML File Upload in Yamcs 5.8.6 Session Cookie Exposure Vulnerability in Yamcs 5.8.6 Prototype Pollution Vulnerability in NASA Open MCT (openmct) before 3.1.0 via Import Action Vulnerability: Inadequate Recognition of \??\ Paths in the filepath Package Vulnerability: Incorrect Detection of Reserved Device Names in IsLocal Function on Windows Insecure Protocol Fallback Vulnerability in go get HTTP Request Body Disclosure Vulnerability in go-resty Timing Side Channel Vulnerability in RSA-based TLS Key Exchanges CVE-2023-45288 CVE-2023-45289 CVE-2023-45290 Bypassing Captcha Verification by Exploiting Default Implementation SQL Injection Vulnerability in Turna Advertising Administration Panel Server-Side Template Injection in ThingsBoard before 3.5 via Email Template Modification SQL Injection Vulnerability in Mestav Software E-commerce Software Arbitrary Code Execution Vulnerability in fsevents Dependency Unauthenticated Remote Command Execution in mtproto_proxy Path Traversal Vulnerability in Mattermost Telemetry Run ID Validation Unvalidated HTTP Requests Vulnerability Heap-based Buffer Overflow in Weston Embedded uC-HTTP Server Allows Arbitrary Code Execution Unauthenticated Remote Denial of Service (DoS) Vulnerability in Helix Core Unauthorized Linking of CI/CD Jobs in GitLab Insecure Transmission of Sensitive Information in Android Client Application Use-after-free vulnerability in libxml2's xmlUnlinkNode in tree.c Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Cross-Site Scripting (XSS) Vulnerability in NeoMind Fusion Platform up to 20230731 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerabilities in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerability in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerabilities in Online Food Ordering System v1.0 Unauthenticated SQL Injection Vulnerabilities in Online Food Ordering System v1.0 Apache Airflow Expose Config Information Retrieval Vulnerability AShbr Information Disclosure Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager Out-of-Bounds Read Vulnerability in OpenSC MyEID Driver Allows Unauthorized Access to Sensitive Data Privilege Escalation Vulnerability in Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 (OSFOURK-24034) Authenticated Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager OpenScape Common Management Portal Path Traversal Vulnerability (OCMP-6592) OCMP-6591: Authenticated Remote Code Execution in Atos Unify OpenScape Common Management Portal Arbitrary Code Execution Vulnerability in Atos Unify OpenScape Common Management Portal (OCMP-6589) Command Injection Vulnerability in Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 Command Injection Vulnerability in Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 Sensitive Information Disclosure Vulnerability in Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) Stored Cross-Site Scripting (XSS) Vulnerability in Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) Arbitrary File Upload Vulnerability in My Account Page Editor WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in MediaWiki:Youhavenewmessagesfromusers Information Leak in DifferenceEngine.php Allows Username Suppression Bypass Denial of Service Vulnerability in MediaWiki's ApiPageSet.php Information Leakage Vulnerability in MediaWiki Arbitrary Row Storage Vulnerability in CheckUser Extension Exposure of Hidden Usernames in PageTriage Extension for MediaWiki Vulnerability: Unencrypted Communication in Comarch ERP XL Client Unauthenticated Access to SportsTeams Extension in MediaWiki Unrestricted Item Merge Vulnerability in Wikibase Extension Unfiltered Item Merging Vulnerability in Wikibase Extension Cross-Site Scripting (XSS) Vulnerability in ProofreadPage Extension CSRF Vulnerability in SportsTeams Extension for MediaWiki SQL Injection Vulnerability in PireosPayValidationModuleFrontController::postProcess() SQL Injection Vulnerability in Carousels Pack for PrestaShop SQL Injection Vulnerability in Chronopost Official Module for PrestaShop SQL Injection Vulnerability in PrestaBlog Module (prestablog) Version 4.4.7 and Earlier SQL Injection Vulnerability in PosThemes' Rotator Img Module for PrestaShop Insecure Storage of Database Access Credentials in Comarch ERP XL Unrestricted Personal Information Download Vulnerability in Silbersaiten PrestaShop Order Duplicator Module SQL Injection Vulnerability in Creative Popup Module for PrestaShop (WebshopWorks) Path Traversal Vulnerability in SoNice Retour Module for PrestaShop Path Traversal Vulnerability in SoNice Etiquetage Module for PrestaShop Unrestricted File Upload Vulnerability in KnowBand Supercheckout CVE-2023-45385 SQL Injection Vulnerability in extratabspro Module for PrestaShop SQL Injection Vulnerability in Product Catalog (CSV, Excel, XML) Export PRO Hard-coded Password Vulnerability in Comarch ERP XL Stored XSS Vulnerability in Create A New Employee Function of Granding UTime Master v9.0.7-Build:Apr 4,2023 IDOR vulnerability in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows unauthorized access to sensitive information via crafted cookie Stored Cross-Site Scripting (XSS) Vulnerability in Request a Quote Section of Small CRM v3.0 Allows Admin Account Takeover Exploiting an Insecure Direct Object Reference (IDOR) Vulnerability in Elenos ETG150 FM Transmitter v3.12 Allows Unauthorized Access to Event Profiles Excessive Allocation DoS Vulnerability in Daurnimator lua-http Library SQL Injection Vulnerability in Ween Software Admin Panel Critical Remote OS Command Injection Vulnerability in D-Link DAR-8000-10 (CVE-2023-0809) Critical SQL Injection Vulnerability in IBOS OA 4.5.5 (VDB-238048) Remote Code Execution Vulnerability in Beijing Baichuo Smart S85F Management Platform up to 20230809 Critical SQL Injection Vulnerability in IBOS OA 4.5.5 (VDB-238056) Improper Access Controls in Beijing Baichuo Smart S85F Management Platform up to 20230816 Buffer Overflow Vulnerability in Netis N3Mv2-V1.0.1.865 via hostName Parameter Buffer Overflow Vulnerability in Netis N3Mv2-V1.0.1.865: Exploiting servDomain Parameter for DoS Attacks Command Injection Vulnerability in Netis N3Mv2-V1.0.1.865 Dynamic DNS Settings Command Injection Vulnerability in Netis N3Mv2-V1.0.1.865 WPS Settings Command Injection Vulnerability in Netis N3Mv2-V1.0.1.865 Time Settings Buffer Overflow Vulnerability in Netis N3Mv2-V1.0.1.865: Exploiting pingWdogIp for Denial of Service (DoS) Cross-Site Scripting (XSS) Vulnerability in SPA-Cart eCommerce CMS 1.9.0.3 Stored Cross-Site Scripting (XSS) Vulnerability in QAD Search Server 1.0.0.315 Stack Overflow Vulnerability in Tenda AC10 Version US_AC10V4.0si_V16.03.10.13_cn Critical SQL Injection Vulnerability in SPA-Cart eCommerce CMS 1.9.0.3 Stack Overflow Vulnerability in Tenda AC10 Version US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 Firewall Configuration (US_AC10V4.0si_V16.03.10.13_cn) Stack Overflow Vulnerability in Tenda AC10 Version US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 Version US_AC10V4.0si_V16.03.10.13_cn Stack Overflow Vulnerability in Tenda AC10 Version US_AC10V4.0si_V16.03.10.13_cn Stored XSS Vulnerability in DoLogin Security WordPress Plugin Command Injection Vulnerability in VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* Hardcoded Credentials in VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* Arbitrary File Read Vulnerability in OpenText AppBuilder CVE-2023-45503 Command Injection Vulnerability in OpenText AppBuilder Scheduler Functionality Alloc-Dealloc-Mismatch Vulnerability in tsMuxer Version git-2539d07 tsMuxer Memory Leak Vulnerability: DoS Exploit via Crafted MP4 File File System Access Vulnerability in OpenText AppBuilder Unauthenticated Access to AppBuilder Configuration Files Vulnerability Improper Handling of URI Component in HAProxy before 2.8.2 XML External Entity Processing (XXE) Vulnerability in OpenText AppBuilder Arbitrary HTML Code Execution Vulnerability in Jorani Leave Management System 1.0.3 Cross Site Scripting (XSS) Vulnerability in mooSocial 3.1.8 via Crafted Script in Search Function Cross-Site Scripting (XSS) Vulnerability in SourceCodester Inventory Management System 1.0 CVE-2023-45552 Arbitrary Code Execution via File Upload Vulnerability in zzzCMS v.2.1.9 Arbitrary Code Execution via File Upload in zzzCMS v.2.1.9 Arbitrary Code Execution via Cross Site Scripting in Mybb Mybb Forums v.1.8.33 Channel Access Token Leakage Vulnerability in Golden v.13.6.1 Channel Access Token Leakage Vulnerability in Tamaki_hamanoki Line v.13.6.1 Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (VDB-238154) Channel Access Token Leakage Vulnerability in Yasukawa MembersCard v.13.6.1 Leakage of Channel Access Token in A-WORLD OIRASE BEER_waiting Line v.13.6.1 Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-238158) Buffer Overflow Vulnerability in D-Link Devices: Remote Code Execution via tgfile.htm Function Buffer Overflow vulnerability in D-Link devices DI-7003GV2.D1, DI-7100G+V2.D1, DI-7100GV2.D1, DI-7200G+V2.D1, DI-7200GV2.E1, DI-7300G+V2.D1, and DI-7400G+V2.D1 Buffer Overflow vulnerability in D-Link devices DI-7003GV2.D1, DI-7100G+V2.D1, DI-7100GV2.D1, DI-7200G+V2.D1, DI-7200GV2.E1, DI-7300G+V2.D1, and DI-7400G+V2.D1 Remote Code Execution Vulnerability in D-Link Devices DI-7003GV2.D1, DI-7100G+V2.D1, DI-7100GV2.D1, DI-7200G+V2.D1, DI-7200GV2.E1, DI-7300G+V2.D1, and DI-7400G+V2.D1 Buffer Overflow Vulnerability in D-Link Devices: Remote Code Execution via upnp_ctrl.asp Remote Code Execution Vulnerability in D-Link Devices DI-7003GV2.D1, DI-7100G+V2.D1, DI-7100GV2.D1, DI-7200G+V2.D1, DI-7200GV2.E1, DI-7300G+V2.D1, and DI-7400G+V2.D1 Remote Code Execution Vulnerability in D-Link Devices Buffer Overflow Vulnerability in D-Link Devices: Remote Code Execution via jingx.asp Critical SQL Injection Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-238159) Remote Code Execution Vulnerability in D-Link Devices DI-7003GV2.D1, DI-7100G+V2.D1, DI-7100GV2.D1, DI-7200G+V2.D1, DI-7200GV2.E1, DI-7300G+V2.D1, and DI-7400G+V2.D1 Improper Privilege Management Vulnerability in Fortinet FortiClientEMS Brute Force Attack Vulnerability in FortiMail Webmail Log File Vulnerability in FortiSIEM: Exposing Encrypted ElasticSearch Passwords [CWE-532] Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiSandbox Versions 3.1.0 - 4.4.1 Unrestricted File Upload Vulnerability in Bettershop LaikeTui CVE-2023-45590 CVE-2023-45591 CVE-2023-45592 CVE-2023-45593 CVE-2023-45594 CVE-2023-45595 CVE-2023-45596 CVE-2023-45597 CVE-2023-45598 CVE-2023-45599 GitHub Repository omeka/omeka-s Prior to 4.0.4: Improper Authorization of Index Containing Sensitive Information Vulnerability CVE-2023-45600 Stack Overflow Vulnerability in Parasolid and Tecnomatix Plant Simulation Applications (ZDI-CAN-21290) Unauthenticated Reflected XSS Vulnerability in Shopfiles Ltd Ebook Store Plugin Unrestricted File Upload Vulnerability in Jeff Starr User Submitted Posts Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Scott Reilly Get Custom Field Values Plugin <= 4.0.1 CSRF Vulnerability in Christopher Finke Feed Statistics Plugin CSRF Vulnerability in Lasso Simple URLs Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WordPress Popular Posts Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Nicola Modugno Smart Cookie Kit Plugin <= 2.3.1 Stored XSS vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More (Versions n/a - 2.1.0) Stored Cross-site Scripting (XSS) Vulnerability in Omeka-S GitHub Repository XXE Vulnerability in Default XML ContentNegotiation Configuration in JetBrains Ktor Unverified Server Certificates Vulnerability in JetBrains Ktor Aruba CLI Service Buffer Overflow Vulnerability Aruba CLI Service Buffer Overflow Vulnerability AirWave Client Service Buffer Overflow Vulnerability Allows Remote Code Execution Arbitrary File Deletion Vulnerabilities in Aruba's PAPI CLI Service Arbitrary File Deletion Vulnerabilities in AirWave Client Service via PAPI Arbitrary File Deletion Vulnerability in Aruba's RSSI Service via PAPI Mitsubishi Electric Corporation MELSEC-F Series Main Modules Improper Authentication Vulnerability Unauthenticated Denial-of-Service (DoS) Vulnerabilities in PAPI CLI Service Unauthenticated Denial-of-Service (DoS) Vulnerabilities in PAPI CLI Service Unauthenticated Denial-of-Service (DoS) Vulnerabilities in BLE Daemon Service via PAPI Protocol Unauthenticated Denial-of-Service (DoS) Vulnerabilities in Wi-Fi Uplink Service via PAPI Protocol Unauthenticated DoS Vulnerability in Soft AP Daemon via PAPI Protocol Authenticated Command Injection Vulnerabilities in Command Line Interface Authenticated Vulnerability: Persistent Arbitrary Code Execution with High Privileges Authenticated DoS Vulnerability in CLI Service Allows Interruption of Access Point Operation Stored Cross-Site Scripting (XSS) Vulnerability in QROkes QR Twitter Widget Plugin CSRF Vulnerability in wpdevart Gallery Plugin Unauthenticated Stored XSS Vulnerability in wpdevart Gallery Plugin Unauthenticated Reflected XSS Vulnerability in WebDorado SpiderVPlayer Plugin (<= 1.5.22) Unauthenticated Reflected XSS Vulnerability in Biztechc Copy or Move Comments Plugin <= 5.0.4 Unauthenticated Reflected XSS Vulnerability in EventPrime Plugin (<= 3.1.5) CSRF Vulnerability in euPago Eupago Gateway For Woocommerce Plugin <= 3.1.9 CSRF Vulnerability in Codex-m Sort SearchResult By Title Plugin Stored JavaScript Payload Vulnerability in Admin Panel Broadcast Message Parameter Stored Cross-Site Scripting (XSS) Vulnerability in TechnoWich WP ULike Plugin Caret Country Access Limit Plugin CSRF Vulnerability CSRF Vulnerability in Hassan Ali Snap Pixel Plugin CSRF Vulnerability in Anurag Deshmukh CPT Shortcode Generator Plugin Stored XSS Vulnerability in Anurag Deshmukh CPT Shortcode Generator Plugin <= 1.0 CSRF Vulnerability in InfoD74 WP Open Street Map Plugin Henryholtgeerts PDF Block Plugin <= 1.1.0 - Stored XSS Vulnerability CSRF Vulnerability in MailMunch Constant Contact Forms Plugin HTTP Trailer Header Parsing Vulnerability in Apache Tomcat Framework Module Broadcast Permission Control Vulnerability: Disabling Hotspot Feature CSRF Vulnerability in Fla-shop.Com HTML5 Maps Plugin CSRF Vulnerability in Marco Milesi WP Attachments Plugin CSRF Vulnerability in Galaxy Weblinks Video Playlist For YouTube Plugin CSRF Vulnerability in Pixelgrade Comments Ratings Plugin <= 1.1.7 CSRF Vulnerability in PixelGrade PixFields Plugin CSRF Vulnerability in Kevin Weber Lazy Load for Videos Plugin SQL Injection vulnerability in POSIMYTH Nexter Session Persistence Vulnerability in Engelsystem Inaccurate Trust Relationships in Distributed Scenarios: A Threat to Service Confidentiality Vulnerability: Denial of Service in Nextcloud Mail Proxy Endpoint Out-of-Bounds Read Vulnerability in stb_image's stbi__gif_load_next Function Out-of-bounds Read Vulnerability in stb_image Library Unchecked Return Value Vulnerability in stb_image's stbi__tga_load Function Double-free vulnerability in stb_image library when processing crafted image files Potential Memory Leak and Double-Free Vulnerability in stb_image Library Potential crash due to uninitialized variables in stb_image library Improper Signature Counter Handling in WebAuthn4J Spring Security CSRF Protection Bypass in Frigate Network Video Recorder Reflected Cross-Site Scripting Vulnerability in Frigate API Endpoints Unsafe Deserialization Vulnerability in Frigate Network Video Recorder (CVE-2021-XXXX) SQL Injection Vulnerability in Farmbot-Web-App Allows Arbitrary Data Extraction Out-of-bounds Write Vulnerability in stb_vorbis Library Integer Overflow Vulnerability in stb_vorbis Library Out of Bounds Write Vulnerability in stb_vorbis Library Buffer Overflow in stb_vorbis Library's start_decoder Function Memory Allocation Failure in stb_vorbis Library: Potential Code Execution Vulnerability Unauthenticated XMLRPC Command Execution Vulnerability in PaperCut NG Memory Allocation Failure in stb_vorbis Library: Denial of Service Vulnerability Heap Buffer Overflow in stb_vorbis Library Out of Bounds Read Vulnerability in stb_vorbis Library Unvalidated ACS Location URI in SAML Library Allows XSS in IdP Context SQL Injection Vulnerability in CFEngine Enterprise Mission Portal Login Page Path Traversal Vulnerability in South River Technologies' Titan MFT and Titan SFTP Servers Path Traversal Vulnerability in South River Technologies' Titan MFT and Titan SFTP Servers on Linux Session Fixation Vulnerability in South River Technologies' Titan MFT and Titan SFTP Servers Arbitrary File Size Disclosure Vulnerability in South River Technologies' Titan MFT and Titan SFTP Servers on Linux Path Traversal Vulnerability in South River Technologies' Titan MFT and Titan SFTP Servers Memory Leak Vulnerability in nft_set_catchall_flush in Linux Kernel Default File Permissions Vulnerability on South River Technologies' Titan MFT and Titan SFTP Servers on Linux Sensitive Data Storage Vulnerability in Sametime Legacy Web Chat Client Lack of Clickjacking Protection in Sametime Outlook Add-in Leaves Users Vulnerable Improper Access Restriction in NI MeasurementLink Python Services HTML Injection Vulnerability in HCL Launch: Risk of Sensitive Information Disclosure Sensitive Information Disclosure in HCL Launch through Detailed Error Messages Denial of Service Vulnerability in HCL UrbanCode Deploy Agent Installed in Non-Standard Location Denial of Service Vulnerability in HCL Launch CVE-2023-45705 CVE-2023-45706 ANSI Escape Code Injection Vulnerability in Splunk ITSI Log Files CVE-2023-45715 URL Parameter Leakage in Sametime Persistent Cookie Session Invalidation Vulnerability in Sametime Web Clients Use After Free Vulnerability in MediaStream in Google Chrome Path Traversal Arbitrary File Read Vulnerability in HCL DRYiCE MyXalytics Path Traversal Vulnerability in HCL DRYiCE MyXalytics Allows Unauthorized File Upload Unauthenticated File Upload Vulnerability in HCL DRYiCE MyXalytics Potential Information Disclosure Vulnerability in Design Document Functions XML External Entity (XXE) Vulnerability in Proself Software Use-after-free vulnerability in IPC rendering data handling in Firefox and Thunderbird OpenHarmony v3.2.4 and Prior: Adjacent Attackers Exploit Out-of-Bounds Write for Arbitrary Code Execution Remote Code Execution Vulnerability in Westermo Lynx Device Stored Cross-Site Scripting Vulnerability in GROWI Versions Prior to v3.5.0 Use-after-free vulnerability in Color Picker window callback creation and destruction in Firefox and Thunderbird Stored Cross-Site Scripting Vulnerability in GROWI Versions Prior to v4.1.3 Arbitrary OS Command Execution Vulnerability in VR-S1000 Firmware Ver. 2.37 and Earlier CVE-2023-45744 Arbitrary script injection vulnerability in Movable Type series Stored Cross-Site Scripting (XSS) Vulnerability in Syed Balkhi WP Lightbox 2 Plugin <= 3.0.6.5 CSRF Vulnerability in MailMunch MailChimp Forms Plugin CSRF Vulnerability in AGP Font Awesome Collection Plugin Use-after-free vulnerability in File Picker window callback creation and destruction in Firefox and Thunderbird POSIMYTH Nexter Extension Plugin XSS Vulnerability Code Injection Vulnerability in POSIMYTH Nexter Extension CSRF Vulnerability in 10 Quality Post Gallery Plugin <= 2.3.12 CSRF Vulnerability in Gilles Dumas Template File Plugin <= 4.6.0 Stored XSS Vulnerability in Easy Testimonial Slider and Form Plugin Stored Cross-Site Scripting (XSS) Vulnerability in BuddyBoss BuddyPress Global Search Plugin <= 1.2.1 Unauthenticated Reflected XSS Vulnerability in Spider Teams ApplyOnline Plugin (<= 2.5.2) XSS Injection Vulnerability in Apache bRPC <=1.6.0 on All Platforms Stored Cross-Site Scripting (XSS) Vulnerability in Marco Milesi Amministrazione Trasparente Plugin <= 8.0.2 Unauthenticated Reflected XSS Vulnerability in Peter Keung Peter’s Custom Anti-Spam Plugin <= 3.2.2 Windows Integer Overflow Vulnerability in RecordedSourceSurfaceCreation Unauthenticated Reflected XSS Vulnerability in Joovii Sendle Shipping Plugin <= 5.13 Open Redirect Vulnerability in Responsive Column Widgets CSRF Vulnerability in Taggbox Plugin <= 2.9 Versions Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Scroll Post Excerpt Plugin <= 8.0 Stored XSS Vulnerability in Wokamoto Simple Tweet Plugin <= 1.4.0.2 Stored Cross-Site Scripting (XSS) Vulnerability in Stephanie Leary Next Page Plugin <= 1.5.2 Unauthenticated Reflected XSS Vulnerability in Alex Raven WP Report Post Plugin (<= 2.1.2) Heap Garbage Collection Vulnerability in UpdateRegExpStatics Function Fastwpspeed Fast WP Speed Plugin <= 1.0.0 - Unauthenticated Reflected XSS Vulnerability CVE-2023-45771 Unauthenticated Reflected XSS Vulnerability in Scribit Proofreading Plugin <= 1.0.11 Out of Bounds Write Vulnerability in btm_ble_gap.cc Functions Confused Deputy Vulnerability in fixUpIncomingShortcutInfo of ShortcutService.java Allows Unauthorized Image Viewing Out of Bounds Write Vulnerability in CreateAudioBroadcast of broadcaster.cc Out of Bounds Write Vulnerability in CreateAudioBroadcast of broadcaster.cc Parcel Mismatch Vulnerability in checkKeyIntentParceledCorrectly of AccountManagerService.java Allows Arbitrary Activity Launch Improper Crypto Usage in APEX Module Framework of AOSP Allows Local Privilege Escalation Out-of-Memory Exception Mishandling in JS::CheckRegExpSyntax Logic Error in Print Service Allows Local Privilege Escalation Out of Bounds Read Vulnerability in parse_gap_data of utils.cc URL Spoofing Vulnerability in Firefox < 117 CVE-2023-45793 Privilege Escalation and Unauthorized Access Vulnerability in Mendix Applications Remote Code Execution Vulnerability in DreamSecurity MagicLine4NX Versions 1.0.0.1 to 1.0.0.26 Arbitrary Third-Party Module Loading Vulnerability in Yettiesoft VestCert Versions 2.36 to 2.5.29 Insufficient Permission Validation in MLSoft TCO!stream Versions 8.0.22.1115 and Below Allows Arbitrary File Execution Unencrypted Storage of Private Browsing Push Notifications in Firefox and Thunderbird SQL Injection Vulnerability in Hanbiro Groupware Allows Information Elicitation Authentication Bypass Vulnerability in Nadatel DVR HTTP/2 Stream Reset Memory Leak Vulnerability Vulnerability: HTTP Redirects in urllib3 Do Not Remove Request Body Crafting Malicious `pdm.lock` File Allows for Dependency Manipulation and Arbitrary Code Execution User Full Name Quotation Bug OpenSearch Dashboards Tenant Permissions Vulnerability CVE-2023-45808 Information Disclosure Vulnerability in Wagtail Admin View Unprotected Download of Excel `.xll` Add-in Files in Firefox Denial of Service Vulnerability in OpenFGA Synchrony Deobfuscator v2.4.4 __proto__ Pollution Vulnerability Denial-of-Service (DoS) Vulnerability in Apollo Router Exponential Complexity Denial of Service in Torbot's URL Validation Use-after-free vulnerability in Bunkum's AuthenticationService Vulnerability: Cross-Site Scripting (XSS) in ArchiveBox Access Control Vulnerability in Discourse Bookmark Reminder and Unread Notification System TinyMCE Mutation Cross-Site Scripting (mXSS) Vulnerability in Undo/Redo Functionality Cross-Site Scripting (XSS) Vulnerability in TinyMCE's Notification Manager API Buffer Overflow Vulnerability in Angle for GLSL Shaders on macOS WebSocket Crash Vulnerability in Directus Insecure Registry Domain Check in Artifact Hub Allows Credential Hijacking Default Unsafe Rego Built-in Allows Unauthorized HTTP Requests in Artifact Hub Arbitrary File Read Vulnerability in Artifact Hub CVE-2023-45824 Information Leakage in ydb-go-sdk v3.48.6 to v3.53.2 SQL Injection Vulnerability in Leantime Project Management System Prototype Pollution vulnerability in setByPath function of Dot Diver library (versions prior to 1.0.2) allows for remote code execution (RCE) Stored Cross-Site Scripting (XSS) Vulnerability in HappyBox Newsletter & Bulk Email Sender Plugin for WordPress Improper Handling of Browsing Context Discard in HttpBaseChannel SQL Injection Vulnerability in Online ADA Accessibility Suite by Online ADA CSRF Vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Martin Gibson WP GoToWebinar Plugin <= 14.45 Versions Stored XSS Vulnerability in LeadSquared Suite Plugin <= 0.7.4 Sensitive Information Exposure vulnerability in Libsyn Publisher Hub Unauthenticated Reflected XSS Vulnerability in Libsyn Libsyn Publisher Hub Plugin <= 1.4.4 CSRF Vulnerability in XYDAC Ultimate Taxonomy Manager Plugin <= 2.0 Unauthenticated Reflected XSS Vulnerability in XYDAC Ultimate Taxonomy Manager Plugin <= 2.0 Data Integrity Vulnerabilities in Buildroot's Package Hash Checking Functionality: Arbitrary Command Execution via Man-in-the-Middle Attack (Related to `aufs` Package) Arbitrary Command Execution Vulnerability in Buildroot's Package Hash Checking Functionality Memory Corruption Vulnerabilities in Firefox and Thunderbird Versions < 117 Arbitrary Command Execution Vulnerability in Buildroot's Package Hash Checking Functionality Arbitrary Command Execution Vulnerability in Buildroot's `versal-firmware` Package Arbitrary Command Execution Vulnerability in Buildroot's mxsldr Package Kiosk Mode Vulnerability Enables Unauthorized Installation and Device Control Title: Length Validation Failure in Mattermost Playbooks Allows for Plugin Crash Privilege Escalation Vulnerability in Helix Core Versions Prior to 2023.2 Memory Corruption Vulnerability in Firefox, Firefox ESR, and Thunderbird versions prior to 117, 115.2 Insecure MQTT Broker Connection Vulnerability in Android Client Application Vitogate 300 2.1.3.0 - Unauthenticated Command Execution via CGI Vulnerability Integer Overflow and Heap-Based Buffer Overflow in MiniZip Directory Traversal Vulnerability in qdPM 9.2 Allows Unauthorized File and Directory Listing Remote Code Execution via Add Attachments Feature in qdPM 9.2 XSRF-TOKEN Leakage Vulnerability in Axios 1.5.1 CVE-2023-45859 Hot Rod Client TLS Hostname Validation Vulnerability Inadequate Permission Checking in Hazelcast Platform CSV File Source Connector Buffer Overflow Vulnerability in ENE UB6250 Reader Driver Race Condition Vulnerability in Linux Kernel's lib/kobject.c Race Condition Vulnerability in Samsung Exynos Processors: Unintended Value Modifications Unauthenticated Peripheral Role HID Device Injection Vulnerability in BlueZ Medium-Criticality Directory Traversal Local File Inclusion Vulnerability in ILIAS ScormAicc Module Directory Traversal Vulnerability in ILIAS 7.25 Learning Module Arbitrary Remote Command Execution via XSS in ILIAS 7.25 ZKTeco ZEM800 Version 6.60 IDOR Vulnerability: Unauthorized Access to User Backup and Configuration Files Buffer Size Inadequacy in IGB Driver for Large Frames in Linux Kernel CVE-2023-45873 CVE-2023-45874 Private Key Leak in Couchbase Server 7.2.0 during Node Addition Arbitrary File Write and Remote Code Execution in GibbonEdu Gibbon HTML Injection Vulnerability in GibbonEdu Gibbon Version 25.0.0 via Messager Component File Accessibility Vulnerability in Delinea Secret Server: Exposing Database Credentials through Backup File Creation Directory Traversal Vulnerability in GibbonEdu Gibbon (Version 25.0.0) Allows Arbitrary File Creation File Upload XSS Vulnerability in GibbonEdu Gibbon (<= 25.0.0) Privilege Escalation Vulnerability in Qumu Multicast Extension v2 for Windows CSRF Vulnerability in NASA Open MCT Allows Unauthorized Access to Sensitive Information Arbitrary Code Execution via Cross Site Scripting (XSS) in NASA Open MCT Denial of Service Vulnerability in IP Infusion ZebOS BGP Daemon Arbitrary Code Execution Vulnerability in DS Wireless Communication (DWC) Universal Cross Site Scripting (UXSS) Vulnerability in ClassLink OneClick Extension through 10.8 Allows Remote JavaScript Injection Lack of Integrity Verification in Delinea Secret Server v10.9.000002 Update Process Unauthenticated Remote Access Vulnerability in Floorsight Insights Q3 2023 IDOR Vulnerability in Floorsight Customer Portal Q3 2023 Allows Unauthorized Access to Sensitive Customer Information Remote Code Execution Vulnerability in Parallels RAS Out-of-Bounds Memory Access in exfatprogs before 1.2.2 Use-after-free vulnerability in Linux kernel before 6.5.4 in fs/ext4/extents_status.c Authentication Bypass Vulnerability in SuperUserSetuserModuleFrontController:init() Component Frhed Hex Editor 1.6.0 SEH Buffer Overflow Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Open Redirect Vulnerability in zzzCMS v2.2.0 Critical Local File Inclusion Vulnerability in WPN-XM Serverstack 0.8.6 Authentication Bypass Vulnerability in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 Unauthenticated File Read and Directory Listing Vulnerability in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 CVE-2023-45913 NULL Pointer Dereference in tgetstr in ncurses 6.4-20230610 CVE-2023-45919 WPN-XM Serverstack 0.8.6 - Cross-Site Scripting (XSS) Vulnerability CVE-2023-45920 CVE-2023-45922 CVE-2023-45924 CVE-2023-45925 CVE-2023-45927 CVE-2023-45929 Path Traversal Vulnerability in 'dodoc' Parameter of /MailAdmin_dll.htm File CVE-2023-45931 CVE-2023-45935 MailAdmin_dll.htm Stored XSS Vulnerability URL Parameter Information Exposure Vulnerability SQL Injection Vulnerability in lylme_spage v1.7.0 via $userip Parameter in function.php Arbitrary File Upload Vulnerability in lylme_spage v1.7.0's ajax_link.php Component Denial of Service Vulnerability in Nanoleaf Light Strip v3.5.10 Denial of Service Vulnerability in Govee LED Strip v3.00.42 Stored XSS Vulnerability in thirty bees before 1.5.0: admin/AdminRequestSqlController.php Reflected XSS Vulnerability in Thirty Bees Core v1.4.0 via backup_pagination Parameter Arbitrary File Upload Vulnerability in Forminator Plugin for WordPress Blind Server-Side Request Forgery (SSRF) Vulnerability in Umputun Remark42 v1.12.1 and Earlier Stored Cross-Site Scripting Vulnerability in Slimstat Analytics Plugin for WordPress SQL Injection Vulnerability in Slimstat Analytics Plugin for WordPress Stack Overflow Vulnerability in TOTOLINK X5000R and A7000R Routers via lang Parameter Stack Overflow Vulnerability in TOTOLINK X5000R and A7000R Routers: Denial of Service via Crafted POST Request Stored Cross-Site Scripting Vulnerability in Slimstat Analytics Plugin for WordPress Privilege Escalation Vulnerability in WenwenaiCMS v.1.0 Persistent XSS and CSRF Vulnerability in RUCKUS Cloudpath Admin Management Interface SQL Injection Vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1: Remote Code Execution and Information Disclosure Kodbox 1.44 Vulnerability: Cross Site Scripting (XSS) via Customized Global HTML Storage Unauthenticated Activation of Arbitrary Plugins in AffiliateWP for WordPress Buffer Overflow Vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master: Denial of Service via gf_isom_get_user_data Cross Site Scripting (XSS) Vulnerability in I-doit pro 25 and Below via index.php Arbitrary File Upload Vulnerability in Sourcecodester Best Courier Management System 1.0 SQL Injection Vulnerability in Sourcecodester Best Courier Management System 1.0 via id Parameter in /edit_branch.php SQL Injection Vulnerability in Sourcecodester Best Courier Management System 1.0 via id Parameter in /edit_user.php SQL Injection Vulnerability in Sourcecodester Best Courier Management System 1.0 via id Parameter in /edit_staff.php Floating Point Exception (FPE) Vulnerability in gifsicle-1.94 via resize_stream at src/xform.c Stack-Based Buffer Overflow Vulnerability in NI System Configuration Arbitrary Command Execution Vulnerability in SeaCMS v.12.9 CVE-2023-46012 HospitalLogin.php SQL Injection Vulnerability in Code-Projects Blood Bank 1.0 Arbitrary Code Execution via Cross Site Scripting (XSS) in Code-Projects Blood Bank 1.0 Arbitrary Code Execution via Cross Site Scripting (XSS) in Code-Projects Blood Bank 1.0 SQL Injection Vulnerability in Code-Projects Blood Bank 1.0: Arbitrary SQL Command Execution in receiverLogin.php Arbitrary SQL Command Execution Vulnerability in Code-Projects Blood Bank 1.0 Cross Site Scripting (XSS) Vulnerability in Code-Projects Blood Bank 1.0 abs.php Reflected Cross-Site Scripting Vulnerability in Namaste! LMS Plugin for WordPress (Versions up to 2.6.1.1) Arbitrary Code Execution via Cross Site Scripting (XSS) in Code-Projects Blood Bank 1.0 Arbitrary Command Execution via 'reqid' Parameter in Code-Projects Blood Bank 1.0 SQL Injection Vulnerability in delete.php in Code-Projects Blood Bank 1.0 SQL Injection Vulnerability in addTask.php in Simple Task List 1.0: Exploiting 'status' Parameter for Sensitive Data Retrieval Arbitrary SQL Command Execution in phpgurukul Teacher Subject Allocation Management System 1.0 SQL Injection Vulnerability in Teacher-Info.php in PHPGurukul Teacher Subject Allocation Management System 1.0 Arbitrary Code Execution via Cross Site Scripting (XSS) in phpgurukul Teacher Subject Allocation Management System 1.0 Reflected Cross-Site Scripting Vulnerability in Star CloudPRNT for WooCommerce Plugin Vulnerability: Unauthorized Access to Root Terminal via UART/Serial Interface in D-Link DSL-2750U and DSL-2730U Routers Arbitrary Code Execution via Cross Site Scripting in GetSimpleCMS v.3.4.0a Arbitrary Code Execution Vulnerability in GetSimpleCMS v.3.4.0a via phpinfo() Out-of-Bounds Read Vulnerability in Graphviz 2.36 CVE-2023-46046 CVE-2023-46047 CVE-2023-46048 CVE-2023-46049 CVE-2023-4605 CVE-2023-46051 CVE-2023-46052 Privilege Escalation via Cross Site Scripting (XSS) in WBCE CMS v.1.6.1 and Earlier Remote Code Execution and Privilege Escalation Vulnerability in ThingNario Photon v.1.0 Geeklog-Core geeklog v.2.2.2 Cross Site Scripting (XSS) Vulnerability in admin/group.php Geeklog-Core geeklog v.2.2.2 Cross Site Scripting (XSS) Vulnerability in admin/trackback.php Authenticated XCC User Password Change Vulnerability CVE-2023-46060 Stored Cross-Site Scripting (XSS) Vulnerability in Codedrafty Mediabay – Media Library Folders Plugin <= 1.6 Versions CSRF Vulnerability in Qwerty23 Rocket Font Plugin <= 1.2.3 Stored XSS Vulnerability in XQueue GmbH Maileon for WordPress Plugin <= 2.16.0 Stored Cross-Site Scripting (XSS) Vulnerability in Osmansorkar Ajax Archive Calendar Plugin <= 2.6.7 Authenticated XCC User Privilege Escalation Vulnerability Emmanuel GEORJON EG-Attachments Plugin <= 2.1.3 Unauthenticated Reflected XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in ClickDatos Protección de Datos RGPD Plugin <= 3.1.0 Unauthenticated Reflected XSS Vulnerability in Michael Simpson Add Shortcodes Actions And Filters Plugin <= 2.0.9 Unauthenticated Reflected XSS Vulnerability in Borbis Media FreshMail For WordPress Plugin <= 2.3.2 Unauthenticated Reflected XSS Vulnerability in wpdevart Contact Form Builder, Contact Widget Plugin (<= 2.1.6) Unauthenticated Reflected XSS Vulnerability in RedNao WooCommerce PDF Invoice Builder Plugin Unauthenticated Reflected XSS Vulnerability in Arrow Plugins The Awesome Feed – Custom Feed Plugin <= 2.2.5 CSRF Vulnerability in PluginEver WC Serial Numbers Plugin <= 1.6.3 Blind SQL Injection Vulnerability in ThinkSystem v2 and v3 Servers with XCC Unauthenticated Stored XSS Vulnerability in Lavacode Lava Directory Manager Plugin (<= 1.1.34) SQL Injection Vulnerability in bPlugins LLC Icons Font Loader CSRF Vulnerability in Wpmet Wp Ultimate Review Plugin <= 2.2.4 Reflected XSS Vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin CSRF Vulnerability in Mahlamusa Who Hit The Page – Hit Counter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Mammothology WP Full Stripe Free Plugin <= 1.6.1 CSRF Vulnerability in Lee Le @ Userback Userback Plugin Unauthenticated Reflected XSS Vulnerability in WebDorado WDSocialWidgets Plugin (<= 1.0.15) Stored XSS Vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags Plugin <= 2.5 Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS Stored XSS Vulnerability in LionScripts.Com Webmaster Tools Plugin <= 2.0 Unauthenticated Reflected XSS Vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce Plugin (<= 6.5.3) CSRF Vulnerability in Chetan Gole Smooth Scroll Links [SSL] Plugin <= 1.1.0 Unauthenticated Adjacent Attack in SIMATIC PCS neo PUD Manager SQL Injection Vulnerability in SIMATIC PCS neo (All versions < V4.1) CORS Policy Bypass Vulnerability in SIMATIC PCS neo (All versions < V4.1) Stored Cross-Site Scripting Vulnerability in SIMATIC PCS neo Administration Console Uninitialized Resource Vulnerability in OpenHarmony v3.2.2 and Prior Versions Vulnerability: Arbitrary Command Execution via Malicious MQTT Messages Uncontrolled Resource Consumption via Malicious ZIP Upload in Apache Superset Race Condition in Linux Kernel's Memory Management Subsystem Allows for System Crash and Kernel Information Leak Misconfiguration in Tauri/Vite Integration Leads to Private Key Leakage Unsanitized URL Schemes in Tutanota Email Client Allow Code Execution Inadequate Validation of Retrieved Subdomains in reconFTW Leads to Remote Code Execution (RCE) Vulnerability RabbitMQ HTTP API Denial of Service Vulnerability File Upload Crash Vulnerability in Parse Server Improper Authentication Vulnerability in Apereo CAS Allows Multi-Factor Authentication Bypass RabbitMQ Java Client Library Denial of Service Vulnerability Vulnerability: Arbitrary Proxy Setting in yt-dlp's Generic Extractor Arbitrary File Write Vulnerability in sbt's IO.unzip Bypassing Password Brute-Force Protections in JumpServer Core API Arbitrary Request and Data Exfiltration Vulnerability in Fides Web Application Information Disclosure Vulnerability in Fides Webserver API JavaScript Execution Vulnerability in Fides Web Application HTML Injection Vulnerability in Frappe Exposure of Hashed User Passwords in Nautobot 2.0.x REST API Vulnerability: Encryption Key Mishandling in nkeys Library Arbitrary Code Execution in LG LED Assistant via Unvalidated User-Supplied Path Unrestricted SVG Height Attribute Vulnerability in Discourse Theme Components Grails Data Binding Vulnerability: JVM Crash and Denial of Service Vulnerability: Cross-Linking Attack in Hyperledger Fabric CryptoES PBKDF2 Vulnerability: Weak Default Settings Compromise Security Remote Code Execution Vulnerability in D-Tale Prior to Version 3.7.0 Panic Vulnerability in rs-stellar-strkey Library (Fixed in v0.0.8) Denial of Service Vulnerability in Werkzeug Library Asynchronous Response Manipulation in Twisted Web Vulnerability: Potential Password Reset Exploitation in JumpServer Vulnerability: Signature Verification Logic Error in KernelSU Arbitrary Code Execution Vulnerability in LG LED Assistant Critical Resource Access Vulnerability in PHOENIX CONTACT Classic Line Products Critical Vulnerability in PLCnext Products: Unauthorized Access Exploit Unauthenticated Remote Code Modification Vulnerability in PHOENIX CONTACT Classic Line PLCs Code Integrity Compromise Vulnerability in PLCnext Products Deserialization of Untrusted Data Vulnerability in Themify Ultra Unrestricted File Upload Vulnerability in Themify Ultra Unauthenticated Remote Information Disclosure in LG LED Assistant CSRF Vulnerability in WP Military WP Radio Plugin CSRF Vulnerability in AWESOME TOGI Product Category Tree Plugin CSRF Vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional Plugin <= 1.0.7.1 Unauthenticated Stored XSS Vulnerability in UserFeedback Team User Feedback Plugin Deserialization of Untrusted Data Vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress Denial of Service Vulnerability in Port 102/tcp OS Command Injection in File-Manager of MGT CloudPanel 2.0.0 - 2.3.2 Improper Resource Expiration Handling in IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 Denial of Service Vulnerability in IBM Storage Ceph Unauthenticated Remote Information Disclosure in LG LED Assistant Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows 11.5 Federated Server CVE-2023-46169 CVE-2023-46170 CVE-2023-46171 CVE-2023-46172 Cross-Site Scripting Vulnerability in IBM InfoSphere Information Server 11.7 Elevated Privilege Vulnerability in IBM MQ Appliance 9.3 CD Directory Traversal Vulnerability in IBM MQ Appliance 9.3 LTS and 9.3 CD CVE-2023-46179 CVE-2023-46181 CVE-2023-46182 IBM PowerVM Hypervisor Vulnerability: Unauthorized Access to Sensitive Partition Information Improper Access Controls in IBM Jazz for Service Management 1.1.3.20 Allow Unauthorized File Information Retrieval CSRF Vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 CSRF Vulnerability in Novo-media Novo-Map Plugin CSRF Vulnerability in Open Graph Metabox Plugin <= 1.4.4 Stored XSS Vulnerability in Internet Marketing Ninjas Internal Link Building Plugin CSRF Vulnerability in Internet Marketing Ninjas Internal Link Building Plugin Unauthenticated Reflected XSS Vulnerability in Eric Teubert Archivist – Custom Archive Templates Plugin (<= 1.7.5) CSRF Vulnerability in Scientech It Solution Appointment Calendar Plugin Triberr Plugin <= 4.1.1: Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting Vulnerability in Booking Calendar WordPress Plugin Stored XSS Vulnerability in Smart App Banner Plugin CSRF Vulnerability in Auto Login New User After Registration Plugin Allows Stored XSS CSRF Vulnerability in Jeff Sherk Auto Login New User After Registration Plugin CSRF Vulnerability in Muller Digital Inc. Duplicate Theme Plugin Server-Side Request Forgery (SSRF) Vulnerability in Motors – Car Dealer, Classifieds & Listing Plugin Unauthenticated Reflected XSS Vulnerability in StylemixThemes Motors Plugin Unauthenticated Reflected XSS Vulnerability in G5Theme Grid Plus Plugin (<= 1.3.2) Stored XSS Vulnerability in WebCource WC Captcha Plugin <= 1.4 Stored Cross-Site Scripting (XSS) Vulnerability in Ultimate Addons for WPBakery Page Builder Plugin CSRF Vulnerability in TienCOP WP EXtra Allows Unauthorized Access to Functionality Code Execution Vulnerability in Splunk Enterprise Versions Below 9.0.7 and 9.1.2 Unsanitized XSLT Input Allows Remote Code Execution in Splunk Enterprise Sensitive Information Exposure in Apache Airflow Celery Provider Log Files Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server Vulnerability: Cross-Origin Cookie Leakage in curl HSTS Data Loss Vulnerability Use-After-Free Vulnerability in Linux Kernel's af_unix Component Allows Local Privilege Escalation Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server Title: Critical Remote Code Execution Vulnerability in Apache IoTDB (CVE-2021-XXXX) Apache InLong Deserialization Vulnerability Multiple Integer Overflows in zchunk Before 1.3.2 SSRF Vulnerability in LangChain before 0.0.317: External-to-Internal Server Crawling Use-After-Free Vulnerability in Linux Kernel's sch_hfsc Component Sensitive Information Exposure in Splunk Add-on Builder versions below 4.1.4 Sensitive User Session Token Logging Vulnerability in Splunk Add-on Builder Vulnerability: Initialization Bug in era-compiler-vyper Weak PBKDF2 Implementation in crypto-js Prior to Version 4.2.0 DSA Signature Forgery Vulnerability in browserify-sign Cross-Site Scripting (XSS) Vulnerability in FOG Server Logs Server-Side Request Forgery (SSRF) Vulnerability in FOG Cloning/Imaging/Rescue Suite Unauthenticated File Enumeration in FOG Prior to Version 1.5.10 Unauthenticated Account Takeover via SVG Injection in ZITADEL Remote Node Can Trigger Nil Pointer Dereference in quic-go (Versions 0.37.0 - 0.37.2) SSRF Vulnerability in GitHub Repository Bookstackapp/Bookstack prior to v23.08 CodeIgniter4 Prior to Version 4.4.3 Detailed Error Report Disclosure Vulnerability Vulnerability in `discourse-microsoft-auth` Plugin Allows Account Takeover Arbitrary Code Execution via Crafted URL in XWiki Platform Arbitrary Code Execution Vulnerability in XWiki Platform XWiki Platform Velocity Script Execution Vulnerability Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Kimai Heap-use-after-free vulnerability in Vim Vulnerability: Rounding Error in Storage Slot Allocation in Vyper Contracts Remote Code Execution in Cody AI VSCode Extension Unauthenticated Password Reset Vulnerability in authentik Identity Provider Excessive Authentication Attempts Vulnerability in Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Modules Web Server Infinite Loop Vulnerability in pypdf Library (Versions 3.7.0 - 3.16.4) DOM-based XSS vulnerability in MyBB's visual editor (_SCEditor_) Cross-Site Scripting (XSS) Vulnerability in Squidex Editor Arbitrary File Write Vulnerability in Squidex CMS Backup Restore Feature Allows Remote Code Execution Exfiltration vulnerability in capsule-proxy allows listing of other tenant namespaces Sensitive Password Logging Vulnerability in SpiceDB Heap Buffer Overflow Vulnerability in PX4-Autopilot Parser Function (Versions 1.14.0-rc1 and Prior) Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server CVE-2023-4626 Memory Corruption Vulnerability in Mobile Device Server Memory Corruption Vulnerability in Mobile Device Server Server-Side Request Forgery (SSRF) Vulnerability in Ivanti Avalanche Remote Control Server Unrestricted File Upload Vulnerability in Avalanche Versions 6.4.1 and Below Unrestricted File Upload Vulnerability in Avalanche Versions 6.4.1 and Below Smart Device Server XXE Vulnerability: Data Leakage and SSRF Exploitation Vulnerability: Sensitive Data Leakage and Resource-Based DoS Attack via Crafted Requests CVE-2023-4627 CVE-2023-46270 Privilege Escalation Vulnerability in please (aka pleaser) through 0.5.4 via TIOCSTI and TIOCLINUX ioctl Uncontrolled Resource Consumption Vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 Apache Dubbo 3.1.5 Deserialization of Untrusted Data Vulnerability CVE-2023-4628 Overly Permissive CORS Policy Vulnerability in Siemens Industrial Software Reflected Cross-Site Scripting (XSS) Vulnerability in Siemens Industrial Software Out of Bounds Write Vulnerability in Siemens Industrial Software Out-of-Bounds Write Vulnerability in Siemens Industrial Software Denial-of-Service Vulnerability in Siemens Industrial Software Cross-Site Scripting (XSS) Vulnerability in NagVis before 1.9.38 via select function in html.php Exposure of Sensitive Configuration Information via Airflow REST API vulnerability in Apache Airflow FactoryTalk View Site Edition Denial-of-Service Vulnerability CVE-2023-4629 Unauthenticated Threat Actor Exploits FactoryTalk® Services Platform Web Service to Obtain Local Windows OS User Token CVE-2023-46294 CVE-2023-46295 Denial of Service Vulnerability in Next.js before 13.4.20-canary.13 Information Leakage Vulnerability in GitLab Remote Code Execution Vulnerability in iTerm2 (Versions before 3.4.20) Remote Code Execution Vulnerability in iTerm2 (Versions before 3.4.20) Apache Submarine YAML Deserialization Vulnerability (CVE-2022-1471) Arbitrary File Inclusion in calibre's html_input.py Plugin CVE-2023-46304 Command Injection in NetModule Router Software (NRSW) 4.6 and 4.8 Directory Traversal Vulnerability in etcd-browser 87ae63d75260 Prototype Pollution in Plotly.js Plot API Calls IP Spoofing Vulnerability in DoLogin Security WordPress Plugin User-Controlled Key Authorization Bypass in gVectors Team Comments – wpDiscuz Zaytech Smart Online Order for Clover Plugin XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in Katie Seaborn Zotpress Plugin (<= 7.3.4) Infinite Image Browsing Vulnerability in Stable Diffusion Web UI Command Line Parsing Vulnerability in buc Traceroute 2.0.12 through 2.1.2 before 2.1.3 TCP Reconnection Vulnerability in Knot Resolver before 5.7.0 Unauthenticated Access to Sensitive Information in WALLIX Bastion Lenovo System Update Local Privilege Escalation Vulnerability Path Sanitization Vulnerability in iTerm2 Improper Sanitization of SSH Hostnames in iTerm2 Invalid Curve Attack in free5GC UDM: Unvalidated Uncompressed Public Key Vulnerability Unauthenticated API Access and Privilege Escalation in ZStack Cloud Version 3.10.38 and Earlier Insufficient Encryption Strength in FUJIFILM and Xerox Multifunction Printers' Address Book Export Out-of-Bound Memory Read Vulnerability in WebAssembly wabt 1.0.33 Out-of-Bound Memory Write Vulnerability in WebAssembly wabt 1.0.33 Vulnerability: Local File Inclusion and Remote Code Execution in Media Library Assistant Plugin for WordPress NULL Pointer Dereference in send_acknowledge in net/nfc/nci/spi.c Stored XSS Vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161 Allows Privilege Escalation NULL Pointer Dereference Vulnerability in Catdoc v0.95's xls2csv Component Path Traversal Vulnerability in Product Catalog (CSV, Excel, XML) Export PRO SQL Injection Vulnerability in NDK Design for PrestaShop's Step by Step products Pack Module SQL Injection Vulnerability in SunnyToo StUrls (<=1.1.13): Privilege Escalation and Sensitive Information Disclosure SQL Injection Vulnerability in MyPrestaModules for PrestaShop Reflected Cross-Site Scripting Vulnerability in EventON WordPress Plugin (Versions up to 2.2.2) SQL Injection Vulnerability in InnovaDeluxe Manufacturer or Supplier Alphabetical Search Module for PrestaShop Versions 2.0.4 and Earlier SQL Injection Vulnerability in MyPresta.eu's mib Module for PrestaShop Unrestricted Access to Personal Information in Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module SQL Injection Vulnerability in Product Tag Icons Pro (ticons) Module for PrestaShop Unrestricted Access to Personal Information in Orders (CSV, Excel) Export PRO Module Unrestricted Access to Personal Information in CSV Feeds PRO Module SQL Injection Vulnerability in CSV Feeds PRO Module for PrestaShop SQL Injection Vulnerability in Cross Selling Module for PrestaShop SQL Injection Vulnerability in Snegurka's Referral and Affiliation Program Module OS Command Injection Vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and Earlier Stored Cross-Site Scripting Vulnerability in WordPress File Sharing Plugin Execution with Unnecessary Privileges Vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier SEGV Vulnerability in Artifex Software jbig2dec v0.20 via jbig2_error at /jbig2dec/jbig2.c Heap-Use-After-Free Vulnerability in jbig2enc v0.28 SEGV Vulnerability in jbig2enc v0.28: jbig2_add_page in src/jbig2enc.cc:512 Stack Overflow Vulnerability in Tenda W18E V16.01.0.8(1576) via portMirrorMirroredPorts Parameter Unauthenticated Access Vulnerability in WPvivid WordPress Plugin Command Injection Vulnerability in Tenda W18E V16.01.0.8(1576) via hostName Parameter Stack Overflow Vulnerability in TP-Link TL-WDR7660 2.0.30: upgradeInfoJsonToBin Function Stack Overflow Vulnerability in TP-Link TL-WDR7660 2.0.30: deviceInfoJsonToBincauses Function Cross Site Scripting (XSS) Vulnerability in ZenTao Enterprise Edition 4.1.3 and Earlier Versions Cross Site Request Forgery (CSRF) vulnerability in ZenTao Biz version 4.1.3 and earlier Information Disclosure Vulnerability in Zentao Biz version 8.7 and earlier Stored Cross Site Scripting (XSS) Vulnerability in MiniCMS 1.1.1 via Crafted String in /mc-admin/conf.php Clear-text HTTP Password Change Vulnerability in LOYTEC LINX-212, LVIS-3ME12-A1, and LIOB-586 Devices Unauthenticated Remote Control Vulnerability in LOYTEC LINX-212, LVIS-3ME12-A1, and LIOB-586 Devices via LWEB-802 Clear-text HTTP Login Vulnerability in LOYTEC LINX-212, LVIS-3ME12-A1, and LIOB-586 Devices Loytec LINX Configurator 7.4.10 Vulnerability: Cleartext Transmission of Credentials Insecure Permissions in LINX Configurator 7.4.10: Cleartext Storage of Credentials and Authentication Bypass Insecure Permissions in LINX Configurator 7.4.10: Remote Password Theft and Device Takeover Insecure Permissions in LOYTEC Electronics GmbH LINX-212 and LINX-151 Firmware: Exposing SMTP Client Account Credentials and Bypassing Email Authentication Incorrect Access Control in LOYTEC electronics GmbH LINX-212 and LINX-151 Firmware Allows Remote Disclosure of Sensitive Information Insecure Permissions in LOYTEC Electronics LINX-212 and LINX-151: Exposing SMTP Client Account Credentials and Bypassing Email Authentication Incorrect Access Control in LOYTEC electronics GmbH LINX-212 and LINX-151 Firmware: Unauthorized Disclosure of Sensitive Information via registry.xml Gougucms v4.08.18 Password Reset Poisoning Vulnerability Stored XSS Vulnerability in gougucms v4.08.18 Allows Arbitrary Code Execution via headimgurl Parameter Cross Site Scripting (XSS) Vulnerability in Audimex 15.0.0 via Company Parameter Search Filters Unauthenticated Access to Logging Level Controller in YugabyteDB Anywhere (Versions 2.0.0 - 2.17.3) ReDOS Vulnerability in git-urls 1.0.0: URLs.go Remote Code Execution (RCE) Vulnerability in PCRS <= 3.11 (d0de1e) Questions and Code Editor Pages Out of Bounds Read Vulnerability in FFmpeg's read_vlc_prefix() Function Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 via sub_ The 41DD80 Function Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 Buffer Overflow Vulnerability in shadow-utils Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 via sub_ The 416F60 Function Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 via sub_415258 Function Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 via sub_4155DC Function Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 via sub_41E588 Function Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 via sub_ The 41A414 Function Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 via sub_415498 Function Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 Race Condition Vulnerability in kk Star Ratings WordPress Plugin Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 via sub_411994 Function Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.652_B20230116 CVE-2023-46426 CVE-2023-46427 Arbitrary File Upload Vulnerability in HadSky v7.12.10 PHP Object Injection Vulnerability in Enable Media Replace WordPress Plugin SQL Injection Vulnerability in Sourcecodester Packers and Movers Management System v1.0 Rogue Extension Negotiation Vulnerability in AsyncSSH Rogue Session Attack: Remote Control Vulnerability in AsyncSSH Unencrypted Glucose Measurements Vulnerability in POPS! Rebel Bluetooth Glucose Monitoring System Arbitrary Code Execution via Reflected Cross-Site Scripting (XSS) in dmpop Mejiro Commit Versions Prior To 3096393 Incorrect Access Control in Sourcecodester Free and Open Source inventory management system v1.0 allows arbitrary user account takeover via IDOR in password change function. Sensitive Information Exposure in Ad Inserter for WordPress (up to version 2.7.30) via ai_ajax function Cross Site Scripting (XSS) Vulnerability in Sourcecodester Free and Open Source Inventory Management System 1.0 via Add Supplier Function Cross Site Scripting (XSS) Vulnerability in Best Courier Management System v1.0's Change Username Field Arbitrary Shell Command Injection in GL.iNET GL-AR300M Routers with Firmware v4.3.7 Arbitrary File Write Vulnerability in GL.iNET GL-AR300M Routers with Firmware v4.3.7 Arbitrary Shell Command Injection Vulnerability in GL.iNET GL-AR300M Routers with Firmware 3.216 Stored Cross-Site Scripting Vulnerability in Simple Posts Ticker WordPress Plugin Arbitrary Code Execution via Cross Site Scripting in juzawebCMS v.3.4 and Earlier Arbitrary Code Execution Vulnerability in juzawebCMS v.3.4 and Earlier GitLab Projects API Pagination Bypass Vulnerability Arbitrary Code Execution via Crafted Telecommand in Yamcs ArchiveBrowser Arbitrary Code Execution via Cross Site Scripting in Space Applications Services Yamcs v.5.8.6 Arbitrary Code Execution and Privilege Escalation via File Upload in PMB v.7.4.8 Stored Cross-Site Scripting Vulnerability in ZenTao 18.3 Allows Injection of Malicious JavaScript Code in Project Name Field Remote Code Execution Vulnerability in minCal v.1.0.0 via Crafted Script in customer_data Parameter Stored Cross-Site Scripting Vulnerability in WP Customer Reviews Plugin Arbitrary Code Execution and Information Disclosure Vulnerability in OwnCast v.0.1.1 Remote Code Execution via SQL Injection in wuzhicms v.4.1.0 Database Backup Functionality Cross Site Scripting Vulnerability in timetec AWDMS v.2.0 via Crafted Payload in New Zone Remark Parameter Remote Code Execution Vulnerability in TOTOlink X6000R V9.4.0cu.852_B20230719 Remote Code Execution Vulnerability in TOTOlink X6000R V9.4.0cu.852_B20230719 Session Fixation Vulnerability in instantsoft/icms2 GitHub Repository (prior to 2.16.1) Cacti v1.2.25 SQL Injection Vulnerability in managers.php Cross Site Scripting (XSS) Vulnerability in ZenTao Biz Version Library Arbitrary Code Execution via Cross Site Scripting (XSS) in MLDB.ai v.2017.04.17.0 EverShop NPM Directory Traversal Vulnerability Cross Site Scripting Vulnerability in EverShop NPM Versions before v.1.0.0-rc.5 Cross Site Scripting Vulnerability in EverShop NPM Versions before v.1.0.0-rc.8 via sortBy Parameter EverShop NPM Directory Traversal Vulnerability in DELETE Function EverShop NPM Directory Traversal Vulnerability Remote Code Execution and Information Disclosure Vulnerability in EverShop NPM Cross Site Scripting (XSS) Vulnerability in EverShop NPM Versions before v.1.0.0-rc.5 Allows Remote Information Disclosure GitHub Repository Access Control Vulnerability Remote Code Execution Vulnerability in BoltWire v.6.03 via Crafted Payload in Admin Password Function Insecure DocumentBuilderFactory in openCRX v.5.2.2 enables remote file reading and server side request forgery Remote Code Execution via Cross Site Scripting (XSS) in PwnCYN YXBOOKCMS v.1.0.2 Arbitrary Code Execution via XSS Vulnerability in PwnCYN YXBOOKCMS v.1.0.2 Arbitrary Code Execution via Cross Site Scripting in FanCMS v.1.0.0 Arbitrary Code Execution Vulnerability in Contec SolarView Compact v.6.0 and Earlier SSRF Vulnerability in instantsoft/icms2 prior to 2.16.1 Arbitrary Code Execution Vulnerability in ZIONCOM A7000R v.4.1cu.4154 Command Execution Vulnerability in Mercury A15 V1.0 20230818_1.0.3 via cloudDeviceTokenSuccCB Component Stored Cross-site Scripting (XSS) Vulnerability in instantsoft/icms2 prior to 2.16.1-git Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via uninstallPluginReqHandle Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via RegisterRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via deviceInfoRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via upgradeInfoRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via loginRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via resetCloudPwdRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via bindRequestHandle Function Stored Cross-site Scripting (XSS) Vulnerability in instantsoft/icms2 prior to 2.16.1-git Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via modifyAccPwdRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via getResetVeriRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via chkRegVeriRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via getRegVeriRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via chkResetVeriRegister Function Stack Overflow Vulnerability in TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin via registerRequestHandle Function Insecure Handling of Sensitive Cookies in GitHub Repository instantsoft/icms2 prior to 2.16.1 Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Reflected Cross-site Scripting (XSS) Vulnerability in instantsoft/icms2 prior to 2.16.1 Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web CVE-2023-46565 CVE-2023-46566 Out-of-Bounds Read Vulnerability in radare2 v.5.8.9 and Earlier Versions Out-of-Bounds Read Vulnerability in radare2 v.5.8.9 and Earlier Arbitrary Code Execution Vulnerability in TOTOLINK A3700R v.9.1.2u.6165_20211012 SQL Injection Vulnerability in Meshery v0.6.179: Remote Code Execution and Data Leakage via order Parameter Vulnerability: Unauthorized Access to Merge Permission in GitLab EE Arbitrary Code Execution via pname Parameter in Inventory Management V1.0 SQL Injection Vulnerability in Inventory Management v.1.0 Registration Component SQL Injection Vulnerability in Inventory Management v.1.0: Arbitrary SQL Command Execution via deleteProduct.php Arbitrary Code Execution via Cross-Site Scripting (XSS) in PHPGurukul Nipah Virus (NiV) Testing Management System v.1.0 SQL Injection Vulnerability in PHPGurukul Nipah Virus (NiV) Testing Management System v.1.0 Buffer Overflow Vulnerability in XnView Classic v.2.51.5: Arbitrary Code Execution via Crafted TIF File HTTP Trailer Header Parsing Vulnerability in Apache Tomcat CSRF Vulnerability Allows Unauthorized Actions on Platform Siemens OPC UA Modelling Editor (SiOME) XML External Entity (XXE) Injection Vulnerability Net-NTLM Leak via HTML Injection in FireFlow VisualFlow Workflow Editor XSS Vulnerability in Algosec FireFlow VisualFlow Workflow Editor Improper Access Controls in COMOS SQLServer Connection Stack-based Buffer Overflow in icFixXml Function in libIccXML.a Out-of-Bounds Read Vulnerability in CIccPRMG::GetChroma Function Java OpenWire Protocol Marshaller Remote Code Execution Vulnerability SQL Injection vulnerability in Saphira Connect: before 9. Stored Cross-Site Scripting (XSS) Vulnerability in Jens Kuerschner Add to Calendar Button Plugin <= 1.5.1 CSRF Vulnerability in Mat Bao Corp WP Helper Premium Plugin Kalli Dan: KD Coming Soon Deserialization of Untrusted Data Vulnerability CSRF Vulnerability in AdFoxly Ad Manager Plugin CSRF Vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags Plugin <= 2.5 CSRF Vulnerability in WebDorado WDSocialWidgets Plugin Unnecessary Privileges in Saphira Connect: Remote Code Inclusion Vulnerability CSRF Vulnerability in Fluenx DeepL API Translation Plugin Unauthenticated Reflected XSS Vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar Plugin Unauthenticated Reflected XSS Vulnerability in ollybach WPPizza Plugin <= 3.18.2 Code Injection Vulnerability in TienCOP WP EXtra Parcel Pro Open Redirect Vulnerability CSRF Vulnerability in DAEXT Autolinks Manager Plugin <= 1.10.04 Unauthenticated Reflected XSS Vulnerability in FLOWFACT WP Connector Plugin <= 2.1.7 Unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability in Ashish Ajani WordPress Simple HTML Sitemap Plugin <= 2.1 CSRF Vulnerability in themelocation Remove Add to Cart WooCommerce Plugin Reflected XSS Vulnerability in Saphira Connect: before 9 CSRF Vulnerability in Custom My Account for Woocommerce Allows XSS CSRF Vulnerability in David Stöckl Custom Header Images Plugin CSRF Vulnerability in Webcodin WCP OpenWeather Plugin Privilege Escalation Vulnerability in Saphira Connect: before 9 due to Incorrect Default Permissions Stored Cross-Site Scripting (XSS) Vulnerability in D. Relton Medialist Plugin <= 1.3.9 Server-Side Request Forgery (SSRF) Vulnerability in 12 Step Meeting List Stored Cross-Site Scripting (XSS) Vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce Plugin <= 1.2.2 Unauthenticated Reflected XSS Vulnerability in GARY JEZORSKI CloudNet360 Plugin <= 3.2.0 GitHub Enterprise Server Path Traversal Vulnerability in GitHub Pages Site Building Improper Access Control in GitHub Enterprise Server Allows Unauthorized Access to Private Repository Names Privilege Escalation via Management Console in GitHub Enterprise Server Insufficient Entropy Vulnerability in GitHub Enterprise Server Allows Brute Force Attacks on User Invitations Race Condition Vulnerability in GitHub Enterprise Server Allows for Administrator Access Privilege Escalation Vulnerability in Saphira Connect: before 9 Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins GitHub Plugin 1.37.3 and Earlier Jenkins Warnings Plugin 10.5.0 and earlier: Unauthorized Access to Credentials Jenkins lambdatest-automation Plugin 1.20.9 and earlier: Credential Enumeration Vulnerability Exposure of LAMBDATEST Credentials Access Token in Jenkins lambdatest-automation Plugin Arbitrary File Deletion Vulnerability in Jenkins CloudBees CD Plugin Arbitrary File Disclosure Vulnerability in Jenkins CloudBees CD Plugin Jenkins Multibranch Scan Webhook Trigger Plugin Token Comparison Vulnerability Timing Vulnerability in Jenkins Gogs Plugin Timing Vulnerability in Jenkins MSTeams Webhook Trigger Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Edgewall Trac Plugin 1.13 and Earlier Arbitrary File Creation and Remote Code Execution in Form Maker by 10Web WordPress Plugin Jenkins Zanata Plugin Weak Webhook Token Comparison Vulnerability Privilege Escalation Vulnerability in Sielco PolyEco1000 Information Disclosure Vulnerability in Sielco PolyEco1000 Authorization Bypass Vulnerability in Sielco PolyEco1000 Improper Access Control Vulnerability in Sielco PolyEco1000 Authentication Bypass Vulnerability in Sielco PolyEco1000 Vulnerability: Unauthorized Access to Sharepoint Content via Elastic Sharepoint Online Python Connector Insecure Logging of Agent Enrolment Tokens in Fleet Server Exposure of Elastic Agent API Keys in Plaintext via Debug Logging in Elastic Endpoint Stored Malicious Script Execution in PAC Device Web Interface Sensitive Information Leakage in Kibana Logs Sensitive Information Leakage in Logstash Logs Ingest Pipeline Script Processor Vulnerability: Crash on Simulate Pipeline API Call Unsafe Deserialization Vulnerability in Hadoop and Spark Configuration Properties Kibana Log Disclosure Vulnerability Unauthenticated SQL Injection Vulnerability in Online Job Portal v1.0 Unauthenticated SQL Injection Vulnerability in Online Job Portal v1.0 Sensitive Information Exposure in Ad Inserter for WordPress versions up to 2.7.30 via ai-debug-processing-fe URL parameter Argument Injection Vulnerability in VR-S1000 Firmware Ver. 2.37 and Earlier Post-Authentication Command Injection Vulnerability in Tp-Link ER7206 Omada Gigabit VPN Router Vulnerability: Untrusted Inputs in Gallagher Command Centre Diagnostics Service Configuration Remote Command Execution Vulnerability in Emerson Rosemount GC370XA, GC700XA, and GC1500XA Products Open Redirect Vulnerability in Pleasanter 1.3.47.0 and Earlier: Remote Unauthenticated Redirect Attack Exagate SYSGuard 3001 Authentication Bypass Vulnerability Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master v.1.0.7 Arbitrary Code Execution via Title Parameters in FormaLMS before 4.0.5 Django NFKC Normalization Denial of Service Vulnerability CSRF Vulnerability in GROWI User Settings Page SQL Injection Vulnerability in Innosa Probbys: Before 2 LuxCal Web Calendar SQL Injection Vulnerability Playbooks Plugin in Mattermost Allows Unauthorized Access to Post Information Local Information Leak Vulnerability in OpenHarmony v3.2.2 and Prior Versions through Type Confusion Unchangeable Credentials Vulnerability in Multiple MachineSense Devices CVE-2023-46708 SQL Injection Vulnerability in Talent Software ECOP Allows Command Line Execution Hard-coded Cryptographic Key Vulnerability in VR-S1000 Firmware Privilege Escalation Vulnerability in Fortinet FortiPortal Versions 7.0.0 - 7.0.6 and 7.2.0 - 7.2.1 Log Forgery Vulnerability in Fortinet FortiWeb CVE-2023-46717 Reflected XSS Vulnerability in Talent Software ECOP (before 32255) Cross-Site Scripting (XSS) Vulnerability in Pimcore Admin Classic Bundle IMEI Exposure in sendto.txt File for LTE-PIC32-Writer Improper Validation of Specified Index in Squid Proxy Allows Denial of Service Attack against SSL Certificate Validation Server-Side Request Forgery (SSRF) and Time of Check Time of Use (TOCTOU) Vulnerability in FoodCoopShop Arbitrary Code Execution via LDAP Server Configuration in GLPI (Versions 10.0.0 - 10.0.10, PHP 7.4) SQL Injection Vulnerability in GLPI Inventory Endpoint NULL Pointer Dereference Vulnerability in Squid's Gopher Gateway Arbitrary URL Request Reflection in Sentry-Javascript Next.js SDK Tunnel Endpoint SQL Injection Vulnerability in Sanalogy Turasistan Server-Side Request Forgery (SSRF) Vulnerability in Group-Office's /api/upload.php Endpoint XWiki Platform Unauthenticated Code Execution Vulnerability Reflected Cross-Site Scripting (RXSS) Vulnerability in XWiki Platform Vulnerability: Inadequate Session Migration in Symfony's SessionStrategyListener Unsanitized Output in Twig Filters in Symfony Unescaped User-Submitted Input Vulnerability in Symfony WebhookController Server-Side Request Forgery (SSRF) Vulnerability in EspoCRM Denial of Service Vulnerability in Cosign: Endless Data Attack via Attacker-Controlled Registry Vulnerability in CubeFS HandlerNode Allows Denial of Service Attacks Timing Attack Vulnerability in CubeFS Master Component (Versions prior to 3.3.1) SQL Injection Vulnerability in Yaztek E-Commerce Software Insecure Random String Generation in CubeFS Prior to v3.3.1 CubeFS Log Leakage Vulnerability Information Leakage and Key Exposure in CubeFS Logs Privilege Escalation Vulnerability in Collabora Online Integration for XWiki Stored Cross-Site Scripting (XSS) Vulnerability in Squidex CMS Unrestricted Login Rate Limit in LibreNMS Server-side Request Forgery (SSRF) Vulnerability in PostHog Allows Authenticated Users to Forge POST Requests Authentication Bypass Vulnerability in BIG-IP Configuration Utility Authenticated SQL Injection Vulnerability in BIG-IP Configuration Utility Path Traversal Vulnerability in Apache Shiro Allows Authentication Bypass SQL Injection Vulnerability in GM Information Technologies MDO Apache Shiro 'form' Authentication Open Redirect Vulnerability Dangling Pointer Vulnerability in Artifex Ghostscript FRRouting FRR 9.0.1 Malformed MP_REACH_NLRI Data Crash Vulnerability Crash Vulnerability in FRRouting FRR through 9.0.1 with Crafted BGP UPDATE Message Arbitrary Numerical Values Bypass Vulnerability in Obl.ong Admin Panel Unverified Input Parameters Vulnerability: Triggering Launcher Restart Window Management Module Permission Control Vulnerability Remote PIN Module Vulnerability: Confidentiality Impact Multi-Screen Interaction Module Permission Management Vulnerability: Device Service Exception Risk Call Module Permission Control Vulnerability: A Threat to Service Confidentiality Reflected XSS Vulnerability in Yordam MedasPro Software (before 28) Kernel Driver Module Out-of-Bounds Write Vulnerability: Potential Process Exceptions Kernel Driver Module Out-of-Bounds Write Vulnerability: Potential Process Exceptions Kernel Driver Module Out-of-Bounds Write Vulnerability: Potential Process Exceptions Background App Permission Management Vulnerability: Enabling Malicious Background App Activation Background App Hijacking: Unauthorized Startup Vulnerability NFC Module Uncaught Exception Vulnerability: Implications on Availability Kernel Driver Module Out-of-Bounds Write Vulnerability: Potential Process Exceptions Kernel Driver Module Out-of-Bounds Write Vulnerability: Potential Process Exceptions Thread-based Vulnerability in idmap Module: Potential Abnormal Feature Behavior Dubai Module UAF Vulnerability: A Threat to Availability Cron Log Backup Files Expose Administrator Session IDs in Pandora FMS <= 772 Sensor Module Out-of-Bounds Vulnerability: Potential Mistouch Prevention Errors on Mobile Phones Critical Security Vulnerability in Face Unlock Module: Threat to Service Confidentiality Out-of-Range Parameter Vulnerability in QMI Service Module Leading to File Data Reading Errors PMS Module Permission Management Vulnerability: Privilege Escalation Risk NFC Module Uncaught Exception Vulnerability: Implications on Availability CSRF Vulnerability in Djo Original texts Yandex WebMaster Plugin CSRF Vulnerability in Serena Villa Auto Excerpt Everywhere Plugin CSRF Vulnerability in Custom Login Page Plugin CSRF Vulnerability in TheFreeWindows Auto Limit Posts Reloaded Plugin <= 2.5 CSRF Vulnerability in EasyRecipe Plugin <= 3.5.3251 Critical Divide By Zero Vulnerability in gpac/gpac Prior to 2.3-DEV CSRF Vulnerability in Alter Plugin <= 1.0 Versions CSRF Vulnerability in Roland Murg Current Menu Item for Custom Post Types Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Chris Yee MomentoPress for Momento360 Plugin <= 1.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in Bright Plugins Pre-Orders for WooCommerce Plugin Unauthenticated SQL Injection Vulnerability in Online Matrimonial Project v1.0 Unauthenticated SQL Injection Vulnerability in Online Matrimonial Project v1.0 Unauthenticated SQL Injection Vulnerability in Online Matrimonial Project v1.0 Unauthenticated SQL Injection Vulnerability in Online Matrimonial Project v1.0 Unauthenticated SQL Injection Vulnerability in Online Matrimonial Project v1.0 Arbitrary Nonce Vulnerability in HashiCorp Vault and Vault Enterprise Transit Secrets Engine Unauthenticated SQL Injection Vulnerability in Online Matrimonial Project v1.0 XML External Entity (XXE) Vulnerability in e-Tax Software Version 3.0.10 and Earlier Memory Corruption Vulnerability in Mobile Device Server Leading to Denial of Service (DoS) Memory Corruption Vulnerability in Mobile Device Server Leading to Denial of Service (DoS) Authentication Bypass Vulnerability in Ivanti ICS and Policy Secure Web Component CVE-2023-46808 NULL Pointer Dereference Vulnerability in gpac/gpac prior to 2.3-DEV Race condition vulnerability in Linux kernel allows arbitrary write access to kernel memory Binary Hijacking Vulnerability in VideoLAN VLC Media Player on Windows Unrestricted File Upload Vulnerability in SugarCRM Notes Module Server Site Template Injection (SSTI) Vulnerability in SugarCRM GetControl Action Arbitrary PHP Object Injection in phpFox before 4.8.14 PHP Code Injection in ISPConfig Language File Editor Missing Authentication in Apache OFBiz Solr Plugin Heap-based Buffer Overflow in gpac/gpac prior to 2.3-DEV Sensitive Information Exposure in Iulia Cazan Image Regenerate & Select Crop SQL Injection Vulnerability in Milan Petrovic GD Security Headers Unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability in Visser Labs Store Exporter for WooCommerce Plugin SQL Injection Vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin <= 1.7.14 NULL Pointer Dereference Vulnerability in gpac/gpac prior to 2.3-DEV Vulnerability: Data Leaks Due to Page Table Level Mismatch in Quarantine Mode Race condition allows malicious PV guest to bypass BTC/SRSO protections and launch an attack against Xen Cache Cleaning/Invalidation Vulnerability in Arm Helpers Vulnerability: NULL Pointer Dereference in Xen's Virtual Network Protocol CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 Arbitrary Code Execution Vulnerability in EC-CUBE 3 and 4 Series Title: SQUID HTTP Request Smuggling Vulnerability Allows Bypassing Firewall and Frontend Security Systems Squid Vulnerability: Remote Buffer Overflow via HTTP Digest Authentication Squid Vulnerability: Denial of Service via FTP URLs in HTTP Requests OpenVPN Denial of Service Vulnerability via --fragment Option Stack-Based Buffer Overflow in Delta Electronics' CNCSoft-B and DOPSoft Versions: Arbitrary Code Execution Vulnerability OpenVPN Use After Free Vulnerability Allura Discussion and Allura Forum Importing Vulnerability Buffer Overflow in Memcached Proxy Mode when Processing Multiget Requests with Excessive Spaces Off-by-one Error in Memcached Proxy Mode Processing Cross-Site Scripting (XSS) Vulnerability in Proxmox Proxmox-Widget-Toolkit Incomplete Blacklist in SVG Inspection Allows XSS in Squidex Upload Assets Reflected XSS Vulnerability in Moodle 4.3 Grade Report Grader Vulnerability: Sensitive Information Exposure in WP Customer Reviews Plugin NULL pointer dereference vulnerability in Linux kernel through 6.5.9 during io_uring/fdinfo.c io_uring_show_fdinfo race condition Arbitrary File Read Vulnerability in Peppermint Ticket Management before 0.2.4 Arbitrary File Read Vulnerability in Peppermint Ticket Management 0.2.4 Arbitrary PHP Code Execution via Company Logo Image Upload Out-of-Bounds Array Access Vulnerability in CIccCLUT::Interp3d in International Color Consortium DemoIccMAX 79ecb74 NULL Pointer Dereference in CIccXformMatrixTRC::GetCurve in IccCmm.cpp Unauthenticated Code Injection in Pagelayer WordPress Plugin Memory Leak in GPAC Version 2.3-DEV-rev602-ged8424300-master in MP4Box: Potential Denial of Service Vulnerability Acronis Agent Vulnerability: Sensitive Information Leak through Log Files Directory Traversal Vulnerability in Dreamer CMS before version 4.0.1 Arbitrary File Download Vulnerability in Dreamer CMS before 4.0.1 ClearText Transmission of Sensitive Information in Meross MSH30Q 4.5.23 Cross-Site Request Forgery Vulnerability in Elementor Addon Elements Plugin for WordPress Vulnerability: Replay Attack Vulnerability in Meross MSH30Q 4.5.23 Radio Frequency Communication Protocol Weak Cryptographic Algorithm Vulnerability in esptool 4.6.2 Cross-Site Request Forgery (CSRF) Vulnerability in Elementor Addon Elements Plugin for WordPress Vulnerability: Incorrect Access Control in juzaweb <= 3.4 SQL Injection Vulnerability in WordPress Online Booking and Scheduling Plugin XSS Vulnerability in Jspxcms v10.2.0 Backend's choose_style_tree.do Interface SQL Injection Vulnerability in RM BookingCalendar Module for PrestaShop Versions 2.7.9 and Earlier: Remote Code Execution, Privilege Escalation, and Sensitive Information Disclosure via ics_export.php BLE Traffic Replay Vulnerability in Maxima Max Pro Power 1.0 486A Devices Vulnerability: Android Backup Enabled in Phlox Simple HTTP Server PLUS 1.8.1-plus Hardcoded Encryption Key Vulnerability in Phlox Simple HTTP Server 1.8 and Simple HTTP Server PLUS 1.8.1-plus Grub2 NTFS Filesystem Driver Out-of-Bounds Write Vulnerability Cross Site Scripting (XSS) Vulnerability in Reportico 7.1.21 Heap Buffer Overflow in GPAC 2.3-DEV-rev605-gfc9e29089-master SEGV Vulnerability in GPAC 2.3-DEV-rev605-gfc9e29089-master Crash Vulnerability in GPAC 2.3-DEV-rev605-gfc9e29089-master MP4Box Grub2 NTFS Filesystem Driver Out-of-Bounds Read Vulnerability SEGV Vulnerability in GPAC 2.3-DEV-rev605-gfc9e29089-master Heap Buffer Overflow in GPAC 2.3-DEV-rev605-gfc9e29089-master Heap Buffer Overflow in GPAC version 2.3-DEV-rev617-g671976fcc-master: Arbitrary Code Execution and DoS via str2ulong class eYouCMS v1.6.4 Cross Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in HP OfficeJet Pro Printers via SOAP Message Improper Authorization in NPM's @evershop/evershop Package Hardcoded Weak HMAC Secret in @evershop/evershop Package Arbitrary Code Execution Vulnerability in GitKraken GitLens Critical Remote Command Execution Vulnerability in Subrion 4.2.1 Backend Predictable Algorithm in Random Number Generator in pkp/pkp-lib: A Security Vulnerability CVE-2023-46950 CVE-2023-46951 Arbitrary Code Execution via Cross Site Scripting in ABO.CMS v.5.9.3 Arbitrary Code Execution via SQL Injection in ABO.CMS v.5.9.3 Arbitrary Code Execution via SQL Injection in RelativityOne v.12.1.537.3 Patch 2 and Earlier SQL Injection Vulnerability in Packers and Movers Management System v.1.0 Remote Code Execution Vulnerability in lmxcms v.1.41 via Crafted Script in admin.php GitHub Repository Access Control Vulnerability CVE-2023-46960 Remote Information Disclosure Vulnerability in Yunfan Learning Examination System v.6.5 Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 Cross Site Scripting (XSS) Vulnerability Privilege Escalation via Cross Site Scripting in Enhancesoft osTicket 1.18.0 Privilege Escalation in GitHub repository usememos/memos prior to 0.13.2 Arbitrary Code Execution via Cross Site Scripting in Best Courier Management System v.1.000 Command Injection Vulnerability in TOTOLINK A3300R 17.0.0cu.557_B20221024 Stack Overflow Vulnerability in TOTOLINK LR1200GB V9.1.0u.6619_B20230130 via loginAuth Function Incorrect Access Control Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719: Unauthorized Password Reset and WIFI Password Modification Command Injection Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 via enable parameter in setLedCfg function Improper Input Validation in GitHub Repository Usememos/memos Prior to 0.13.2 Arbitrary Code Execution and Privilege Escalation Vulnerability in Best Courier Management System v.1.0 Remote Code Execution via SQL Injection in Novel-Plus v.4.2.0 Remote Code Execution (RCE) Vulnerability in SeaCMS v12.9 via /augap/adminip.php Arbitrary Code Execution via SQL Injection in Innovadeluxe Quick Order Module for PrestaShop Remote Reset and DoS Vulnerability in Mitsubishi Electric MELSEC-F and iQ-F Series Modules Remote Code Execution via Deserialization in PublicCMS v.4.0.202302.e Vulnerability: Unauthorized Password Reset in TOTOLINK A3300R V17.0.0cu.557_B20221024 Command Injection Vulnerability in TOTOLINK A3300R V17.0.0cu.557_B20221024 via setLedCfg Request Arbitrary Code Execution via Cross Site Scripting in BootBox Bootbox.js Authorization Bypass Vulnerability in GitLab EE Versions 14.7 to 16.5.1 Arbitrary Code Execution and Denial of Service Vulnerability in RedisGraph v.2.12.10 Buffer Overflow Vulnerability in RedisGraph v.2.x through v.2.12.8: Arbitrary Code Execution CSRF Vulnerability in Sourcecodester Sticky Notes App Allows Information Disclosure Out-of-Bounds Read Vulnerability in radare2 5.8.9 Yepas Digital Authentication Bypass Vulnerability Privilege Escalation through CSRF Chaining in NCR Terminal Handler v.1.5.1 Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1: Exploiting Audit Log Manipulation and CSV Injection CSRF Vulnerability in NCR Terminal Handler v.1.5.1 Allows One-Click Account Takeover Denial of Service Vulnerability in Free5gc v.3.3.0 via free5gc-compose Component Unauthenticated Privilege Escalation in All in One B2B for WooCommerce WordPress Plugin Reentrancy Vulnerability Found in MultiSigWallet 0xF0C99's executeTransaction Function UniswapFrontRunBot 0xdB94c Vulnerability: Financial Loss Exploitation Unauthenticated Transfer Operations Vulnerability in RPTC 0x3b08c Vulnerability in Apache Airflow Allows Unauthorized Modification of DAG Run Details Heap Buffer Overflow Vulnerability in Perl's Regular Expression Compilation Vulnerability Title: Path Search Order Issue in Perl for Windows Allows Arbitrary Code Execution GitHub Repository Vulnerability: Uncontrolled System or Configuration Setting in instantsoft/icms2 (prior to 2.16.1-git) Out-of-Bounds Read Vulnerability in Adobe Media Encoder Out-of-Bounds Write Vulnerability in Adobe Media Encoder (CVE-2021-21017) Heap-based Buffer Overflow Vulnerability in Adobe Media Encoder Out-of-Bounds Read Vulnerability in Adobe Media Encoder Access of Uninitialized Pointer Vulnerability in Adobe Media Encoder Out-of-Bounds Write Vulnerability in Adobe Audition: Arbitrary Code Execution Adobe Audition Uninitialized Pointer Vulnerability Out-of-Bounds Read Vulnerability in Adobe Audition: Remote Code Execution Out-of-Bounds Read Vulnerability in Adobe Audition: Remote Code Execution Out-of-Bounds Read Vulnerability in Adobe Audition: Remote Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Audition: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Audition Allows Memory Disclosure Access of Uninitialized Pointer Vulnerability in Adobe Audition: Sensitive Memory Disclosure Access of Uninitialized Pointer Vulnerability in Adobe Audition Use After Free Vulnerability in Adobe Premiere Pro Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Premiere Pro Versions 24.0 and Earlier: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Premiere Pro Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Premiere Pro: Remote Code Execution Out-of-Bounds Read Vulnerability in Adobe Premiere Pro: Remote Code Execution Lenovo Preloaded Devices Vulnerability: Privilege Escalation via Microsoft AutoPilot Adobe Premiere Pro Uninitialized Pointer Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Out-of-Bounds Read Vulnerability in Adobe After Effects Out-of-Bounds Read Vulnerability in Adobe After Effects Out-of-Bounds Read Vulnerability in Adobe After Effects Out-of-Bounds Read Vulnerability in Adobe After Effects Cross-Site Scripting (XSS) Vulnerability in Infosoftbd Clcknshop 1.0.0 Arbitrary Code Execution via Out-of-Bounds Write in Adobe After Effects Adobe After Effects Multiple Versions Out-of-Bounds Read Vulnerability Access of Uninitialized Pointer Vulnerability in Adobe After Effects Arbitrary Code Execution via Out-of-Bounds Write in Adobe After Effects Adobe Illustrator Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Adobe InDesign NULL Pointer Dereference Vulnerability Allows Application Denial-of-Service Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Critical SQL Injection Vulnerability in Infosoftbd Clcknshop 1.0.0 Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Cross-Site Scripting (XSS) Vulnerability in TOTVS RM 12.1 Authentication Bypass in NATS Server Versions 2.2.0 to 2.10.2 Cookie Threshold Overflow Vulnerability in Stormshield Network Security (SNS) ASQ Engine Crash Vulnerability in Stormshield Network Security (SNS) Stored XSS Vulnerability in Account Plans Tab of Virtualmin 7.7 Stored Cross-Site Scripting (XSS) Vulnerability in Virtualmin 7.7 Custom Fields Reflected Cross-Site Scripting (XSS) Vulnerability in Cloudmin Services Client Stored Cross-Site Scripting (XSS) Vulnerability in Virtualmin 7.7 Server Template Creation Stored Cross-Site Scripting (XSS) Vulnerability in Virtualmin 7.7's Manage Extra Admins Stored XSS Vulnerability in Virtualmin 7.7 Create Virtual Server Description Field Cross-Site Scripting (XSS) Vulnerability in TOTVS RM 12.1 Portal Component (VDB-238573) Unallocated Space Write Vulnerability in Perl's S_parse_uniprop_string Local Privilege Escalation Vulnerability in Securepoint SSL VPN Client Installer Brute-Force User Account Enumeration Vulnerability in UrBackup Server 2.5.31 Shell Metacharacters in Titles and Messages in tinyfiledialogs before 3.15.0 Traefik URL Fragment Encoding Vulnerability Password Reset URL Manipulation Vulnerability in PILOS Unbound Cardinality Vulnerability in OpenTelemetry-Go Contrib Arbitrary File Deletion Vulnerability in PrestaShop Blockreassurance Module Critical OS Command Injection Vulnerability in D-Link DAR-8000-10 up to 20230819 Blockreassurance Configuration Table Modification Vulnerability Parallel Password Check Vulnerability in ZITADEL Unauthenticated Access to Job Names and Groups in Rundeck DLL Hijacking Vulnerability in BleachBit for Windows up to version 4.4.2 HTML Injection Vulnerability in Fides Web Application Cross-Site Scripting (XSS) Vulnerability in Label Studio Versions Prior to 1.9.2 Bypassing SSRF Protections in Label Studio: Accessing Internal Web Servers Label Studio 1.9.2post0 ORM Leak Vulnerability Heap Buffer Overflow in ClickHouse Server Arbitrary HTML Injection Vulnerability in Discourse Onebox Engine Critical SQL Injection Vulnerability in Xintian Smart Table Integrated Management System 5.6.9 Redis Memory Depletion via Abnormally Long Favicon URL Server Side Request Forgery Vulnerability in Discourse Embedding Feature Improper Public Key Fetching in Gitsign Prior to 0.8.0 CVE-2023-47123 Traefik HTTPChallenge Slowloris Attack Vulnerability Vulnerability in TYPO3 DOM Processing Instructions Handling Path Disclosure Vulnerability in TYPO3 Standalone Install Tool Session Cookie Reuse Vulnerability in TYPO3 Installations SQL Injection via f-strings in Piccolo ORM's named transaction savepoints Arbitrary PHP File Upload Vulnerability in Statmic CMS Critical SQL Injection Vulnerability in IBOS OA 4.5.5: Exploit Publicly Disclosed (VDB-238576) Remote Code Execution (RCE) Vulnerability in Yii Framework Sensitive Information Leakage in N-able PassPortal Chrome Extension Privilege Escalation Vulnerability in N-able N-central Remote Information Disclosure Vulnerability in PlayTube 3.0.1 Improper Access Controls in IBM CICS Transaction Gateway 9.3 Allow Unauthorized File Transfer or Viewing Denial of Service Vulnerability in IBM Db2 11.5 Privilege Escalation Vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 HTTP Header Injection Vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 - 7.3.0.10 Cross-Site Scripting (XSS) Vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 Privilege Escalation via MSI Repair Functionality in IBM Db2 for Windows Sensitive Domain Information Disclosure in IBM Qradar SIEM 7.5 (IBM X-Force ID: 270372) CVE-2023-47147 Improper Validation of Unsecured Endpoints in IBM Storage Protect Plus Server Admin Console (CVE-2021-20505) CVE-2023-47150 Insecure Cryptographic Algorithm and Information Disclosure Vulnerability in IBM Db2 11.5 Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Stored Cross-Site Scripting Vulnerability in Media Library Assistant Plugin for WordPress Denial of Service Vulnerability in IBM UrbanCode Deploy (UCD) CVE-2023-47162 Billion Laughs Attack Vulnerability in Remarshal prior to v0.17.1 Cross-Site Scripting (XSS) Vulnerability in HOTELDRUID 3.0.5 and Earlier CVE-2023-47166 Post-Authentication Command Injection Vulnerability in Tp-Link ER7206 Omada Gigabit VPN Router Open Redirect Vulnerability in Mattermost's Mobile Login Arbitrary File Read Vulnerability in WWBN AVideo 11.6 and dev master commit 15fed957fb Local Privilege Escalation Vulnerability in WithSecure Products Remote Code Execution Vulnerability in Thorn SFTP Gateway 3.4.x before 3.4.4 Arbitrary Script Execution via Cross-Site Scripting in LuxCal Web Calendar Stored Cross-Site Scripting (XSS) Vulnerability in Yakir Sitbon, Ariel Klikstein Linker Plugin <= 1.2.1 Stored Cross-Site Scripting Vulnerability in Font Awesome 4 Menus Plugin for WordPress Stored XSS Vulnerability in Martin Gibson IdeaPush Plugin <= 8.52 CSRF leading to Stored XSS in Nazmul Hossain Nihal Login Screen Manager Plugin <= 3.5.2 Stored Cross-Site Scripting (XSS) Vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control Plugin <= 1.2.8 Unauthenticated Stored XSS Vulnerability in gVectors Team Comments — wpDiscuz Plugin (<= 7.6.11) CSRF Vulnerability in Kadence WP Kadence WooCommerce Email Designer Plugin Reflected Cross-Site Scripting Vulnerability in Simple Membership WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Apollo13Themes Apollo13 Framework Extensions Plugin User-Controlled Key Authorization Bypass in Youzify – BuddyPress Plugin Agent Link Privilege Escalation Vulnerability in Trend Micro Apex One Security Agent Privilege Escalation Vulnerability in Trend Micro Apex One Security Agent Privilege Escalation Vulnerability in Trend Micro Apex One Security Agent Privilege Escalation Vulnerability in Trend Micro Apex One Security Agent Privilege Escalation Vulnerability in Trend Micro Apex One Security Agent Privilege Escalation Vulnerability in Trend Micro Apex One Security Agent Privilege Escalation Vulnerability in Trend Micro Apex One Security Agent Privilege Escalation Vulnerability in Trend Micro Apex One Security Agent Incorrect Floating Point Comparison in GitHub Repository gpac/gpac prior to 2.3-DEV Trend Micro Apex One Security Agent Plug-in Manager Privilege Escalation Vulnerability Trend Micro Apex One Security Agent Plug-in Manager Origin Validation Privilege Escalation Vulnerability Local File Inclusion Vulnerability in Trend Micro Apex One Management Server Allows Privilege Escalation Arbitrary Code Execution via Unsafe YAML Deserialization in transmute-core Unauthenticated Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master v.1.0.7 Post-Authentication Command Injection Vulnerability in Tp-Link ER7206 Omada Gigabit VPN Router Out-of-bounds Read Vulnerability in gpac/gpac Repository Arbitrary File Creation via Directory Traversal in ManageEngine OpManager 12.7.258 CVE-2023-47212 Hard-coded Password Vulnerability in First Corporation's DVRs Stored Cross-Site Scripting Vulnerability in GROWI Versions Prior to v6.0.0 OpenHarmony v3.2.2 and Prior Versions Local Denial of Service Vulnerability Buffer Overflow Vulnerability in OpenHarmony v3.2.2 and Prior Versions Allows Local Denial of Service (DoS) Attack Title: QNAP OS Command Injection Vulnerability Allows Remote Command Execution QuMagie SQL Injection Vulnerability Allows Code Injection via Network Integer Overflow or Wraparound in GPAC GitHub Repository Prior to Version 2.3-DEV CVE-2023-47220 CVE-2023-47221 CVE-2023-47222 Stored Cross-Site Scripting (XSS) Vulnerability in WP Map Plugins Basic Interactive World Map Plugin <= 2.0 Stored Cross-Site Scripting (XSS) Vulnerability in I Thirteen Web Solution Post Sliders & Post Grids Plugin <= 1.0.20 Stored XSS Vulnerability in Web-Settler Social Feed Plugin Muneeb Layer Slider Plugin <= 1.1.9.7 - Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Vyas Dipen Top 25 Social Icons Plugin <= 3.1 Sensitive Information Exposure in Elementor Addon Elements Plugin for WordPress CSRF Vulnerability in Cimatti Consulting WordPress Contact Forms Plugin Bainternet ShortCodes UI Plugin <= 1.9.8 - Stored XSS Vulnerability Use-after-free vulnerability in brcmf_cfg80211_detach code in Linux kernel through 6.5.10 Crash Vulnerability in FRRouting FRR through 9.0.1 when Processing Crafted BGP UPDATE Message BGP UPDATE Message Crash Vulnerability in FRRouting FRR through 9.0.1 SQL Injection vulnerability in Avirtum iPages Flipbook For WordPress CSRF Vulnerability in Martin Gibson Auto Publish for Google My Business Plugin CSRF Vulnerability in WebberZone Top 10 WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Scott Paterson Easy PayPal Shopping Cart Plugin <= 1.1.10 Arbitrary Command Execution Vulnerability in Export any WordPress data to XML/CSV and WP All Export Pro Plugins Stored Cross-Site Scripting (XSS) Vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 Stored Cross-Site Scripting (XSS) Vulnerability in Marco Milesi ANAC XML Bandi di Gara Plugin <= 7.5 CSRF Vulnerability in CodeMShop - MSHOP MY SITE Sensitive Information Exposure vulnerability in Omnisend Email Marketing for WooCommerce Stored XSS Vulnerability in Marco Milesi ANAC XML Viewer Plugin <= 1.7 SysAid On-Premise Path Traversal Vulnerability: Remote Code Execution Knowledge Base Article Deletion Vulnerability in SysAid On-Premise (Bug 15102) Arbitrary Code Execution via Deserialization in PyArrow IPC and Parquet Readers Out-of-Bounds Read Vulnerability in CIccXmlArrayType::ParseText Function Stored Cross-Site Scripting Vulnerability in Simple Posts Ticker WordPress Plugin X11 Server Socket Access Control Vulnerability in m-privacy TightGate-Pro Server Directory Traversal Vulnerability in m-privacy TightGate-Pro Server's VNC Service Allows Automatic Transfer of Malicious PDF Documents CVE-2023-47252 Arbitrary Code Execution in Qualitor through 8.20 via gridValoresPopHidden Parameter OS Command Injection in DrayTek Vigor167 CLI Interface Arbitrary Relay Server Connection Vulnerability in ConnectWise ScreenConnect 23.8.4 Remote Code Execution Vulnerability in ConnectWise ScreenConnect 23.8.4 Cross-Site Scripting (XSS) Vulnerability in Redmine Markdown Formatter Cross-Site Scripting (XSS) Vulnerability in Redmine Textile Formatter Stored Cross-Site Scripting Vulnerability in Ultimate Dashboard Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Redmine before 4.2.11 and 5.0.x before 5.0.6 via Thumbnails Remote Code Execution in Dokmee ECM 7.4.6 via Privileged SQL Server Database Access Physical Access Vulnerability in Abbott ID NOW Device Configuration Denial of Service (DoS) Vulnerability in WithSecure Antivirus Engine Buffer Over-read Vulnerability in WithSecure Products Stored XSS Vulnerability in Apache Airflow Allows for Client-Side Script Execution Privilege Escalation Vulnerability in TheGreenBow VPN Client Unrestricted File Upload Vulnerability in PKP-WAL Cross-Site Scripting (XSS) Vulnerability in Roundcube 1.5.x and 1.6.x Unauthenticated User Information Disclosure and Credential Theft Vulnerability in Delta Electronics InfraSuite Device Master v.1.0.7 CVE-2023-4728 CubeCart Directory Traversal Vulnerability: Unauthorized File Access CVE-2023-4729 Vonage Box Telephone Adapter VDV23 - Local Authentication Bypass and Memory Manipulation Vulnerability Buffer Overflow Vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6: Denial of Service via ApCliAuthMode Parameter SQL Injection Vulnerability in Newsletter Popup PRO with Voucher/Coupon code Cross Site Scripting (XSS) Vulnerability in Nukium nkmgls before version 3.0.2 CVE-2023-4731 Clickjacking Vulnerability in Yamcs 5.8.6 Allows Arbitrary Telecommands via Command Stack Incorrect Access Control in Headwind MDM Web panel 5.22.1 allows Login Credential Leakage via Audit Entries Directory Traversal Vulnerability in Headwind MDM Web Panel 5.22.1 Cross-Site Scripting (XSS) and Arbitrary File Upload Vulnerability in Headwind MDM Web Panel 5.22.1 Hard-coded JWT Secret in Headwind MDM Web Panel 5.22.1 Allows for Incorrect Access Control Incorrect Access Control in Headwind MDM Web Panel 5.22.1 Allows Unauthorized API Access Linux Kernel Local Privilege Escalation Vulnerability Vulnerability: Unauthorized Access to Maintenance Mode in Silverpeas Core 6.3.1 Vulnerability: Incorrect Access Control in Silverpeas Core 6.3.1 via Portlet Deployer Cross Site Request Forgery (CSRF) Vulnerability in Silverpeas Core 6.3.1 Allows Privilege Escalation Unrestricted Access to Messages in Silverpeas Core 6.3.1 Cross Site Scripting (XSS) Vulnerability in Silverpeas Core 6.3.1 Message/Notification Feature Broken Access Control in Silverpeas Core 6.3.1 Allows Unauthorized Access to Deleted Spaces CSRF Vulnerability in Silverpeas Core 6.3.1: Domain SQL Create Function Broken Access Control Vulnerability in Silverpeas Core 6.3.1: Unauthorized Creation of Spaces Critical Use After Free Vulnerability in vim/vim Repository (prior to 9.0.1840) Insecure Permissions in Autel Robotics EVO Nano Drone v1.6.5: Breaching Geo-Fence and No-Fly Zones Integer Overflow or Wraparound in Vim prior to 9.0.1846 Buffer Overflow Vulnerability in free5gc 3.3.0: Denial of Service via Crafted PFCP Heartbeat Message Denial of Service Vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 via Crafted PFCP Messages Buffer Overflow Vulnerability in free5gc 3.3.0: Denial of Service via Crafted PFCP Messages Critical Out-of-bounds Write Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) CSRF Vulnerability in SwiftyEdit CMS v1.2.0: Privilege Escalation via User Password Update Predictable Default WPA2 Security Passwords in Technicolor TC8715D Devices Arbitrary File Download Vulnerability in IMOU GO v1.0.11 Arbitrary Device Reset and Power Off Vulnerability in Super Reboot (Root) Recovery v1.0.3 Unauthenticated Broadcast Vulnerability in com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) Application 1.0.8 for Android Heap-Based Buffer Overflow in Videolan VLC (CVE-2021-21551) Untrusted Search Path Vulnerability in vim/vim Repository Integer Underflow Vulnerability in Videolan VLC (Versions prior to 3.0.20) Leads to Incorrect Packet Length Channel Access Token Leakage in F.B.P Members Line 13.6.1: Exploiting Remote Notification Vulnerability Remote Attackers Exploit Channel Access Token Leakage in Nagaoka Taxi Line 13.6.1 for Malicious Notifications Channel Access Token Leakage in Lil.OFF-PRICE STORE Line 13.6.1: Exploiting Remote Notification Vulnerability Channel Access Token Leakage in craft_members Line 13.6.1: Remote Attackers Exploit to Send Malicious Notifications Platinum Clinic Line 13.6.1 Vulnerability: Remote Attackers Exploit Channel Access Token Leakage for Malicious Notifications Channel Access Token Leakage in taketorinoyu Line 13.6.1: Exploiting Remote Notification Vulnerability Channel Access Token Leakage in best_training_member Line 13.6.1: Exploiting Remote Notification Vulnerability SQL Injection Vulnerability in Hedef Tracking Admin Panel (before 1.2) Channel Access Token Leakage in Bluetrick Line 13.6.1: Exploiting Remote Notification Vulnerability Remote Code Execution Vulnerability in UPDATESALON C-LOUNGE Line 13.6.1 Channel Access Token Leakage Vulnerability in DRAGON FAMILY Line 13.6.1 Stored Cross Site Scripting (XSS) Vulnerability in Microweber CMS 2.0.1 via Profile Picture Upload Heap-based Buffer Overflow in Vim Prior to 9.0.1848 Cross Site Scripting (XSS) Vulnerability in Admidio v4.2.12 and Below Memory Leak Vulnerability in MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S85F Management Platform Bearer Token Leakage in Headscale 0.22.3 Access Control Vulnerability in Mercedes me iOS App v1.34.0 and Below Allows Unauthorized Cart Viewing Access Control Vulnerability in Mercedes me iOS App v1.34.0 and Below: Unauthorized Access to User Maintenance Orders and Sensitive Information Code Injection Vulnerability in WeBid <=1.2.2 via admin/categoriestrans.php Critical SQL Injection Vulnerability in IBOS OA 4.5.5: Remote Attack via Delete Draft Handler Critical SQL Injection Vulnerability in IBOS OA 4.5.5 Component Delete Logs Handler (VDB-238630) CVE-2023-47415 Arbitrary Code Execution via Cross Site Scripting (XSS) in DZSlides v2011.07.25 and earlier o2oa Version 8.1.2 and Earlier: Remote Code Execution (RCE) Vulnerability Critical SQL Injection Vulnerability in IBOS OA 4.5.5 (VDB-238631) Authentication Bypass Vulnerability in Tenda Routers Remote File/Directory Access Vulnerability in Dreamer CMS up to 4.1.3 (VDB-238632) CVE-2023-47430 CVE-2023-47435 Cross-Site Scripting (XSS) Vulnerability in Pachno 1.0.6 CVE-2023-47438 Critical Remote Stack-Based Buffer Overflow Vulnerability in Tenda AC8 16.03.34.06_cn_TDC01 (VDB-238633) Incomplete Patch in Gladys Assistant v4.27.0 and Prior Allows Authenticated Attackers to Perform Directory Traversal and Extract Sensitive Files Arbitrary Code Execution Vulnerability in OpenCart 4.0.0.0 to 4.0.2.3 SQL Injection Vulnerability in Pre-School Enrollment Version 1.0 XSS Vulnerability in Pre-School Enrollment Version 1.0: fullname Parameter on profile.php Page Critical SQL Injection Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822 Untrusted Search Path Vulnerability in Notepad++ 6.5 Allows Local Privilege Escalation Untrusted Search Path Vulnerability in Sohu Video Player 7.0.15.0 Untrusted Search Path Vulnerability in NetEase CloudMusic 2.10.4 for Windows Heap Overflow Vulnerability in Tenda AX1806 V1.0.0.1's setSchedWifi Function Stack Overflow Vulnerability in Tenda AX1806 V1.0.0.1 - sub_455D4 Function Privilege Escalation Vulnerability in SpringBlade v.3.7.0 and Earlier Sensitive Information Disclosure in Knovos Discovery v.22.67.0 Critical Format String Vulnerability in TOTOLINK N200RE V5 9.3.5u.6437_B20230519 (VDB-238635) Arbitrary Code Execution via SQL Injection in Knovos Discovery v.22.67.0 Remote Code Execution Vulnerability in GL.iNet AX1800 v.3.215 and Earlier Remote Code Execution Vulnerability in GL.iNet AX1800 Version 4.0.0 to 4.5.0 Arbitrary Code Execution Vulnerability in GL.iNet AX1800 Version 4.0.0 - 4.5.0 Denial of Service Vulnerability in GPAC v.2.2.1 and Earlier Versions Directory Traversal Vulnerability in JEECG-Boot v3.6.0: Unauthorized Access to Sensitive Information Critical SQL Injection Vulnerability in DedeCMS 5.7.110 Buffer Overflow Vulnerability in Ffmpeg's ref_pic_list_struct Function in libavcodec/evc_ps.c Buffer Overflow Vulnerability in strukturag libde265 v1.10.12: Denial of Service via slice_segment_header function in slice.cc Directory Traversal Vulnerability in iFair Versions 23.8_ad0 and Earlier on fuwushe.org Critical Path Traversal Vulnerability in Yongyou UFIDA-NC up to 20230807 (VDB-238637) Cross Site Scripting Vulnerability in Combodo iTop v.3.1.0-2-11973 CSV Injection in Export as CSV in Combodo iTop v.3.1.0-2-11973 Critical File Inclusion Vulnerability in SourceCodester Inventory Management System 1.0 (VDB-238638) Critical Use After Free Vulnerability in vim/vim Repository (prior to 9.0.1857) Arbitrary Code Execution Vulnerability in jflyfox jfinalCMS v.5.1.0 CVE-2023-47504 Cross-Site Scripting (XSS) Vulnerability in Elementor SQL Injection Vulnerability in Master Slider Pro Deserialization of Untrusted Data vulnerability in Master Slider Pro Unauthenticated Reflected XSS Vulnerability in Averta Master Slider Pro Plugin <= 3.6.5 Unauthenticated Reflected XSS Vulnerability in ioannup Edit WooCommerce Templates Plugin Heap-based Buffer Overflow in Vim Prior to 9.0.1331 Unauthenticated Reflected XSS Vulnerability in WPSolutions-HQ WPDBSpringClean Plugin <= 1.6 Stored Cross-Site Scripting (XSS) Vulnerability in SO WP Pinyin Slugs Plugin <= 2.3.0 Gravity Master Product Enquiry for WooCommerce Plugin <= 3.0 Unauthenticated Reflected XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in Star CloudPRNT for WooCommerce Plugin (<= 2.0.3) Stored XSS vulnerability in Stark Digital Category Post List Widget Unauthenticated Reflected XSS Vulnerability in SendPress Newsletters Plugin (<= 1.23.11.6) Unauthenticated Reflected XSS Vulnerability in Matthew Muro Restrict Categories Plugin (<= 2.6.4) CSRF Vulnerability in WC Product Table WooCommerce Product Table Lite Critical Use After Free Vulnerability in vim/vim Repository (prior to 9.0.1858) Unauthenticated Reflected XSS Vulnerability in Michael Uno (miunosoft) Responsive Column Widgets Plugin <= 1.2.7 Reflected XSS Vulnerability in Q2W3 Post Order Plugin Unauthenticated Reflected XSS Vulnerability in Photo Feed Plugin <= 2.2.1 Unauthenticated Reflected XSS Vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon Plugin (<= 2.1.9) Stored Cross-Site Scripting (XSS) Vulnerability in Event Monster – Event Management, Tickets Booking, Upcoming Event Plugin Stored Cross-Site Scripting Vulnerability in Chartify – WordPress Chart Plugin (Versions n/a - 2.0.6) Stored Cross-Site Scripting (XSS) Vulnerability in WP Edit Username Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Sajjad Hossain Sagor WP Edit Username Plugin <= 1.0.5 Unauthorized Access to Sensitive Data in ThemeIsle Cloud Templates & Patterns Collection System Call Function Usage Error in OpenHarmony v3.2.1 and Prior Versions: Local Kernel Crash Vulnerability SQL Injection Vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs CSRF Vulnerability in DroitThemes Droit Dark Mode Unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability in Themeum WP Crowdfunding Plugin Stored Cross-Site Scripting (XSS) Vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer Plugin <= 1.8.2 CVE-2023-47534 Timing-based bypass of firewall deny geolocation policy in FortiOS and FortiProxy Fortinet FortiOS FortiLink Man-in-the-Middle Vulnerability Out-of-bounds Write Vulnerability in gpac/gpac prior to 2.3-DEV CVE-2023-47540 CVE-2023-47541 CVE-2023-47542 Unauthenticated Stored XSS Vulnerability in Atarim Visual Website Collaboration Plugin Stored XSS Vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Plugin Title: Walter Pinem OneClick Chat to Order Plugin <= 1.0.4.2 - Authenticated Stored XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in WPFactory Products, Order & Customers Export for WooCommerce Plugin (<= 2.0.7) Open Redirect Vulnerability in SoftLab Integrate Google Drive WordPress Plugin Unauthenticated Reflected XSS Vulnerability in EazyDocs Plugin <= 2.3.3 Use After Free vulnerability in gpac/gpac prior to 2.3-DEV Stored XSS and CSRF Vulnerability in RedNao Donations Made Easy – Smart Donations CSRF Vulnerability in RedNao Donations Made Easy – Smart Donations CSRF Vulnerability in Image Hover Effects – WordPress Plugin (Versions n/a - 5.5) CSRF Vulnerability in UserHeat Plugin: Versions n/a through 1.1.6 Stored XSS Vulnerability in DenK BV Actueel Financieel Nieuws Plugin <= 5.1.0 CSRF Vulnerability in James Mehorter Device Theme Switcher SQL Injection Vulnerability in Mahlamusa Who Hit The Page – Hit Counter QuMagie XSS Vulnerability Allows Injection of Malicious Code via Network Stack-based Buffer Overflow in gpac/gpac prior to 2.3-DEV QuMagie OS Command Injection Vulnerability Authenticated Cross-Site Scripting (XSS) Vulnerability in Photo Station Title: OS Command Injection Vulnerability in Photo Station Allows Remote Command Execution Qsync Central Incorrect Permission Assignment Vulnerability Legacy QNAP VioStor NVR Models: OS Command Injection Vulnerability Title: OS Command Injection Vulnerability in QNAP Operating Systems Allows Remote Command Execution Title: OS Command Injection Vulnerability in QNAP Operating Systems Allows Remote Command Execution Title: SQL Injection Vulnerability in QNAP Operating Systems Allows Code Injection via Network LDAP Injection Vulnerability in Staff / Employee Business Directory Plugin Authorization Bypass Vulnerability in Relyum RELY-PCIe 22.2.1 Web Interface Weak SMB Configuration with Disabled Signing on Relyum RELY-PCIe and RELY-REC Devices Reflected XSS Vulnerability in Relyum RELY-PCIe and RELY-REC Web Interfaces Authenticated Command Injection Vulnerability in Relyum RELY-PCIe and RELY-REC Devices Unauthenticated Password Change Vulnerability in Relyum RELY-PCIe and RELY-REC CSRF Vulnerability in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 Devices Relyum RELY-PCIe 22.2.1 Devices Vulnerability: Unauthorized Access to Operating System Password Hash File Buffer Over-read Vulnerability in GitHub Repository gpac/gpac prior to 2.3-DEV Memory Buffer Bounds Vulnerability in TELLUS V4.0.17.0 and Earlier Out-of-bounds Read Vulnerability in TELLUS V4.0.17.0 and Earlier Uninitialized Pointer Vulnerability in TELLUS V4.0.17.0 and Earlier Out-of-Bounds Read Vulnerabilities in TELLUS Simulator V4.0.17.0 and Earlier Vulnerability: Out-of-Bounds Write in V-Server V4.0.18.0 and Earlier Vulnerability: Out-of-Bounds Read in V-Server V4.0.18.0 and Earlier Heap-based Buffer Overflow Vulnerabilities in V-Server V4.0.18.0 and Earlier Arbitrary File Overwrite via Symbolic Link in Eclipse JGit <= 6.6.0 Remote Code Execution Vulnerability in Eclipse RAP FileUpload Component SQL Injection Vulnerability in OSS Calendar v.2.0.3 and Earlier: Remote Code Execution and Database Manipulation Out of Bounds Memory Read Vulnerability in FedCM in Google Chrome Remote Code Execution Vulnerability in Telit Cinterion Modems via SMS Privilege Escalation Vulnerability in Telit Cinterion Modems File and Directory Access Vulnerability in Telit Cinterion Modems Telit Cinterion Multiple Modems Relative Path Traversal Vulnerability Hidden Virtual Path and File Name Disclosure Vulnerability in Telit Cinterion Modems Environmental Variable Exposure in Telit Cinterion Modules: A Potential Breach of Sensitive Information Physical Access Vulnerability: Unauthorized Data Exposure in Telit Cinterion Modems Post-Authentication Command Injection Vulnerability in Tp-Link ER7206 Omada Gigabit VPN Router Post-Authentication Command Execution Vulnerability in Tp-Link ER7206 Omada Gigabit VPN Router Arbitrary File Read and Delete Vulnerability in Audiobookshelf 2.4.3 and Prior Type Confusion Vulnerability in V8 Engine: Remote Code Execution in Google Chrome Reflected Cross-Site Scripting Vulnerability in Scrypted Plugin-HTTP File Uploads Allow PHP Execution in Guest Entries Library CVE-2023-47622 Reflected Cross-Site Scripting Vulnerability in Scrypted Login Page Path Traversal Vulnerability in Audiobookshelf 2.4.3 and Prior Versions Allows Unauthorized File Access Global Buffer Overflow Vulnerability in PX4 Autopilot CVE-2023-47626 Vulnerability in AIOHTTP HTTP Parser Allows Request Smuggling DataHub Frontend Session Cookie Expiration Bypass Vulnerability Privileged Account Creation Vulnerability in DataHub Use After Free Vulnerability in Google Chrome Networks Kyverno Image Digest Manipulation Vulnerability Unauthenticated Execution of Non-Whitelisted Algorithms in vantage6 High CPU Usage Vulnerability in Traefik Docker Container CVE-2023-47634 CSRF Authenticity Token Bypass in Decidim Questionnaire Templates Preview Full Path Disclosure (FPD) Vulnerability in Pimcore Admin Classic Bundle Arbitrary SQL Execution in Pimcore 11.1.0 and earlier Omnibox Spoofing Vulnerability in Google Chrome Vulnerability: Insecure Session Cookie Signing in DataHub Frontend Inconsistent Interpretation of HTTP Protocol in aiohttp Allows Socket Poisoning and Proxy Bypass Zulip API Vulnerability: Unauthorized Access to Stream Metadata Unauthenticated GraphQL Introspection in SuiteCRM Prior to 8.4.2 CSRF Vulnerability in ProfileGrid – User Profiles, Memberships, Groups and Communities CSRF Vulnerability in RegistrationMagic Registration Plugin Stored XSS Vulnerability in CedCommerce Recently Viewed and Most Viewed Products Plugin CSRF Vulnerability in PriceListo Best Restaurant Menu CSRF Vulnerability in Peter Sterling Add Local Avatar Plugin CSRF Vulnerability in WP Links Page Plugin Stored XSS vulnerability in Lucian Apostol Auto Affiliate Links Stored Cross-Site Scripting (XSS) Vulnerability in Abu Bakar TWB Woocommerce Reviews Plugin <= 1.7.5 Stored Cross-Site Scripting (XSS) Vulnerability in BZScore – Live Score Plugin (<= 1.03) CSRF Vulnerability in Marco Milesi ANAC XML Bandi di Gara Stored Cross-Site Scripting (XSS) Vulnerability in Marco Milesi ANAC XML Bandi di Gara Plugin <= 7.5 GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce Plugin Stored XSS Vulnerability Stored XSS Vulnerability in actpro Extra Product Options for WooCommerce Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Lavacode Lava Directory Manager Plugin SQL Injection Vulnerability in Movus Stored Cross-Site Scripting (XSS) Vulnerability in WP Wham Product Visibility by Country for WooCommerce Plugin Stored XSS Vulnerability in GoldBroker.Com Live Gold Price & Silver Price Charts Widgets Plugin <= 2.4 CSRF Vulnerability in Plainview Protect Passwords Unauthenticated Reflected XSS Vulnerability in Edward_Plainview Plainview Protect Passwords Plugin <= 1.4 CSRF Vulnerability in Code Snippets Pro Code Snippets CSRF Vulnerability in WP Full Stripe Free Plugin Unauthorized Access to Sensitive Information in StellarWP Membership Plugin – Restrict Content Plugin <= 3.2.7 CSRF Vulnerability in Cozmoslabs User Profile Builder Plugin CRLF Injection Vulnerability in ManageEngine Desktop Central 9.1.0 CSRF Vulnerability in Korea SNS: Jongmyoung Kim CSRF Vulnerability in Gopi Ramasamy Vertical Scroll Recent Plugin CSRF Vulnerability in Swashata WP Category Post List Widget Unauthenticated Reflected XSS Vulnerability in Stefano Ottolenghi Post Pay Counter Plugin Unauthenticated Remote Configuration Rewrite Vulnerability in First Corporation's DVRs Arbitrary OS Command Execution in CubeCart Prior to 6.5.3 Improper Access Control Vulnerability in RT-AC87U: Unauthorized File Read/Write via TFTP CRLF Injection Vulnerability in ManageEngine Desktop Central 9.1.0 Stored Cross-Site Scripting (XSS) Vulnerability in Qode Interactive Qi Addons For Elementor Plugin <= 1.6.3 Unauthenticated Reflected XSS Vulnerability in ThemePunch OHG Essential Grid Plugin CSRF Vulnerability in Lukman Nakib Preloader Matrix CSRF Vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter Plugin CSRF Vulnerability in VJInfotech Woo Custom and Sequential Order Number Plugin CSRF Vulnerability in Alexufo Youtube SpeedLoad Plugin SSRF Vulnerability in ManageEngine Desktop Central 9.1.0: Targeted Attacks via /smtpConfig.do Component Unauthenticated Reflected XSS Vulnerability in Anton Bond Additional Order Filters for WooCommerce Plugin (<= 1.10) CVE-2023-47691 Unauthenticated Reflected XSS Vulnerability in Scribit Shortcodes Finder Plugin <= 1.5.3 Gravity Master Product Enquiry for WooCommerce Plugin Unauthenticated Stored XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in WP Event Manager Plugin CVE-2023-47699 DLL Hijacking Vulnerability in 4D and 4D Server Windows Executables Spoofing Vulnerability in IBM Storage Products Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Directory Traversal Vulnerability in IBM Security Guardium Key Lifecycle Manager 4.3 Information Disclosure Vulnerability in IBM Security Guardium Key Lifecycle Manager 4.3 Vulnerability: Plain Text Hard-Coded Credentials in IBM Security Guardium Key Lifecycle Manager 4.3 Improper Input Validation in IBM Security Guardium Key Lifecycle Manager 4.3 Allows User Data Manipulation File Upload Vulnerability in IBM Security Guardium Key Lifecycle Manager 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium Key Lifecycle Manager 4.3 CKSource CKEditor Cross-Site Scripting Vulnerability in Versions 4.15.1 and Earlier CVE-2023-47714 CVE-2023-47715 CVE-2023-47716 Cross-Site Request Forgery Vulnerability in IBM Maximo Asset Management and Manage Component Stored Cross-Site Scripting Vulnerability in Newsletter Plugin for WordPress User Credentials Stored in Browser Cache Vulnerability CVE-2023-47727 Stored Cross-Site Scripting Vulnerability in WordPress Social Login Plugin CVE-2023-47731 Stored Cross-Site Scripting Vulnerability in WP-Matomo Integration Plugin Clear-text Password Exposure in IBM i Web Browser Clients CVE-2023-47742 CVE-2023-47745 Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Stored Cross-Site Scripting Vulnerability in Advanced iFrame Plugin for WordPress Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts Cross-site Scripting (XSS) Vulnerability in AazzTech WooCommerce Product Carousel Slider Plugin CSRF Vulnerability in AWeber Plugin Allows Unauthorized Access CSRF Vulnerability in Mondula GmbH Multi Step Form Plugin Cross-site Scripting (XSS) Vulnerability in Premio Chaty Plugin <= 3.1.2 SQL Injection Vulnerability in School Management System WordPress Plugin CSRF Vulnerability in CodeBard's Patron Button and Widgets for Patreon Plugin Cross-site Scripting (XSS) Vulnerability in Timo Reith Post Status Notifier Lite Plugin <= 1.11.0 Cross-site Scripting (XSS) Vulnerability in Fla-shop.Com Interactive World Map Plugin <= 3.2.0 Cross-site Scripting Vulnerability in Russell Jamieson Footer Putter Plugin <= 1.17 Vulnerability: Unauthorized Enumeration and Capture of Credentials in Qualys Container Scanning Connector Plugin Slider Revolution <= 6.6.14 Stored XSS Vulnerability Cross-site Scripting Vulnerability in YAS Global Team Permalinks Customizer Plugin CVE-2023-47774 CSRF Vulnerability in gVectors Team Comments — wpDiscuz Plugin (<= 7.6.11) Stored Cross-Site Scripting (XSS) Vulnerability in Automattic WooCommerce and WooCommerce Blocks Open Redirect Vulnerability in CRM Perks Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Out-of-bounds Read Vulnerability in gpac/gpac Repository CSRF Vulnerability in Thrive Themes Thrive Theme Builder < 3.24.2 Unrestricted File Upload Vulnerability in Slider Revolution LayerSlider Plugin CSRF Vulnerability: Exploiting Cross-Site Request Forgery (CSRF) Cross-site Scripting (XSS) Vulnerability in LayerSlider Plugin <= 7.7.9 CSRF Vulnerability in WooCommerce Bookings Plugin CSRF Vulnerability in WooCommerce Canada Post Shipping Method Stored Cross-Site Scripting Vulnerability in User Submitted Posts Plugin for WordPress CSRF to XSS Vulnerability in Poporon Pz-LinkCard Plugin <= 2.4.8 CSRF Vulnerability in Leadster Plugin <= 1.1.2 CSRF Vulnerability in Infinite Uploads Big File Uploads Plugin Arbitrary Code Injection via Document Title Field in Liferay Portal Arbitrary Web Script Injection Vulnerability in Liferay Portal 7.4.3.94 through 7.4.3.95 Account Lockout Bypass in Liferay Portal and Liferay DXP Default Password Vulnerability in Natus NeuroWorks and SleepWorks (Before 8.4 GMA3) Allows Remote Code Execution and Data Exfiltration API Key Vulnerability in Click Studios Passwordstate Unauthenticated Arbitrary Script Execution in Apache OpenOffice CSRF Vulnerability in Saint Systems Disable User Login Plugin Cross-site Scripting Vulnerability in Christina Uechi Add Widgets to Page Plugin Cross-site Scripting Vulnerability in Themepoints Accordion Plugin <= 2.6 Heap-based Buffer Overflow in Vim prior to 9.0.1873 Cross-site Scripting (XSS) Vulnerability in Asdqwe Dev Ajax Domain Checker Plugin Cross-site Scripting (XSS) vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <= 1.0.5 versions Cross-site Scripting Vulnerability in Bamboo Mcr Bamboo Columns Plugin Cross-site Scripting Vulnerability in grandslambert Better RSS Widget Plugin Cross-site Scripting (XSS) Vulnerability in Waterloo Plugins BMI Calculator Plugin <= 1.0.3 Cross-site Scripting (XSS) Vulnerability in Venutius BP Profile Shortcodes Extra Plugin <= 2.5.2 Cross-site Scripting (XSS) Vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable Plugin Cross-site Scripting (XSS) Vulnerability in mmrs151 Daily Prayer Time Plugin CSRF Vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare Plugin <= 1.1.0 Arbitrary File Write Vulnerability in Terraform 1.0.8 - 1.5.6 during `init` Operation Cross-site Scripting Vulnerability in Jannis Thuemmig Email Encoder Plugin <= 2.1.8 CSRF Vulnerability in wpWax Legal Pages Plugin CSRF Vulnerability in TienCOP WP Extra Plugin <= 6.4 Improper Authorization in NicheAddons Events Addon for Elementor Allows Unauthorized Access Cross-site Scripting (XSS) Vulnerability in Codez Quick Call Button Plugin <= 1.2.9 Stored Cross-Site Scripting Vulnerability in Magee Shortcodes WordPress Plugin Cross-site Scripting Vulnerability in assorted[chips] DrawIt Plugin Cross-site Scripting (XSS) Vulnerability in Jeroen Schmit Theater for WordPress Plugin <= 0.18.3 Cross-site Scripting (XSS) Vulnerability in ExpressTech Quiz And Survey Master Plugin <= 8.1.13 Cross-site Scripting (XSS) vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions Cross-site Scripting (XSS) Vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress Plugin <= 3.3.26 Code Injection Vulnerability in Qode Essential Addons CVE-2023-47842 CVE-2023-47843 Reflected XSS vulnerability in Lim Kai Yang Grab & Save allows for Cross-site Scripting CVE-2023-47846 Cross-site Scripting (XSS) Vulnerability in Tainacan.Org Denial of Service Vulnerability in gRPC TCP Server on Posix-Compatible Platforms Stored Cross-site Scripting (XSS) Vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles Stored Cross-site Scripting (XSS) Vulnerability in Bootstrap Shortcodes Ultimate SQL Injection Vulnerability in Link Whisper Free Stored Cross-site Scripting (XSS) Vulnerability in myCred Plugin Stored Cross-Site Scripting Vulnerability in Howard Ehrenberg Parallax Image Plugin Local Privilege Escalation Vulnerability in OpenHarmony v3.2.2 and Prior Versions: Exploiting a Released Pointer to Cause Multimedia Camera Crash Improper Verification of Permissions in Mattermost Allows Unauthorized Access to Archived Public Channels Cross-Site Scripting (XSS) Vulnerability in WWBN AVideo 11.6 and dev master commit 15fed957fb Local File Inclusion Vulnerability in WWBN AVideo Dev Master Commit 15fed957fb: Arbitrary Code Execution Vulnerability: Bypassing Hardened Mode in Mattermost by Overriding Username and Icon Wi-Fi Host Vulnerability: Compromising MachineSense FeverWarn Devices CSRF and Missing Authorization Vulnerability in wpForo Forum: Forced Logout of All Users Stored Cross-site Scripting (XSS) Vulnerability in gVectors Team wpForo Forum (Versions n/a - 2.2.3) CVE-2023-47873 CVE-2023-47874 Perfmatters CSRF Vulnerability: Cross-Site Request Forgery in Perfmatters Plugin Reflected XSS vulnerability in Perfmatters plugin (versions n/a through 2.1.6) Stored Cross-site Scripting (XSS) Vulnerability in Perfmatters Plugin Remote Code Execution Vulnerability in Kami Vision YI IoT com.yunyi.smartcamera Android App Vulnerability: JavaScript Code Execution via Explicit Intent in com.altamirano.fabricio.tvbrowser TV Browser Application Critical Vulnerability: Unauthorized Broadcast Actions in BINHDRM26 com.bdrm.superreboot 1.0.3 Unrestricted File Upload Vulnerability in pyLoad 0.5.0 Unauthorized Page and Post Duplication Vulnerability in Duplicate Post Page Menu & Custom Post Type Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Testimonial Slider Shortcode WordPress Plugin Information Disclosure Vulnerability in Booster for WooCommerce WordPress Plugin Arbitrary Command Execution in Newsletters WordPress Plugin Stored XSS Vulnerability in User Avatar WordPress Plugin Stored Cross-Site Scripting Vulnerability in Magic Embeds WordPress Plugin Arbitrary SQL Command Execution in CuppaCMS V1.0 via table Parameter Integer Overflow Vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 Buffer Out-of-Bound Read Vulnerability in FreeImage 3.18.0 Integer Overflow Vulnerability in Freeimage 3.18.0's LoadPixelDataRLE4 Function Denial of Service Vulnerability in FreeImage 3.18.0 Integer Overflow Vulnerability in FreeImage 3.18.0: Exif.cpp::jpeg_read_exif_dir Denial of Service Vulnerability in FreeImage 3.18.0 Unrestricted Access to Failed Login IPs Widget in DoLogin Security WordPress Plugin Open Redirect Vulnerability in Asp.Net Zero Allows Remote Attackers to Redirect Users via HTML Injection Improper Certification Validation Vulnerability in Insider Threat Management (ITM) Agent for MacOS Heap-use-after-free vulnerability in GPAC v2.3-DEV-rev566-g50c2ab06f-master via flush_ref_samples function Double Free Vulnerability in GPAC v2.3-DEV-rev566-g50c2ab06f-master Stack Overflow Vulnerability in GPAC v2.3-DEV-rev566-g50c2ab06f-master via hevc_parse_vps_extension Function SQL Injection Vulnerability in Restaurant Table Booking System V1.0 Cross Site Request Forgery (CSRF) vulnerability in Dreamer_cms 4.1.3 via Add permissions in Permission Management Reflected Cross-Site Scripting Vulnerability in ITM Server's UpdateInstalledSoftware Endpoint Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Remote Code Execution Vulnerability in Anyscale Ray 2.6.3 and 2.8.0 via Job Submission API SSRF Vulnerability in Anyscale Ray 2.6.3 and 2.8.0: /log_proxy Endpoint Use-After-Free Vulnerability in Liblisp's hash_destroy() Function Out-of-Bounds Read Vulnerability in Liblisp (Commit 4c65969) User Enumeration Vulnerability in Kodbox 1.46.01 Login Page CSV Injection Vulnerability in Corebos 8.0 and Below Reflected Cross-Site Scripting Vulnerability in ITM Server's WriteWindowTitle Endpoint Unrestricted File Upload Vulnerability in OpenSupports v4.11.0 Vulnerability in Acer Wireless Keyboard SK-9662: Weak Encryption Allows Keystroke Decryption and Injection Memory Leak Vulnerability in GPAC 2.3-DEV-rev617-g671976fcc-master Debug Feature Exposure in Quantum HD Unity Products: Unauthorized User Access Vulnerability Arbitrary JavaScript Injection in Prestashop Amazzing Filter Search Filters SQL Injection Vulnerability in Cybrosys Techno Solutions Website Blog Search Stored Cross-Site Scripting Vulnerability in Tutor LMS WordPress Plugin Arbitrary Code Execution and Privilege Escalation via SQL Injection in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance Weak Encryption Padding Vulnerability in upydev v0.4.3 Missing SSL Certificate Validation in HTTPie v3.2.2: Eavesdropping Vulnerability via Man-in-the-Middle Attack Static IV in Archery v1.10.0 AES CBC Encryption: Information Disclosure Vulnerability SSL Certificate Validation Bypass in LocalStack v2.3.2: Enabling Man-in-the-Middle Attacks Hardcoded Encryption Key Vulnerability in SuperAGI v0.0.13 Static IV in PyPinkSign v0.5.1 AES CBC Mode Encryption Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS v4.1.3 via /admin/task/run component Vulnerability: glibc getaddrinfo Memory Access Issue Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS v4.1.3 via /admin/task/add component CSRF Vulnerability in dreamer_cms 4.1.3 Allows Unauthorized Theme Deletion Cross-site Scripting (XSS) Vulnerability in DedeCMS v6.2 via spec_add.php Vulnerability: POLY1305 MAC Implementation Corruption on Windows 64 Platform Arbitrary SQL Command Execution in Simple CRUD Functionality v1.0 via 'title' Parameter Stored Cross-Site Scripting Vulnerability in WP Post Popup WordPress Plugin SQL Injection Vulnerability in Nagios XI Bulk Modification Tool Remote Code Execution (RCE) Vulnerability in Nagios XI before Version 5.11.3 via command_test.php Insecure Permissions Vulnerability in xxl-job-admin 2.4.0 Cross Site Scripting (XSS) Vulnerability in xxl-job-admin 2.4.0 Remote Code Execution (RCE) Vulnerability in xxl-job-admin 2.4.0 via /xxl-job-admin/jobcode/save Vulnerability: Bypassing pf Firewall Rules with Multiple IPv6 Fragment Headers Memory Leak Vulnerability in GPAC 2.3-DEV-rev617-g671976fcc-master's extract_attributes function in media_tools/m3u8.c:329 Cross-Site Scripting (XSS) Vulnerability in CesiumJS v1.111 via /container_files/public_html/doc/index.html Stored Cross-Site Scripting Vulnerability in Responsive Pricing Table WordPress Plugin HTML Injection Vulnerability in Alinto SOGo before 5.9.1 Heap Overflow Vulnerability in Bytecode Alliance wasm-micro-runtime v.1.2.3 Buffer Overflow Vulnerability in zlib-ng minizip-ng v.4.0.2: Arbitrary Code Execution via Crafted File in mz_path_resolve Function Buffer Overflow Vulnerability in zlib-ng minizip-ng v.4.0.2: Arbitrary Code Execution via Crafted File in mz_path_has_slash Function Heap Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via saveParentControlInfo Function Stored Cross-Site Scripting Vulnerability in WordPress File Upload Plugin Heap Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1: Exploiting the Time Parameter in saveParentControlInfo Function for DoS Attacks Stored XSS Vulnerability in SmarterTools SmarterMail 8495 through 8664 before 8747 Stored DOM XSS vulnerability in SmarterTools SmarterMail 8495 through 8664 before 8747 Stored XSS Vulnerability in SmarterTools SmarterMail Calendar Appointment Description SQL Injection Vulnerability in Quest Analytics LLC IQCRM v.2023.9.5: Remote Code Execution via Common.svc WSDL Page Bypassing CODEOWNERS Approval in GitLab EE Authentication Bypass Vulnerability in Ezviz Direct Connection Module Sensitive Information Disclosure in Microweber v.2.0.1 Remote Code Execution Vulnerability in Netgate pfSense Arbitrary Code Execution via Cross Site Scripting in SUP Online Shopping v.1.0 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Luxe Beauty Clinic Mini-App on Line v13.6.1 Leakage of Channel Access Token in myGAKUYA mini-app on Line v13.6.1 allows for crafted malicious notifications. Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in UNITED BOXING GYM Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in kimono-oldnew mini-app on Line v13.6.1 glibc Vulnerability: Memory Use After Free in gaih_inet Function Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in GINZA CAFE Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in CHIGASAKI BAKERY Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in kosei entertainment esportsstudioLegends Mini-App on Line v13.6.1 Vulnerability: Crafted Malicious Notifications via Channel Access Token Leakage in Angel Coffee Mini-App on Line v13.6.1 Exposure of Sensitive Information in nagayama_copabowl Line 13.6.1 Channel Access Token Leakage Vulnerability in mimasaka_farm mini-app on Line v13.6.1 Privilege Escalation Vulnerability in Trellix Windows DLP Endpoint for Windows Allows Unauthorized File/Folder Deletion Unauthenticated Access to Critical Function in GitHub Repository answerdev/answer prior to v1.1.3 Authentication Bypass Vulnerability in Equipment Tag Out Confirmation Dialog GifLib Project GifLib v.5.2.1 Buffer Overflow Vulnerability in DumpSCreen2RGB Function Directory Traversal Vulnerability in Atos Unify OpenScape Voice V10 before V10R3.26.1 Authenticated File Upload Bypass Vulnerability: Compromising Device Security Cross Site Scripting (XSS) Vulnerability in Shuttle Booking Software 2.0 Insecure Permissions Vulnerability in WebsiteGuide v.0.2 Allows Remote Privilege Escalation via Crafted JWT Vulnerability in PAX A920 Device Allows Downgrade of Bootloader via USB Access CVE-2023-48183 CVE-2023-48184 TerraMaster Directory Traversal Vulnerability Arbitrary Code Execution via SQL Injection in PrestaShop opartdevis v.4.5.18 - v.4.6.12 Improper Content-Type Header Handling in Shared Files WordPress Plugin Arbitrary Code Execution Vulnerability in TOTOlink A3700R v.9.1.2u.6134_B20201202 Arbitrary Code Execution Vulnerability in JumpServer GPLv3 v.3.8.0 Cross-Site Scripting (XSS) Vulnerability in Grocy's 'manageApiKeys' Component Allows Cookie Theft Grocy <= 4.0.3 XSS Vulnerability in 'product description' Component HTML Injection Vulnerability in 'manageApiKeys' Component in Grocy <= 4.0.3 Arbitrary Web Script Injection in PowerPress Podcasting Plugin Arbitrary Code Execution and Information Disclosure Vulnerability in Grocy v.4.0.3 via Equipment Description Component Arbitrary Code Execution and Privilege Escalation via Cross Site Scripting (XSS) in Sunlight CMS v.8.0.1 Privilege Escalation via Crafted SVG File in Sunlight CMS 8.0.1 Sensitive Information Disclosure in PublicCMS v.4.0.202302.e via api/method/getHtml Component Host Header Spoofing Vulnerability in Jorani Leave Management System 1.0.2 Cross Site Scripting (XSS) Vulnerability in GaatiTrack Courier Management System 1.0 CSV Injection Vulnerability in Availability Booking Calendar 5.0 Cross Site Scripting Vulnerability in Availability Booking Calendar 5.0 Unfiltered File Extensions in Drag and Drop Multiple File Upload Plugin for WooCommerce WordPress Arbitrary Code Execution Vulnerability in Statamic CMS Bypassing Field Level Security in Strapi Protected Populate Plugin (CVE-2021-XXXX) TinyMCE Mutation Cross-Site Scripting (mXSS) Vulnerability in Undo/Redo Functionality and APIs Privilege Escalation and Permission Manipulation Vulnerability in Grafana Unrestricted Invitation Acceptance in Decidim Remote Format String Vulnerability in wire-avs Unauthenticated Access to Job Management in Rundeck Algorithm Confusion Vulnerability in fast-jwt Library Weakness in One-Time Code Generation in Fides Privacy Center LAF Cloud Development Platform Privatization Environment Sensitive Information Leakage Vulnerability HTML Injection Vulnerability in OpenReplay 1.14.0 Allows Phishing Attacks Unauthenticated Backoffice User Publishing Vulnerability in Umbraco CMS Insecure Handling of PKCE in authentik Identity Provider Out-of-bounds Write Vulnerability in Contiki-NG IEEE 802.15.4 Radio Driver Stored Cross-Site Scripting in WP Meta and Date Remover WordPress Plugin Buffer underrun vulnerability in Cap'n Proto 1.0 and 1.0.1 with KJ HTTP WebSocket compression enabled Vulnerability in Vim: Accessing Freed Window Structure Vim Floating Point Exception Vulnerability Vulnerability in Vim: Potential Crash due to Large Count in :s Command Vim Command Line Text Editor Integer Overflow Vulnerability Vim Relative Ex Address Overflow Vulnerability Integer Overflow Vulnerability in Vim's z= Command Integer Overflow Vulnerability in Vim JWT Algorithm Confusion Vulnerability in joaquimserafim/json-web-token Nextcloud Server External Storage Update Vulnerability CSRF Vulnerability in WooHoo Newspaper Magazine Theme Allows Unauthorized Settings Modification XWiki Platform Image Embedding Vulnerability Information Disclosure Vulnerability in XWiki Platform Arbitrary File Download Vulnerability Arbitrary File Upload Vulnerability Leading to Remote Code Execution with Root Privileges Remote Code Execution Vulnerability via Crafted URL or HTTP Request Arbitrary File Upload Vulnerability Arbitrary File Download Vulnerability Arbitrary File Read Vulnerability Arbitrary Code Execution via Malicious File Upload Vulnerability Arbitrary Folder Listing and Session Cookie Theft Vulnerability Hidden Hard-Coded Account Vulnerability Hidden Hard-Coded Account Vulnerability Allows Remote Root Privilege Authentication in SSH Service Authenticated Remote Attackers Exploit Authorization Bypass Vulnerability via Crafted HTTP Requests Authentication Database Manipulation Vulnerability Remote Code Execution Vulnerability via Crafted URL or HTTP Request Arbitrary Code Execution Vulnerability via Remote Network Requests HTTP Response Header Injection Vulnerability Remote Code Execution and Data Exposure Vulnerability in Exported Packages Arbitrary File Deletion Vulnerability via Crafted URL or HTTP Request Remote Unauthenticated Attackers Can Read Arbitrary Content from Results Database Prototype Pollution Vulnerability in SocialDriver WordPress Theme (Version 2024) Allows for Cross-Site Scripting (XSS) Attack Remote Unauthenticated Attackers Can Read Arbitrary Content from Results Database Remote Unauthenticated Attackers Can Read Arbitrary Content in Results Database Unauthenticated Remote Code Execution and Denial-of-Service Vulnerability Unauthenticated Remote Attackers Exploit Vulnerability for DoS and RCE Unauthenticated Remote Attackers Exploit Vulnerability for DoS and Possible RCE Unauthenticated Remote Code Execution and Denial-of-Service Vulnerability Unauthenticated Remote Attackers Exploit Vulnerability for DoS and RCE Zip Bomb Vulnerability in Mattermost Boards Import CSRF Vulnerability in File Manager Pro WordPress Plugin Allows Unauthorized File System Actions Stored Cross-Site Scripting (XSS) Vulnerability in Maspik – Spam Blacklist Plugin CVE-2023-48275 Stored XSS vulnerability in WP Forms Puzzle Captcha CSRF Vulnerability in Seraphinite Post .DOCX Source Insider Threat Management (ITM) Server Configuration Tampering Vulnerability CSRF Vulnerability in Broken Link Checker for YouTube Plugin CSRF Vulnerability in Andrea Landonio Taxonomy Filter CSRF Vulnerability in PressTigers Simple Testimonials Showcase CSRF Vulnerability in WebToffee Decorator – WooCommerce Email Customizer Sensitive Information Exposure Vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP Stored Cross-site Scripting (XSS) Vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel Stored Cross-site Scripting (XSS) Vulnerability in froxlor/froxlor prior to 2.0.22 Apache Airflow 2.7.2 - Unauthorized Write Access to DAG Resources Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in XWiki Admin Tools Application Cross-Site Request Forgery Vulnerability in XWiki Admin Tools Application Allows Arbitrary Database Queries Information Disclosure Vulnerability in LibreNMS Cross Site Scripting (XSS) Vulnerability in LibreNMS Device Group Popups CVE-2023-48296 Message Serializer Vulnerability in Discourse Allows for Long Array of Users Integer Underflow and Stack Buffer Overflow in FPC Codec Decompression: ClickHouse Vulnerability ZipSlip Vulnerability in TorchServe SQL Injection Vulnerability in Tura Signalix (Signalix: 7T_0228) Stored Cross-Site Scripting Vulnerability in Embed Privacy Plugin for WordPress (Versions up to 1.8.0) Nextcloud Server Circle Name Clicking Vulnerability HTML Code Injection Vulnerability in Nextcloud Server User Configured External Storage Authentication Details Change Vulnerability in Nextcloud Server Nextcloud Server and Nextcloud Enterprise Server Birthday Calendar Manipulation Vulnerability Plaintext Password Logging Vulnerability in Nextcloud Server DNS Rebinding Vulnerability in Nextcloud Server and Nextcloud Enterprise Server SSRF Vulnerability in Nextcloud Mail App Nextcloud Calendar App Stacktrace and Internal Path Disclosure Vulnerability Vulnerability: Unauthorized Access to Logged In User State in NextAuth.js SQL Injection Vulnerability in Ncode Ncep (CVE-2023-0914) Unfiltered User Input and Log File Creation Vulnerability in TestingPlatform Unrestricted Docker Image Launch Vulnerability in DockerSpawner Privilege Escalation Vulnerability in capsule-proxy Umbraco Cross-Site Scripting (XSS) Vulnerability Vulnerability in Collabora Online - Built-in CODE Server (richdocumentscode) via proxy.php Remote Code Execution Vulnerabilities in Azure RTOS NETX Duo Remote Code Execution Vulnerabilities in Azure RTOS NETX Duo Stored Cross-Site Scripting (XSS) Vulnerability in Vikas Vatsa Display Custom Post Plugin SQL Injection Vulnerability in Aceka Company Management Stored Cross-site Scripting (XSS) Vulnerability in WebDorado SpiderVPlayer Stored Cross-site Scripting (XSS) Vulnerability in AMP for WP – Accelerated Mobile Pages Plugin Cross-site Scripting (XSS) Vulnerability in eDoc Employee Job Application – Best WordPress Job Manager for Employees CSRF Vulnerability in Awesome Support – WordPress HelpDesk & Support Plugin Open Redirect Vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages Reflected XSS Vulnerability in Pixelite Events Manager SQL Injection Vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors CSRF Vulnerability in NextGEN Gallery WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in CodeBard Fast Custom Social Share Plugin SQL Injection Vulnerability in Besttem Network Marketing Software CSRF Vulnerability in Bulk Comment Remove Plugin CSRF Vulnerability in MyBookTable Bookstore by Stormhill Media Sensitive Information Exposure vulnerability in Pluggabl LLC Booster for WooCommerce CSRF Vulnerability in DAEXT League Table Stored Cross-site Scripting (XSS) Vulnerability in cybernetikz Easy Social Icons Local Information Disclosure Vulnerability in JPG Driver Improper Access Validation in Red Lion Europe mbCONNECT24 and mymbCONNECT24, Helmholz myREX24 and myREX24.virtual (up to and including version 2.14.2) Video Decoder Out of Bounds Write Vulnerability: Local Denial of Service Video Decoder Out of Bounds Read Vulnerability: Local Denial of Service Media Service Vulnerability: Out of Bounds Write Leading to Local Denial of Service Out of Bounds Write Vulnerability in Video Decoder: Local Denial of Service Video Decoder Out of Bounds Read Vulnerability: Local Denial of Service Video Decoder Out of Bounds Read Vulnerability: Local Denial of Service Improper Input Validation in Video Decoder: Local Denial of Service Vulnerability Video Decoder Out of Bounds Read Vulnerability: Local Denial of Service Out of Bounds Write Vulnerability in Video Decoder: Local Denial of Service Out of Bounds Write Vulnerability in Video Decoder: Local Denial of Service SQL Injection Vulnerability in CF Software Oil Management Software Out of Bounds Write Vulnerability in Video Decoder: Local Denial of Service Out of Bounds Write Vulnerability in Video Decoder: Local Denial of Service Out of Bounds Write Vulnerability in phasecheckserver Possible Use After Free Vulnerability in VSP Driver: Local Denial of Service with System Execution Privileges Required Telephone Service Vulnerability: Improper Input Validation Leading to Local Information Disclosure Out of Bounds Write Vulnerability in JPG Driver: Local Denial of Service with System Execution Privileges Out of Bounds Write Vulnerability in JPG Driver: Local Denial of Service with System Execution Privileges Potential Out of Bounds Write Vulnerability in VSP Driver: Local Denial of Service with System Execution Privileges Required Out of Bounds Write Vulnerability in DRM Driver: Local Denial of Service Exploit Autotest Driver Vulnerability: Local Denial of Service with System Execution Privileges Unauthenticated Access to Files and Folders in WordPress File Sharing Plugin Local Privilege Escalation Vulnerability in OpenHarmony v3.2.2 and Prior Versions: Exploiting a Released Pointer in Multimedia Player Unorganized RPC Message Denial of Service Vulnerability in Siemens SIMATIC Products Denial of Service Vulnerability in Siemens SIMATIC Software Unauthenticated Remote Code Execution in Qlik Sense Enterprise for Windows Server Log Overflow Vulnerability in Mattermost Unpatched Cross-Site Request Forgery Vulnerability in SmodBIP Allows Unauthorized Account Creation Unrestricted File Upload Vulnerability in ITPison OMICARD EDM Insufficient Validation in ITPison OMICARD EDM's SMS Function Allows SQL Injection Path Traversal Vulnerability in ITPison OMICARD EDM Allows Unauthorized File Download Hard-coded Account Vulnerability in SmartStar Software CWS Privilege Escalation Vulnerability in SmartStar Software CWS Arbitrary File Upload Vulnerability in SmartStar Software CWS Path Traversal Vulnerability in Softnext Mail SQR Expert Allows Unauthorized File Download Blind SSRF Vulnerability in Softnext Mail SQR Expert Stored Cross-Site Scripting Vulnerability in Simple Download Counter WordPress Plugin Command Injection Vulnerability in Softnext Mail SQR Expert Softnext Mail SQR Expert LFI Vulnerability: Arbitrary PHP File Execution Softnext Mail SQR Expert LFI Vulnerability: Arbitrary PHP File Execution Path Traversal Vulnerability in airPASS Allows Unauthorized File Download SQL Injection Vulnerability in ArmorX Spam Remote Code Execution Vulnerability in TAIWAN-CA(TWCA) JCICSecurityTool Hard-coded Credentials Vulnerability in Multisuns EasyLog Web+ Path Traversal Vulnerability in Multisuns EasyLog Web+: Bypass Authentication and Arbitrary File Download CVE-2023-4839 Code Injection Vulnerability in Multisuns EasyLog Web+ Hard-coded Encryption Key Vulnerability in Kaifa Technology WebITR Information Disclosure Vulnerability in Kaifa Technology WebITR Arbitrary File Upload Vulnerability in Kaifa Technology WebITR Arbitrary SQL Injection in Kaifa Technology WebITR Attendance System Out of Bounds Read Vulnerability in Init of protocolcalladapter.cpp Out of Bounds Read Vulnerability in ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() Out of Bounds Read Vulnerability in ProtocolMiscATCommandAdapter::Init() Stored Cross-Site Scripting Vulnerability in MapPress Maps for WordPress Plugin Out of Bounds Read Vulnerability in GetSizeOfEenlRecords of protocoladapter.cpp Missing Permission Check in ppcfw_enable Function Allows for Local Escalation of Privilege Heap Buffer Overflow in sms_DecodeCodedTpMsg of sms_PduCodec.c Out of Bounds Read Vulnerability in ProtocolMiscCarrierConfigSimInfoIndAdapter Secure World Logic Error Allows Unauthorized Write Access to NS Memory Logic Error in Modem Firmware Allows Permanent DoS and Unverified Boot Unpatched Vulnerability: Persistent DCK After Factory Reset Allows Privilege Escalation Out of Bounds Read Vulnerability in ProtocolNetSimFileInfoAdapter() Integer Overflow in gpu_pixel_handle_buffer_liveness_update_ioctl Stored Cross-Site Scripting Vulnerability in Feeds for YouTube for WordPress Plugin Out-of-Bounds Read Vulnerability in cd_ParseMsg of cd_codec.c Out of Bounds Read Vulnerability in SignalStrengthAdapter::FillGsmSignalStrength() Possible Information Leak in private_handle_t of mali_gralloc_buffer.h Out of Bounds Read Vulnerability in Init of protocolnetadapter.cpp Possible Use After Free Vulnerability in Pixel Camera Driver Out of Bounds Read Vulnerability in protocolembmsadapter.cpp Init Function Null Dereference Vulnerability: Remote Denial of Service without User Interaction Unauthenticated Access and Manipulation Vulnerability in KeyChainActivity Application Insecure Default Value in checkDebuggingDisallowed Allows Local Privilege Escalation Google Home Wi-Fi Vulnerability: Elevation of Privilege and Remote Spying Stored Cross-Site Scripting Vulnerability in Social Warfare WordPress Plugin (Versions up to 4.4.3) Race Condition Use-After-Free Vulnerability Allows Local Privilege Escalation Out-of-Bounds Write Vulnerability in gpu_pixel_handle_buffer_liveness_update_ioctl Out of Bounds Read Vulnerability in Init of protocolnetadapter.cpp Out of Bounds Write Vulnerability in dhcp4_SetPDNAddress of dhcp4_Main.c Exploiting U-Boot Shell Vulnerability: Privilege Escalation in Production Devices Persistent Code Execution Exploit in U-Boot Bootloader CVE-2023-48426 Certificate Validation Vulnerability in SINEC INS (All versions < V1.0 SP2 Update 2) Vulnerability in SINEC INS Allows for Denial-of-Service and System-Level Command Execution SINEC INS Web UI Parameter Length Vulnerability HTML Injection Vulnerability in Pega Platform Versions 7.1 to 8.8.3 Unauthenticated Remote Crash Vulnerability in SINEC INS REST API SINEC INS Vulnerability: Improper Response Validation in UMC Server Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0 Unauthenticated SQL Injection Vulnerability in Online Voting System Project v1.0 Unauthenticated SQL Injection Vulnerability in Online Voting System Project v1.0 Critical SQL Injection Vulnerability in SourceCodester Simple Membership System 1.0 (CVE-2021-239253) Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Improper Access Control Vulnerability in Adobe Experience Manager Versions 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Critical SQL Injection Vulnerability in SourceCodester Simple Membership System 1.0 (VDB-239254) Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Critical SQL Injection Vulnerability in SourceCodester Simple Membership System 1.0 (CVE-2021-239255) Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Book Catalog App 1.0 Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Critical SQL Injection Vulnerability in SourceCodester Simple Book Catalog App 1.0 (VDB-239257) Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Critical SQL Injection Vulnerability in IBOS OA 4.5.5: Remote Attack via ?r=file/dashboard/trash&op=del Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Critical SQL Injection Vulnerability in IBOS OA 4.5.5 (VDB-239259) Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Critical SQL Injection Vulnerability in IBOS OA 4.5.5 (VDB-239260) Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Critical SQL Injection Vulnerability in IBOS OA 4.5.5 (VDB-239261) Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Quarkus HTTP Security Policy Bypass Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier CVE-2023-4855 Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier CVE-2023-4856 Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier CVE-2023-4857 Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting Vulnerability in Simple Table Manager WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Improper Input Validation Vulnerability in Adobe Experience Manager Versions 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Arbitrary File Upload Vulnerability in File Manager Pro WordPress Plugin Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-site Scripting (DOM-based XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Cross-Site Scripting (XSS) Vulnerability in File Manager Pro WordPress Plugin before 1.8.1 Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Out-of-Bounds Write Vulnerability in Adobe Substance 3D Sampler Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Substance 3D Sampler Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Substance 3D Sampler Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Substance 3D Sampler Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Substance 3D Sampler Allows Arbitrary Code Execution Critical Heap Buffer Overflow in libwebp in Google Chrome and libwebp 1.3.2 Out-of-Bounds Write Vulnerability in Adobe Substance 3D Sampler Allows Arbitrary Code Execution Improper Input Validation Vulnerability in @adobe/css-tools: Denial of Service via CSS Parsing Out-of-Bounds Write Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe After Effects Adobe After Effects Out-of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in Adobe Substance 3D Designer Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Designer Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Designer Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Adobe Substance 3D Designer Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in SourceCodester Take-Note App 1.0 (VDB-239349) Insecure Direct Object Reference Vulnerability in Archer Platform 6.x Archer Platform 6.x Authenticated HTML Content Injection Vulnerability CVE-2023-48644 SQL Injection Vulnerability in Archibus App 4.0.3 for iOS Arbitrary Command Execution via Proxy Settings in Zoho ManageEngine RecoveryManager Plus Insecure Permissions Vulnerability in Concrete CMS Stored XSS Vulnerability in Concrete CMS via Uploaded File Name Cross-Site Request Forgery Vulnerability in SourceCodester Take-Note App 1.0 (VDB-239350) CVE-2023-48650 CVE-2023-48651 Cross-Site Request Forgery (CSRF) Vulnerability in Concrete CMS 9 before 9.2.3 CVE-2023-48653 Kiosk Escape Vulnerability in One Identity Password Manager Improper Query Parameter Filtering in MISP Order Clause Mishandling in MISP before 2.4.176 Filter Mishandling in MISP AppModel.php Missing checkParam function for alphanumeric characters, underscore, dash, period, and space in MISP before 2.4.176 Parameter Parsing Vulnerability in MISP Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-239351) Arbitrary File Read Vulnerability in Dell vApp Manager Arbitrary File Read Vulnerability in Dell vApp Manager Dell vApp Manager Command Injection Vulnerability Dell vApp Manager Command Injection Vulnerability Dell vApp Manager Command Injection Vulnerability Dell vApp Manager Command Injection Vulnerability Dell PowerProtect DD OS Command Injection Vulnerability Dell PowerProtect DD OS Command Injection Vulnerability Critical SQL Injection Vulnerability in Xintian Smart Table Integrated Management System 5.6.9 Privilege Escalation Vulnerability in Dell SupportAssist for Home PCs Dell vApp Manager Information Disclosure Vulnerability CVE-2023-48674 Missing Authorization in Acronis Cyber Protect Cloud Agent (Windows) before build 36943: Sensitive Information Disclosure and Manipulation Vulnerability DLL Hijacking Vulnerability in Acronis Cyber Protect Home Office (Windows) before build 40901 CVE-2023-48678 CVE-2023-48679 Cross-Site Request Forgery Vulnerability in SourceCodester Contact Manager App 1.0 (VDB-239353) CVE-2023-48680 CVE-2023-48681 CVE-2023-48682 CVE-2023-48683 CVE-2023-48684 Unauthenticated SQL Injection Vulnerability in Railway Reservation System v1.0 Unauthenticated SQL Injection Vulnerability in Railway Reservation System v1.0 Unauthenticated SQL Injection Vulnerability in Railway Reservation System v1.0 Cross-Site Request Forgery Vulnerability in SourceCodester Contact Manager App 1.0 (VDB-239354) Out-of-Bounds Write Vulnerability in Azure RTOS NetX Duo's IGMP Protocol (CVE-2021-34567) Remote Code Execution Vulnerabilities in Azure RTOS NetX Duo Arbitrary Read and Write Vulnerability in Azure RTOS ThreadX Parameter Checking Mechanism Remote Code Execution in Azure RTOS USBX due to Expired Pointer Dereference and Type Confusion Vulnerabilities Out of Bounds Write Vulnerabilities in Azure RTOS USBX Remote Code Execution Vulnerability in Azure RTOS USBX Remote Code Execution Vulnerability in Azure RTOS USBX Remote Code Execution via Expired Pointer Dereference in Azure RTOS USBX Remote Code Execution (RCE) Vulnerability in fastbots Library (Versions prior to 0.1.5) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Contact Manager App 1.0 Clear text credentials exposed in Nautobot Device Onboarding plugin prior to version 3.0.0 Unrestricted HTML File Upload Vulnerability in Statamic CMS Arbitrary File Execution via UNC Path in Jellyfin MediaEncoder CVE-2023-48703 Heap Buffer Overflow in ClickHouse Server Cross-Site Scripting Vulnerability in Nautobot Versions Earlier than 1.6.6 or 2.0.5 Heap-use-after-free vulnerability in Vim prior to version 9.0.2121 Cleartext Storage of secretKey in CodeIgniter Shield CodeIgniter Shield Token Exposure Vulnerability CVE-2023-48709 Critical SQL Injection Vulnerability in SourceCodester Contact Manager App 1.0 (VDB-239356) CVE-2023-48710 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser npm package Privilege Escalation Vulnerability in Warpgate: Impersonation through Single-Factor Authentication Knative Serving Denial-of-Service Vulnerability through /metrics Endpoint Accessing Record Titles in Silverstripe Framework Uncontrolled Code Execution Vulnerability in Tuleap Releases Unauthenticated SQL Injection in Student Result Management System v1.0 Unauthenticated SQL Injection in Student Result Management System v1.0 Critical SQL Injection Vulnerability in SourceCodester Contact Manager App 1.0 (VDB-239357) Unauthenticated SQL Injection in Student Result Management System v1.0 Unauthenticated SQL Injection in Student Result Management System v1.0 CVE-2023-48724 CVE-2023-48725 Cross-Site Scripting (XSS) Vulnerability in WWBN AVideo 11.6 and dev master commit 3c6bb3ff Critical OS Command Injection Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906 Cross-Site Scripting (XSS) Vulnerability in WWBN AVideo dev master commit 15fed957fb WebSocket Broadcasting of Notified Users in Mattermost Insecure Default in Ubuntu's EDK2 Enables Secure Boot Bypass via UEFI Shell Out-of-Bounds Read Vulnerability in International Color Consortium DemoIccMAX 3e7948b Stored Cross-Site Scripting Vulnerability in TriPay Payment Gateway (Versions n/a - 3.2.7) SQL Injection vulnerability in Porto Theme - Functionality Null Pointer Dereference Vulnerability in Mutt Email Client (Versions >1.5.2 <2.2.12) SQL Injection Vulnerability in QuantumCloud AI ChatBot SQL Injection Vulnerability in LicenseManager License Manager for WooCommerce Reflected XSS Vulnerability in Paul Menard Simply Exclude Plugin CSRF Vulnerability in Offshore Web Master Availability Calendar Reflected XSS vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles Reflected XSS Vulnerability in Theme Nectar Salient Core (CVE-2021-XXXX) Stored Cross-Site Scripting (XSS) Vulnerability in Theme Nectar Salient Core Null Pointer Dereference Vulnerability in Mutt Versions 1.5.2 to 2.2.12 CSRF Vulnerability in Participants Database Plugin for Roland Barker's xnau Webdesign Cross-site Scripting (XSS) vulnerability in Happyforms Form Builder CSRF Vulnerability in Wap Nepal Delete Post Revisions Plugin for WordPress CSRF Vulnerability in teachPress: Versions n/a through 9.0.4 Reflected XSS Vulnerability in Crocoblock JetBlocks For Elementor Unauthorized Access to Sensitive Information in GitHub Repository hamza417/inure (prior to build92) CSRF Vulnerability in Crocoblock JetElements For Elementor CVE-2023-48763 SQL Injection Vulnerability in GuardGiant Brute Force Protection WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Till Krüss Email Address Encoder CSRF Vulnerability in SVGator – Add Animated SVG Easily Reflected XSS Vulnerability in MyTube PlayList CSRF Vulnerability in Quantity Plus Minus Button for WooCommerce by CodeAstrology CSRF Vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back Unauthorized Access to Sensitive Information in GitHub Repository hamza417/inure (prior to build92) Stored Cross-site Scripting (XSS) Vulnerability in Nima Saberi Aparat Reflected XSS Vulnerability in Bruno Aesqe Babic File Gallery CSRF Vulnerability in Prevent Landscape Rotation Plugin CSRF Vulnerability in WP Doctor WooCommerce Login Redirect CVE-2023-48777 CSRF Vulnerability in VillaTheme Product Size Chart For WooCommerce SSRF Vulnerability in instantsoft/icms2 prior to 2.16.1-git Stored Cross-site Scripting (XSS) Vulnerability in EnigmaWeb WP Catalogue CSRF Vulnerability in MkRapel Regiones y Ciudades de Chile para WC OS Command Injection Vulnerability in Fortinet FortiWLM 8.6.0 - 8.6.5 User-Controlled Key Authorization Bypass in PortiPortal [CWE-639] CVE-2023-48784 CVE-2023-48788 Stored Cross-site Scripting (XSS) Vulnerability in instantsoft/icms2 prior to 2.16.1.-git Command Injection Vulnerability in FortiPortal Version 7.2.0 and Below SQL Injection Vulnerability in Zoho ManageEngine ADAudit Plus (Version 7250) Report Export Option SQL Injection Vulnerability in Zoho ManageEngine ADAudit Plus through 7250 Terrapin Attack: SSH Transport Protocol Vulnerability Apache DolphinScheduler: Exposure of Sensitive Information to Unauthorized Actors Command Execution Vulnerability in TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R Firmware V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R Firmware V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 SQL Injection Vulnerability in Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 via fines_report.php Incorrect Access Control Vulnerability in kkFileView v4.3.0 Vulnerability: Denial of Service (DoS) Attack via Unauthorized VNF Registration Blind SQL Injection Vulnerability in GaatiTrack Courier Management System 1.0 Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in BoidCMS 2.0.1 HTML Injection Vulnerabilities in Availability Booking Calendar 5.0 via SMS API Key or Default Country Code CSV Injection Vulnerability in Time Slots Booking Calendar 4.0 via Unique ID Field in Reservations List Multiple HTML Injection Vulnerabilities in Time Slots Booking Calendar 4.0 Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Time Slots Booking Calendar 4.0 Invalid Pointer Release Vulnerability: Disrupting Service Operation via Specially Crafted JSON CSV Injection Vulnerability in Shuttle Booking Software 2.0: Exploiting Languages Export Unrestricted Rate Limiting in Availability Booking Calendar 5.0 Leads to Resource Exhaustion Unrestricted Rate Limiting in Time Slots Booking Calendar 4.0 Leads to Resource Exhaustion Unrestricted Resource Consumption in Car Rental v3.0's pjActionAjaxSend CSV Injection Vulnerability in Car Rental Script v3.0 via Language > Labels > Export Action Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Car Rental Script 3.0 Multiple HTML Injection Vulnerabilities in Car Rental Script 3.0 via SMS API Key or Default Country Code HTML Injection Vulnerabilities in Appointment Scheduler 3.0 via SMS API Key and Default Country Code Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Appointment Scheduler 3.0 Unauthenticated Access Vulnerability in Open5GS Endpoint Unlimited Resource Consumption Vulnerability in Appointment Scheduler 3.0 CSV Injection Vulnerability in Appointment Scheduler 3.0 via Language > Labels > Export Action Command Injection Vulnerability in D-Link Go-RT-AC750 revA_v101b03 Router Arbitrary File Read Vulnerability in ureport v2.2.9 Remote Code Execution Vulnerability in Ruijie EG Series Routers VNF Communication Interception Vulnerability: Exposing Sensitive Information through Man in the Middle Attack Cross-site Scripting (XSS) Vulnerability in Armex ABO.CMS 5.9 Login Page Post-Authentication RCE Vulnerability in TOTOLINK A3002RU Version 2.0.0-B20190902.1958 Sensitive Information Exposure Vulnerability in Foreman: World Readable Server.xml File Exposes Candlepin Passwords Post-Authentication Remote Code Execution Vulnerability in TOTOLINK N300RT Version 3.2.4-B20180730.0906 TTplayer Version 7.0.2 DLL Hijacking Vulnerability: Privilege Escalation and Arbitrary Code Execution via urlmon.dll SQL Injection Vulnerability in SEMCMS 3.9 SQL Injection Vulnerability in SEMCMS v4.8 via languageID Parameter in /web_inc.php CVE-2023-48865 Grocy <= 4.0.3 XSS Vulnerability in Recipe and Shopping List Components Stored Cross-Site Scripting Vulnerability in Google Maps Plugin by Intergeo for WordPress Stored Cross-Site Scripting Vulnerability in Simple Like Page Plugin for WordPress Stored XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 via crafted payload in Menu Name field Stored XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 via crafted payload in Field Title field Stored XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 via crafted payload in Document Properties field NettyRpc v1.2 Deserialization Vulnerability Allows Arbitrary Command Execution Jupiter v1.3.1 Deserialization Remote Code Execution Vulnerability Stored Cross-Site Scripting Vulnerability in Shareaholic WordPress Plugin (Versions up to 9.7.8) SQL Injection in SLiMS Library Management System (aka SENAYAN) 9.6.1 via startDate or untilDate in admin/modules/reporting/customs/staff_act.php Improper Access Control in jshERP V3.3 allows unauthorized access to sensitive information via the doFilter function. Stored Cross-Site Scripting Vulnerability in JQuery Accordion Menu Widget for WordPress Plugin CVE-2023-48901 CVE-2023-48902 CVE-2023-48903 CVE-2023-48906 Arbitrary Code Execution Vulnerability in Jave2 3.3.1 via FFmpeg Function Lenovo View Driver Use-After-Free Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in Microcks up to 1.17.1 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 HTML Injection Vulnerability in Teedy v1.11 Text Editor Allows Execution of Malicious JavaScript SQL Injection Vulnerability in Buy Addons Bavideotab (<=1.0.6): Privilege Escalation and Sensitive Information Disclosure Arbitrary Order Status Change Vulnerability in 202 ecommerce Advanced Loyalty Program Open Redirect Vulnerability in Franklin Fueling Systems System Sentinel AnyWare (SSA) Version 1.6.24.492 Session Fixation Vulnerability in Franklin Fueling Systems System Sentinel AnyWare (SSA) Version 1.6.24.492 Crayon Syntax Highlighter Plugin for WordPress: Server Side Request Forgery Vulnerability File Upload Vulnerability in Xinhu Xinhuoa 2.2.1 Stored XSS Vulnerability in DaiCuo v2.5.15's /admin.php Allows Arbitrary Code Execution Denial of Service Vulnerability in OpenLink Virtuoso-Opensource v7.2.11 via Crafted SQL Statements Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.11's box_mpy Function Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.11 Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.11 Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.11 GitLab EE Vulnerability: Bypassing Group IP Restrictions to Access Project Environment Details Denial of Service Vulnerability in box_col_len Function of openlink virtuoso-opensource v7.2.11 Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.11 Denial of Service Vulnerability in openlink virtuoso-opensource v7.2.11 Memory Leaks in gf_mpd_resolve_url in gpac 2.3-DEV-rev617-g671976fcc-master AirWave Management Platform: Authenticated Information Disclosure Vulnerability Buffer Overflow Vulnerability in Tenda i6 V1.0.0.8(3856) via /goform/wifiSSIDget Buffer Overflow Vulnerability in Tenda i6 V1.0.0.8(3856) via /goform/WifiMacFilterSet Remote Code Execution Vulnerability in ThinkAdmin v6.1.53 via Crafted URL Arbitrary Code Execution via Crafted Zip File Upload in ThinkAdmin v6.1.53 Deserialization of Untrusted Data Vulnerability in Ssolon <= 2.6.0 and <=2.5.12 Relative Path Traversal Vulnerability in GitHub Repository mintplex-labs/anything-llm prior to 0.0.1 Privilege Escalation via Cross Site Scripting in Axigen WebMail v.10.5.7 and earlier Critical Authentication Bypass Vulnerability in mintplex-labs/anything-llm (prior to 0.0.1) Arbitrary Code Execution and Privilege Escalation in CU Solutions Group (CUSG) CMS Arbitrary Code Execution and Privilege Escalation in CU Solutions Group (CUSG) CMS v.7.75 Blind SQL Injection Vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) Allows Remote Code Execution and Privilege Escalation SQL Injection Vulnerability in GitHub Repository mintplex-labs/anything-llm (prior to version 0.0.1) Obfuscation of Permission Prompt in Custom Tabs on Android Chrome (CVE-2021-21107) Bypassing Access Restrictions in ArtistScope ArtisBrowser Bypassing Access Restrictions in Indi Browser (aka kvbrowser) v.12.11.23 Bypassing Access Restrictions in Xenom Technologies Phone Dialer-voice Call Dialer v.1.2.5 Bypassing Access Restrictions in simplemobiletools Simple Dialer 5.18.1 Remote Code Execution Vulnerability in D-Link DIR-850L v.B1_FW223WWb01 CSRF Vulnerability in Phpsysinfo 3.4.3 Allows Remote Information Disclosure Stack-based Buffer Overflow in Netgear Orbi RBR750 Firmware Remote Security UI Spoofing Vulnerability in Google Chrome Remote Security UI Spoofing Vulnerability in Google Chrome Arbitrary Code Execution via Cross Site Scripting (XSS) in smpn1smg absis v.2017-10-19 and earlier Arbitrary Code Execution via Cross Site Scripting (XSS) in smpn1smg absis v.2017-10-19 and earlier Remote Security UI Spoofing Vulnerability in Custom Mobile Tabs on Google Chrome for Android (Prior to version 117.0.5938.62) SQL Injection Vulnerability in KLive v.2019-1-19 and Earlier Versions Remote Code Execution and Sensitive Information Disclosure in LTB Self Service Password Arbitrary Code Execution via Cross Site Scripting (XSS) in ProjeQtOr 11.0.2 Remote Command Injection in Buffalo LS210D 1.78-0.03 NAS Bypassing Enterprise Policy Restrictions via Crafted Download in Google Chrome Remote Code Execution Vulnerability in Tneda AX1803 v.1.0.0.1 Heap Overflow Vulnerability in Tenda AX1803 v.1.0.0.1: Remote Code Execution via setSchedWifi Parameters Remote Code Execution Vulnerability in Tenda AX1803 v.1.0.0.1 via Buffer Overflow in wpapsk_crypto Parameter Remote Code Execution Vulnerability in Tenda AX1803 v.1.0.0.1 via ssid Parameter Remote Code Execution Vulnerability in Tenda AX1803 v.1.0.0.1 via devName Parameter in formAddMacfilterRule Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via devName Parameter in formSetDeviceName Function Remote Security UI Spoofing Vulnerability in Google Chrome Arbitrary Code Execution via File Upload in Microweber v.2.0.4 SAP Master Data Governance File Upload Path Traversal Vulnerability Bypassing Autofill Restrictions via Crafted HTML Page in Google Chrome Referrer Leakage Vulnerability in Firefox for iOS < 120 HTML Template Injection Vulnerability in Firefox for iOS < 120 Allows User Information Exfiltration via Reader Mode Vulnerability: Non-Initialized Kernel Memory Disclosure in Katran IP Header Unauthorized Access to Sensitive Information in Apache DolphinScheduler Obfuscation of Security UI via Crafted HTML Page in Google Chrome on Android Pre-auth Remote Code Execution (RCE) Vulnerability in Apache OFBiz 18.12.09 CVE-2023-49074 Vulnerability: Bypassing Two-Factor Authentication in Pimcore Admin Classic Bundle CSRF Vulnerability in Customer-Data-Framework Cross-Site Scripting (XSS) Vulnerability in Mailcow: dockerized Quarantine UI Reflected Cross-Site Scripting Vulnerability in Raptor-Web CMS (Version 0.4.4) Misskey's Missing Signature Validation: Arbitrary User Impersonation Vulnerability Spoofing Security UI Vulnerability in Google Chrome Jupyter Server Traceback Information Disclosure Vulnerability HTTP Request Modification Vulnerability in aiohttp HTTP Request Manipulation Vulnerability in aiohttp NULL-pointer dereference and segfault vulnerability in cryptography package Arbitrary Code Execution via SQL Injection in Cacti's link.php Arbitrary SQL Code Execution in Cacti's pollers.php DOM XSS Vulnerability in Cacti's graphs_new.php XML Signature Forgery Vulnerability in xml-security Incomplete Fix for Cross-Site Scripting Vulnerability in Cacti 1.2.25 Path Traversal Vulnerability in Umbraco CMS Obfuscation of Security UI in Google Chrome Interstitials CarrierWave Content-Type Allowlist Bypass Vulnerability Authorization Header Token Persistence Vulnerability in Cosmos-Server Timing Side-Channel Vulnerability in RustCrypto/RSA Remote Code Execution (RCE) Vulnerability in HtmlUnit via XSTL Arbitrary GET HTTP Requests Vulnerability in Symbolicator Impersonation Vulnerability Patched in nexkey Version 12.122.2 Argument Injection Vulnerability in Jellyfin Media System Vulnerability: Password Reset Link Manipulation in ZITADEL User Reaction Data Exposure in Discourse-reactions Plugin (Patch: 2c26939) Insecure Access to Secure Upload URLs in Discourse Browser Cache Vulnerability in 3Scale Admin Portal Potential Out-of-Bounds Read Vulnerability in Trusted Firmware-A (TF-A) SDEI Service XSS Vulnerability in Axigen WebAdmin Allows Admins to be Attacked Authenticated Remote Code Execution in Unsupported NZBGet Versions Sensitive Information Disclosure in ownCloud graphapi Vulnerability: Open Redirect in ownCloud OAuth2 with Allow Subdomains Enabled Unauthenticated File Manipulation in ownCloud Core Unmasked Passwords Vulnerability in Hitachi Device Manager Sensitive Information Disclosure in Hitachi Device Manager RakRak Document Plus Path Traversal Vulnerability Remote Code Execution Vulnerability in Apache Dolphinscheduler Buffer Overflow Vulnerability in GNU C Library's Dynamic Loader (ld.so) Allows Privilege Escalation CVE-2023-49114 Unauthenticated MQTT Messaging Vulnerability in MachineSense Devices Stored Cross-Site Scripting Vulnerability in PowerCMS OpenHarmony v3.2.4 and Prior: Local Attacker Information Leak via Out-of-Bounds Read Stored Cross-Site Scripting (XSS) Vulnerability in GROWI versions prior to v6.0.0 via img tags Client-side Denial of Service Vulnerability in GitLab EE Heap-Based Buffer Overflow in Solid Edge SE2023 (All versions < V223.0 Update 10) Allows Code Execution Heap-Based Buffer Overflow in Solid Edge SE2023 (All versions < V223.0 Update 10) Allows Remote Code Execution Heap-Based Buffer Overflow in Solid Edge SE2023 (All versions < V223.0 Update 10) Allows Remote Code Execution Out of Bounds Read Vulnerability in Solid Edge SE2023 Parasolid XT Format Out of Bounds Read Vulnerability Out of Bounds Read Vulnerability in Solid Edge SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2023 Out of Bounds Write Vulnerability in Solid Edge SE2023 Stack Overflow Vulnerability in Solid Edge SE2023 (All versions < V223.0 Update 10) Allows Remote Code Execution Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository cecilapp/cecil prior to 7.47.1 Uninitialized Pointer Access Vulnerability in Solid Edge SE2023 Uninitialized Pointer Access Vulnerability in Solid Edge SE2023 Uninitialized Pointer Access Vulnerability in Solid Edge SE2023 CVE-2023-49133 CVE-2023-49134 Local Privilege Escalation Vulnerability in OpenHarmony v3.2.2 and Prior Versions: Exploiting a Released Pointer in Multimedia Player Relative Path Traversal Vulnerability in GitHub Repository cecilapp/cecil prior to 7.47.1 HMI GC-A2 Series: Denial-of-Service (DoS) Vulnerability in Commplex-Link Service Local Privilege Escalation Vulnerability in OpenHarmony v3.2.2 and Prior Versions: Exploiting a Released Pointer to Cause Multimedia Audio Crash Denial-of-Service (DoS) Vulnerability in HMI GC-A2 Series: rfe Service DOM-based Cross-Site Scripting Vulnerability in Apache NiFi JoltTransformJSON Processor XSS Vulnerability in DOMSanitizer (dom-sanitizer) 1.0.7 and earlier Visible cmd.exe Window Vulnerability in PDF24 Creator 11.14.0 CSRF Vulnerability in Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Stored Cross-site Scripting (XSS) Vulnerability in CurrencyRate.Today Currency Converter Calculator Vulnerability: Unauthorized Password Resets in WP User Control Plugin Stored Cross-site Scripting (XSS) Vulnerability in CurrencyRate.Today Crypto Converter Widget Stored XSS vulnerability in Simple Calendar – Google Calendar Plugin (Versions n/a through 3.2.6) Stored Cross-site Scripting (XSS) Vulnerability in Labs64 Credit Tracker CSRF Vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon CSRF Vulnerability in Wow-Company Button Generator – Easily Button Builder Stored Cross-site Scripting (XSS) Vulnerability in Multiple Post Passwords Plugin Elegant Digital Solutions CommentLuv SSRF Vulnerability Cross-Site Request Forgery Vulnerability in Login with Phone Number Plugin for WordPress Stored Cross-site Scripting (XSS) Vulnerability in Formzu WP SQL Injection Vulnerability in Bravo Translate Sensitive Information Exposure vulnerability in BigCommerce For WordPress CSRF Vulnerability in teachPress: Versions n/a through 9.0.5 OceanWP Ocean Extra CSRF Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Real Big Plugins Client Dash SQL Injection Vulnerability in Magic Logix MSync Stored Cross-Site Scripting (XSS) Vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss Stored Cross-site Scripting (XSS) Vulnerability in Ads by datafeedr.Com Sensitive Information Exposure in Leyka WordPress Plugin (up to 3.30.3) via 'leyka_ajax_get_env_and_options' Function Reflected XSS Vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress Reflected XSS vulnerability in Innovs HR – Complete Human Resource Management System for Your Business Reflected XSS Vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom Stored Cross-site Scripting (XSS) Vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System Stored Cross-site Scripting (XSS) Vulnerability in dFactory Responsive Lightbox & Gallery Stored Cross-site Scripting (XSS) Vulnerability in Kreativo Pro KP Fastest Tawk.To Chat Plugin Reflected XSS Vulnerability in CodeRevolution WP Pocket URLs Reflected XSS Vulnerability in Gilles Dumas Template File Cross-site Scripting (XSS) Vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) Stored Cross-site Scripting (XSS) Vulnerability in N.O.U.S. Open Useful and Simple Event Post Clear Text Password Retrieval Vulnerability in Keycloak User Profile Stored Cross-site Scripting (XSS) Vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce Reflected XSS vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles Reflected XSS vulnerability in NextScripts: Social Networks Auto-Poster Stored Cross-site Scripting (XSS) Vulnerability in WPDeveloper Parallax Slider Block (Versions n/a - 1.2.4) Cross-site Scripting (XSS) Vulnerability in Doofinder WP & WooCommerce Search Plugin Reflected XSS Vulnerability in Adifier - Classified Ads WordPress Theme Stored Cross-site Scripting (XSS) Vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 Stored Cross-Site Scripting Vulnerability in GetSocial.Io Plugin Stored Cross-Site Scripting Vulnerability in WordPress iframe Plugin Stored Cross-site Scripting (XSS) Vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode Stored Cross-Site Scripting (XSS) Vulnerability in Supsystic GDPR Cookie Consent by Supsystic Stored Cross-Site Scripting (XSS) Vulnerability in Kyle Phillips Nested Pages CSRF Vulnerability in DoFollow Case by Case Plugin Cross-Site Request Forgery and Script Injection Vulnerability in BEAR for WordPress Plugin Buffer Overflow Vulnerability in Glewlwyd SSO Server's FIDO2 Credentials Validation Use-After-Free Vulnerability in Linux Kernel's net/sched: sch_qfq Component Deprecated openssl (aka node-openssl) NPM package through 2.0.0 allows command execution via the opts argument (Vulnerability only affects unsupported products) Arbitrary Command Execution Vulnerability in Ironman PowerShell Universal API Endpoints Chat Template Injection Vulnerability in Usedesk before 1.7.57 Reflected XSS Vulnerability in Usedesk before 1.7.57 Profile Stored XSS Vulnerability in Usedesk before 1.7.57 Local File Inclusion Vulnerability in WPB Show Core WordPress Plugin Cross-Site Scripting Vulnerability in Ruckus Access Point Products Command Injection Vulnerability in Peplink Balance Two Administration Console Hard-coded Credentials in Peplink Balance Two Console Port Authentication Unprivileged User Information Disclosure in Peplink Balance Two Cross-Site Request Forgery Vulnerability in BEAR for WordPress Plugin Captive Portal Configuration Modification Vulnerability CVE-2023-49231 CVE-2023-49232 CVE-2023-49234 Remote Code Execution Vulnerability in TRENDnet TV-IP1314PI 5.5.3 200714 Devices Arbitrary Command Execution Vulnerability in TRENDnet TV-IP1314PI 5.5.3 200714 Devices Command Injection Vulnerability in TRENDnet TV-IP1314PI 5.5.3 200714 Devices Non-Unique Initial System User Password Vulnerability in Gradle Enterprise Card Management Module Unauthorized Access Vulnerability: Threat to Service Confidentiality Vulnerability: Missing Authorization in BEAR for WordPress Plugin Critical Unauthorized Access Vulnerability in Launcher Module Jeopardizes Service Confidentiality API Permission Control Vulnerability in Network Management Module: Threat to Service Confidentiality Critical Vulnerability: Free Broadcast Exploit in Running Management Module Jeopardizes Service Confidentiality Email Module Vulnerability: Unauthorized Access to Attachments Compromises Service Confidentiality Critical Permission Management Vulnerability in Multi-User Module Jeopardizes Service Confidentiality Huawei Share Module Unauthorized Access Vulnerability Card Management Module Unauthorized Access Vulnerability: Threat to Service Confidentiality Distributed Permission Verification Vulnerability: A Threat to Service Confidentiality Unauthorized File Access Vulnerability in Settings App Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Unverified Certificate Vulnerability in Apache DolphinScheduler Root Access Vulnerability in SIMATIC CN 4100 (All versions < V2.7) Unauthenticated IP Configuration Change Vulnerability in SIMATIC CN 4100 (All versions < V2.7) Hardcoded Root User Password Vulnerability Arbitrary Command Execution via Network Test Tools' Destination Field Unauthenticated Access and Privilege Escalation in Router Console Unauthorized Access and Password Decryption Vulnerability Arbitrary File Upload and Privilege Escalation Vulnerability XSS Vulnerability in /gui/terminal_tool.cgi Allows Forced Execution of JavaScript and Cookie Theft Vulnerability: Weak Authentication Cookie Generation Algorithm Cross-Site Request Forgery Vulnerability in BEAR for WordPress Plugin XSS Attack Exploiting MOTD Banner and Terminal_Tool.cgi Path Vulnerability Exposing User Authorization TokenKey in HTML Source: A Critical Vulnerability Cookie Overflow Vulnerability Multiple Authenticated Reflected Cross-Site Scripting Vulnerabilities in Hotel Management v1.0 Multiple Authenticated Reflected Cross-Site Scripting Vulnerabilities in Hotel Management v1.0 Multiple Authenticated Reflected Cross-Site Scripting Vulnerabilities in Hotel Management v1.0 Multiple Authenticated Reflected Cross-Site Scripting Vulnerabilities in Hotel Management v1.0 Unintended Endpoint Access Vulnerability in Umbraco CMS User Enumeration Vulnerability in Umbraco CMS CVE-2023-49275 Cross-Site Scripting (XSS) via Attribute Injection in Uptime Kuma's Google Analytics Element Reflected XSS Vulnerability in dpaste API's expires Parameter Brute Force Username Collection Vulnerability in Umbraco CMS Umbraco SVG File Upload Script Execution Vulnerability SQL Injection Vulnerability in instantsoft/icms2 prior to 2.16.1 XWiki Change Request Password Hash Disclosure Vulnerability Open Redirect Vulnerability in Calendarinho Vulnerability: Exposed phpInfo() Function in msgraph-sdk-php Vulnerability: Remote Code Execution via phpInfo() in Microsoft Graph PHP SDK Vulnerability in fish shell allows for potential denial of service and information disclosure Buffer Overread Vulnerability in Squid HTTP Message Processing Denial of Service Vulnerability in Squid's Helper Process Management Buffer Overflow Vulnerability in TinyDir's tinydir_file_open() Function Use-After-Free Bug in Squid Proxy Server Allows Denial of Service via Collapsed Forwarding Cross-Site Scripting (XSS) Vulnerability in Ajax.NET Professional (AjaxPro) NPort 5000 Series Firmware Manipulation Vulnerability Denial of Service Vulnerability in JWE's PBES2-* Algorithm Due to High p2c Parameter Improper Context Variable Handling in tj-actions/branch-names GitHub Action Privilege Escalation Vulnerability in ECIES Encryption Scheme Arbitrary HTML Injection via Vite's HTML Transformation Arbitrary File Read Vulnerability in Asterisk Memory exhaustion vulnerability in quic-go due to PATH_CHALLENGE frame flooding Reflected Cross-Site Scripting Vulnerability in Arduino Create Agent Arbitrary Code Execution via Unsafe YAML Deserialization in PyDrive2 OpenZFS File Corruption Vulnerability Arbitrary JavaScript Execution Vulnerability in Apache DolphinScheduler Unauthenticated Visitors Can List and Download Private Attachments in Front End PM WordPress Plugin Plesk Installer DLL Hijacking Vulnerability Multiple Systems License Key Integrity Violation in Precision Bridge XMachOViewer 0.04 Dylib Injection Vulnerability: Compromising Integrity and Enabling Unauthorized Code Execution Code Injection Vulnerability in Asana Desktop 2.1.0 on macOS Denial of Service Vulnerability in phpseclib 3 before 3.0.34 Reflected Cross-Site Scripting (XSS) Vulnerability in SAS Application Denial of Service Vulnerability in WithSecure Products Denial of Service Vulnerability in WithSecure Products Remote Code Execution Vulnerability in Wolters Kluwer B.POINT 23.70.00 Server OS Command Injection Vulnerability in Anomali Match before 4.6.2 Unauthenticated Access to Private Attachments in WP Job Openings WordPress Plugin CVE-2023-49337 CVE-2023-49338 Insecure Direct Object Reference (IDOR) Vulnerability in Ellucian Banner 9.17 User-Controlled Key Authorization Bypass Vulnerability in Usta AYBS CVE-2023-49340 CVE-2023-49341 Vulnerability: Unauthorized Access and Manipulation of Temporary Data in Budgie Extras Clockworks Applet Vulnerability: Unauthorized Access and Manipulation of Temporary Data in Budgie Extras Dropby Applet Vulnerability: Unauthorized Access and Manipulation of Temporary Data by Budgie Extras Window Shuffler Applet Vulnerability: Unauthorized Access and Manipulation of Temporary Data in Budgie Extras Takeabreak Applet Insecure Temporary Data Storage in Budgie Extras WeatherShow Applet Budgie Extras Windows Previews Vulnerability: Unauthorized Access and Manipulation of Temporary Data Cross-Site Request Forgery Vulnerability in BEAR for WordPress 1.1.3.3 Stack-Based Buffer Overflow Vulnerability in Edimax BR6478AC V2 Firmware v1.23 Out-of-Bounds Write Vulnerability in decToString Function in jq 88f01a7 Stack Buffer Overflow Vulnerability in MP3Gain v1.6.2: Denial of Service via WriteMP3GainAPETag Function Elevated Privilege DLL Sideloading Vulnerability SQL Injection Vulnerability in Rockoa <2.3.3: indexAction Method in reimpAction.php Cross-Site Request Forgery Vulnerability in BEAR for WordPress 1.1.3.3 SQL Injection Vulnerability in RuoYi v4.6 via /system/dept/edit CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/slide/save CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/slide/delete CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/slide/update CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/friend_link/update CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/tag/delete CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/tag/update CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/form/save CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/friend_link/save Component Vulnerability: Missing Authorization in BEAR for WordPress Plugin CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/friend_link/delete CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/div/update CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/div/delete CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/tag/save Vulnerability: Log Injection in SALESmanago WordPress Plugin Remote Code Execution and Denial of Service Vulnerability in free5GC 3.3.0 Zentao Versions 4.1.3 and Earlier: URL Redirect Vulnerability CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/category/update CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/category/save JFinalCMS v5.0.0 CSRF Vulnerability in /admin/category/updateStatus CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/category/delete Cross-Site Request Forgery Vulnerability in BEAR for WordPress 1.1.3.3 Stack Overflow Vulnerability in Tenda W30E V16.01.0.12(4843) via localMsg Function Command Injection Vulnerability in Tenda W30E V16.01.0.12(4843) via setFixTools Function Stack Overflow Vulnerability in Tenda W30E V16.01.0.12(4843) via formAdvancedSetListSet Function Stack Overflow Vulnerability in Tenda W30E V16.01.0.12(4843) via UploadCfg Function Tenda W30E V16.01.0.12(4843) Command Execution Vulnerability Stack Overflow Vulnerability in Tenda AX3 V16.03.12.11 via set_device_name Function Tenda AX3 V16.03.12.11 Command Execution Vulnerability via /goform/telnet Vulnerability: Missing Authorization in BEAR for WordPress Plugin (up to version 1.1.3.3) Stack Overflow Vulnerability in Tenda W30E V16.01.0.12(4843) via set_wan_status Function Stack Overflow Vulnerability in Tenda W30E V16.01.0.12(4843) via formDeleteMeshNode Function Stack Overflow Vulnerability in TOTOLink A7000R V9.1.0u.6115_B20201022 via setOpModeCfg Stack Overflow Vulnerability in TOTOLink A7000R V9.1.0u.6115_B20201022 via setIpPortFilterRules Cross-Site Request Forgery Vulnerability in BEAR for WordPress 1.1.3.3 Stack Overflow Vulnerability in Tenda AX12 V22.03.01.46 via /goform/SetVirtualServerCfg Stack Overflow Vulnerability in Tenda AX12 V22.03.01.46 via deviceList Parameter Stack Overflow Vulnerability in Tenda AX12 V22.03.01.46 via /goform/SetStaticRouteCfg Buffer Overflow Vulnerability in Tenda AX12 V22.03.01.46: Remote DoS via SetNetControlList Function Command Injection Vulnerability in Tenda AX12 V22.03.01.46 - 'mac' Parameter at /goform/SetOnlineDevName SQL Command Injection Vulnerability in Tenda AX9 V22.03.01.46 'setDeviceInfo' Feature Vulnerability: Missing Authorization in BEAR for WordPress Plugin (up to version 1.1.3.3) Stack Overflow Vulnerability in Tenda AX9 V22.03.01.46: 'list' Parameter at /goform/SetStaticRouteCfg Command Injection Vulnerability in Tenda AX9 V22.03.01.46 - 'mac' Parameter at /goform/SetOnlineDevName Stack Overflow Vulnerability in Tenda AX9 V22.03.01.46: Exploiting 'deviceList' Parameter at /goform/setMacFilterCfg Stack Overflow Vulnerability in Tenda AX9 V22.03.01.46: Exploitable 'list' Parameter at /goform/SetVirtualServerCfg Stack Overflow Vulnerability in Tenda AX9 V22.03.01.46: Exploiting 'list' Parameter at /goform/SetNetControlList Tenda AX9 V22.03.01.46 Command Injection Vulnerability Command Injection Vulnerability in Tenda AX9 V22.03.01.46 Command Injection Vulnerability in Tenda AX12 V22.03.01.46 - 'list' Parameter at /goform/SetNetControlList Open Redirect Vulnerability in Flask-Security-Too <=5.3.2: Abusing the ?next Parameter on /login and /register Routes Stored Cross-Site Scripting Vulnerability in Awesome Weather Widget for WordPress Plugin Arbitrary Code Execution Vulnerability in jeecgFormDemoController in JEECG 4.0 and Earlier Code Reuse Vulnerability in DoraCMS v2.1.8 Allows Brute Force Attacks Arbitrary File Upload Vulnerability in DoraCMS v2.1.8: Remote Code Execution via User Avatar Upload CSRF Vulnerability in JFinalCMS v5.0.0 via /admin/nav/save JFinalCMS v5.0.0 CSRF Vulnerability in /admin/nav/update CSRF Vulnerability in JFinalCMS v5.0.0 via admin/nav/delete Stored Cross-Site Scripting Vulnerability in Booster for WooCommerce Plugin for WordPress CVE-2023-49453 Segmentation Violation Vulnerability in libheif v1.17.5's UncompressedImageCodec::decode_uncompressed_image Function Segmentation Violation Vulnerability in libheif v1.17.5 via /libheif/exif.cc Component Segmentation Violation Vulnerability in libheif v1.17.5 via find_exif_tag function Segmentation Violation Vulnerability in libheif v1.17.5 Heap-buffer-overflow vulnerability in Libde265 v1.0.14's derive_spatial_luma_vector_prediction function at motion.cc Heap-buffer-overflow vulnerability in Libde265 v1.0.14's derive_combined_bipredictive_merging_candidates function at motion.cc Global Buffer Overflow Vulnerability in Libde265 v1.0.14's read_coding_unit Function at slice.cc Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2 through search tag function allows remote code execution Unauthenticated Modification of Data in WooCommerce EAN Payment Gateway Plugin Blind SSRF Vulnerability in karlomikus Bar Assistant before 3.2.0 CVE-2023-49473 Unauthenticated Modification of Data in WooCommerce CVR Payment Gateway Plugin Cross-Site Scripting (XSS) Vulnerability in Dreamer CMS v4.1.3 Article Management Cross-Site Scripting (XSS) Vulnerability in JFinalCMS v5.0.0 Column Management Department Cross-Site Scripting (XSS) Vulnerability in JFinalCMS v5.0.0 Model Management Department Cross-Site Scripting (XSS) Vulnerability in JFinalCMS v5.0.0 Navigation Management Openfiler ESA v2.99.1 Cross-Site Scripting (XSS) Vulnerability in nic Parameter Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer version 4.51 via APP_HOST parameter in config/i18n/en/main.php Local Privilege Escalation via Modified XFS Partition in Grub-Legacy Reflective Cross-Site Scripting (XSS) Vulnerability in XunRuiCMS v4.5.5 via /admin.php Component Reflective Cross-Site Scripting (XSS) Vulnerability in DedeCMS v5.7.111 via imgstick parameter at selectimages.php Reflective Cross-Site Scripting (XSS) Vulnerability in DedeCMS v5.7.111 via selectimages.php Reflective Cross-Site Scripting (XSS) Vulnerability in DedeCMS v5.7.111 via select_media_post_wangEditor.php Cross-Site Scripting Vulnerability in Interactive Contact Form and Multi Step Form Builder WordPress Plugin CVE-2023-49501 CVE-2023-49502 Directory Traversal Vulnerability in YetiForceCRM 6.4.0 and Earlier: Unauthorized Access to Sensitive Information Cross-Site Scripting Vulnerability in GreenRADIUS v5.1.1.1 and prior UART Pin Component Vulnerability in TP Link TC70 and C200 WIFI Camera v.3 Firmware v.1.3.4 CVE-2023-49528 CVE-2023-49539 CVE-2023-49540 CVE-2023-49543 CVE-2023-49544 CVE-2023-49545 CVE-2023-49546 CVE-2023-49547 CVE-2023-49548 Denial of Service Vulnerability in Cesanta mjs 2.20.0 via mjs_getretvalpos Function Remote Denial of Service Vulnerability in Cesanta mjs 2.20.0 via mjs+0x4ec508 Component Denial of Service Vulnerability in Cesanta mjs 2.20.0 via mjs_op_json_parse Function Remote Denial of Service Vulnerability in Cesanta mjs 2.20.0 via mjs_op_json_stringify Function Denial of Service Vulnerability in Cesanta mjs 2.20.0 via mjs_destroy Function YASM 1.3.0.86.g9def Use After Free Denial of Service Vulnerability Denial of Service Vulnerability in YASM 1.3.0.86.g9def via expand_smacro function YASM 1.3.0.86.g9def Buffer Overflow Vulnerability in expr_delete_term Function Denial of Service Vulnerability in YASM 1.3.0.86.g9def Denial of Service Vulnerability in YASM 1.3.0.86.g9def via expand_mmac_params Function Clickjacking Vulnerability in Quay's Config-Editor Panel Arbitrary Code Execution via Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 Denial of Service Vulnerability in go-git Versions Prior to v5.11 Path Traversal Vulnerability in go-git Versions Prior to v5.11 Allows File System Manipulation and Potential Remote Code Execution Authentication Bypass Vulnerability on Zebra Technologies ZTC ZT410-203dpi ZPL Printer Cross-Site Scripting (XSS) Vulnerability in SAP HCM (SMART PAYE Solution) SAP Cloud Connector 2.0 Denial of Service Vulnerability Clickjacking Vulnerability in Red Hat Advanced Cluster Security (RHACS) Allows Account Hijacking Unauthenticated Access and Configuration Manipulation Vulnerability in SAP GUI Unauthenticated Access and Data Manipulation Vulnerability in SAP GUI Arbitrary Privilege Escalation in SAP BTP Security Services Integration Library SAP Fiori Launchpad Vulnerability: HTTP POST Method Bypass SAP Solution Manager 720 - Unauthorized Remote Data Access Vulnerability Insufficient Entropy Vulnerability in WWBN AVideo User Password Recovery CSRF Vulnerability in Quay's Config-Editor Page Allows Unauthorized Configuration Changes Information Disclosure Vulnerability in instipod DuoUniversalKeycloakAuthenticator Plugin Stored Cross-Site Scripting Vulnerability in GROWI Pre Tags Insufficient Entropy in Salt Generation Leads to Privilege Escalation in WWBN AVideo Stored Cross-Site Scripting Vulnerability in WCFM Marketplace Plugin for WordPress (up to version 3.6.2) CVE-2023-49602 CVE-2023-49606 Unvalidated Type in Reminder Body Parameter in Mattermost Playbook Plugin Leads to Playbook Crash Stored Cross-Site Scripting Vulnerability in Poptin Plugin for WordPress Input Sanitization Vulnerability in MachineSense FeverWarn Raspberry Pi-based Devices Unauthenticated Access to MachineSense API Allows for Unauthorized Retrieval and Modification of Sensitive Data Race Condition Vulnerability in Apache Answer: Multiple Bookmarking of Questions Stored Cross-Site Scripting Vulnerability in Video PopUp Plugin for WordPress Unauthorized UDF Function Deletion Vulnerability in DolphinScheduler Default Credential Vulnerability in SIMATIC CN 4100 (All versions < V2.7) Unauthenticated SQL Injection Vulnerability in Billing Software v1.0 Unauthenticated SQL Injection Vulnerability in Billing Software v1.0 Unauthenticated SQL Injection Vulnerability in Billing Software v1.0 Stored Cross-Site Scripting Vulnerability in WS Facebook Like Box Widget for WordPress Plugin Unauthenticated SQL Injection in Billing Software v1.0 Unauthenticated SQL Injection Vulnerability in Billing Software v1.0 Open Redirect Vulnerability in OpenText Service Management Automation X and Asset Management X Zoom Client Denial of Service Vulnerability Privilege Escalation Vulnerability in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows Open Redirect Vulnerability in phpipam 1.5.1 Vulnerability in Jenkins Google Compute Engine Plugin Allows Unauthorized Enumeration of System-Scoped Credentials Jenkins Jira Plugin Vulnerability: Unauthorized Access to Credentials XML File Parsing Vulnerability in Jenkins MATLAB Plugin 2.11.0 and Earlier Jenkins MATLAB Plugin 2.11.0 and Earlier Cross-Site Request Forgery (CSRF) Vulnerability Allows XML File Parsing XML External Entity (XXE) Vulnerability in Jenkins MATLAB Plugin 2.11.0 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Apache Superset before 3.0.3 Unauthenticated SQL Injection in Billing Software v1.0 Vulnerability: Sensitive Information Disclosure in NetScaler ADC and NetScaler Gateway Unauthenticated SQL Injection Vulnerability in Billing Software v1.0 Unauthenticated SQL Injection Vulnerability in Billing Software v1.0 Vulnerability: Denial of Service in NetScaler ADC and NetScaler Gateway CSRF Vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin Allows Unauthorized Access Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and Earlier Missing Permission Check Vulnerability CVE-2023-49675 CVE-2023-49676 Unauthenticated SQL Injection in Job Portal v1.0 Stored Cross-Site Scripting Vulnerability in WPLegalPages Plugin for WordPress Unauthenticated SQL Injection in Job Portal v1.0 Unauthenticated SQL Injection in Job Portal v1.0 Unauthenticated SQL Injection in Job Portal v1.0 GPU Local Memory Vulnerability: Unauthorized Data Access Across Kernels OS Command Injection Vulnerability in RUGGEDCOM and SCALANCE Devices Title: OS Command Injection Vulnerability in RUGGEDCOM and SCALANCE Devices Remote Code Execution Vulnerability in NETGEAR ProSAFE Network Management System Arbitrary JSP File Execution Vulnerability in NETGEAR ProSAFE Network Management System Arbitrary OS Command Execution Vulnerability in WRC-X3000GSN v1.0.2 and Earlier IMS VoLTE Streamingmedia Interface Memory Corruption Vulnerability Cross-Site Scripting Vulnerability in PubyDoc WordPress Plugin Buffer Overflow Vulnerability in Streamingmedia String Operation USIMPhase2init Vulnerability: Memory Corruption in SIM Management Privilege Escalation via Defective Request Context Handling in LinOTP 3.x Self Service Critical SQL Injection Vulnerability in S5 Register Module for Joomla Critical SQL Injection Vulnerability in Starshop Component for Joomla Unserializing Content Vulnerability in Weaver Xtreme Theme Support WordPress Plugin NetBIOS Service Denial-of-Service (DoS) Vulnerability in HMI GC-A2 Series Unrestricted PHP File Upload Vulnerability in WWBN AVideo Dev Master Commit 15fed957fb Remote Command Execution Vulnerability in Emerson Rosemount GC370XA, GC700XA, and GC1500XA Products Improper Privilege Management vulnerability in Yepas Digital Yepas Insecure Default in LXD Allows OS-Resident Attackers to Bypass Secure Boot via UEFI Shell Vulnerability Vulnerability: Unauthorized Access via Open Network Port in BCC101/BCC102/BCC50 WiFi Firmware Cross-Site Scripting (XSS) Vulnerability in Academy LMS 6.2 on Windows XML External Entity (XXE) Reference Vulnerability in Apache Cocoon Privilege Escalation Vulnerability in Apache Superset Path Traversal and SSRF/XXE via Unvalidated DefaultLocaleResolver.LOCALE_KEY in Apache Tiles (Unsupported) SQL Injection Vulnerability in Apache Superset Arbitrary File Read Vulnerability in WWBN AVideo dev master commit 15fed957fb Remote Code Execution in Web Server in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 on Windows and Linux allows Attackers to Execute Arbitrary Code via a Malicious Request Critical SQL Injection Vulnerability in Academy LMS 6.2 Reflected XSS Vulnerability in Seraphinite Accelerator CVE-2023-49742 Stored Cross-Site Scripting (XSS) Vulnerability in Jeff Starr Dashboard Widgets Suite CSRF Vulnerability in Gift Up Gift Cards for WordPress and WooCommerce Stored Cross-site Scripting (XSS) Vulnerability in Spiffy Calendar Plugin Server-Side Request Forgery (SSRF) Vulnerability in Softaculous Team SpeedyCache Stored Cross-Site Scripting Vulnerability in WebFactory Ltd Guest Author Plugin CSRF Vulnerability in SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! Cross-Site Request Forgery Vulnerability in Website Builder by SeedProd Plugin for WordPress SQL Injection Vulnerability in Couponis - Affiliate & Submitting Coupons WordPress Theme CSRF Vulnerability in Ciprian Popescu Block for Font Awesome SQL Injection vulnerability in Adifier - Classified Ads WordPress Theme CSRF Vulnerability in gVectors Team WooDiscuz – WooCommerce Comments CSRF Vulnerability in WPsoonOnlinePage Plugin CSRF Vulnerability in Gravity Master Product Enquiry for WooCommerce Sensitive Information Exposure to Unauthorized Actor in AppMySite App Builder CSRF Vulnerability in CSprite: Versions n/a through 1.1 SQL Injection vulnerability in Advanced Database Cleaner: from n/a through 3.1.2 User-Controlled Key Authorization Bypass Vulnerability in Rate my Post – WP Rating System Stored Cross-site Scripting (XSS) Vulnerability in Themefic Ultimate Addons for Contact Form 7 Stored Cross-site Scripting (XSS) Vulnerability in Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo CVE-2023-49768 CSRF Vulnerability in SoftLab Integrate Google Drive Code Injection Vulnerability in librenms/librenms prior to 23.9.0 Stored Cross-site Scripting (XSS) Vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] Reflected XSS Vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] Deserialization of Untrusted Data vulnerability in Genesis Simple Love 2.0 Deserialization of Untrusted Data vulnerability in BCorp Shortcodes CSRF Vulnerability in Denis Kobozev CSV Importer SQL Injection Vulnerability in Hakan Demiray Sayfa Sayac Deserialization of Untrusted Data vulnerability in YITH WooCommerce Product Add-Ons Deserialization of Untrusted Data Vulnerability in Sayfa Sayac Stored Cross-Site Scripting Vulnerability in GROWI Versions Prior to v6.0.0 Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 23.9.0 Vulnerability in Collabora Online - Built-in CODE Server (richdocumentscode) via proxy.php CSV Import Form Allows Unauthorized Editing and Deleting of Records CVE-2023-49785 Race Condition DoS Vulnerability in Asterisk's DTLS-SRTP Handshake Vulnerability in Collabora Online - Built-in CODE Server (richdocumentscode) allows file overwrite outside sub directory Reflected Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 23.9.0 Unauthenticated Access to Nextcloud iOS Files App Prior to Version 4.9.2 Unauthenticated Workflow Manipulation in Nextcloud Server Remote Address Spoofing Vulnerability in Nextcloud Server and Nextcloud Enterprise Server KernelSU Vulnerability: Bypassing APK Path Logic for Root Privilege Escalation Server-side Request Forgery Vulnerability in MindsDB's `file.py` Limited File Write Vulnerability in MindsDB (Versions prior to 23.11.4.1) Privilege Escalation via PyInstaller Bundle Deletion Vulnerability Double Execution Vulnerability in OpenZeppelin Contracts 4.9.4 Vulnerability: Bypassing Absolute URL Check in nuxt-api-party Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 23.9.0 Denial of Service Vulnerability in `nuxt-api-party` Library Unvalidated File Access Vulnerability in Lif Auth Server Cross-Site Scripting (XSS) Vulnerability in LinkedCustomFields Plugin for MantisBT CORS Middleware in @koa/cors npm Prior to Version 5.0.0 Allows Bypassing Same Origin Policy Persistent Unauthorized Access Vulnerability in Uptime Kuma WebSocket Origin Validation Bypass in Uptime Kuma Stored Cross-Site Scripting Vulnerability in MathJax Processing in GROWI versions prior to v6.0.0 Null Request Body Vulnerability in Mattermost's /add Endpoint Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 23.9.0 Login Attempt Restriction Bypass Vulnerability in WWBN AVideo dev master commit 15fed957fb User-Controlled Key Authorization Bypass in WP Photo Album Plus Stored Cross-Site Scripting Vulnerability in WP Photo Album Plus Unrestricted File Upload Vulnerability in Symbiostock CVE-2023-49815 CSRF Vulnerability in Fix My Feed RSS Repair Deserialization of Untrusted Data vulnerability in Structured Content (JSON-LD) #wpsc Stored Cross-site Scripting (XSS) Vulnerability in LibreNMS GitHub Repository Stored Cross-site Scripting (XSS) Vulnerability in Structured Content (JSON-LD) #wpsc CSRF Vulnerability in LiveChat – WP Live Chat Plugin for WordPress Stored Cross-Site Scripting Vulnerability in BoldThemes Bold Page Builder CSRF Vulnerability in PixelYourSite Product Catalog Feed Plugin SQL Injection Vulnerability in Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme Deserialization of Untrusted Data Vulnerability in Soledad WordPress Theme Cross-site Scripting (XSS) Vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme Stored Cross-site Scripting (XSS) Vulnerability in Automattic WooPayments Stored Cross-site Scripting (XSS) Vulnerability in Themeum Tutor LMS – eLearning and Online Course Solution Cross-Site Scripting (XSS) Vulnerability in app1pro Shopicial up to 20230830 Code Injection Vulnerability in Brainstorm Force Astra Pro Stored XSS vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks (Versions n/a through 2.7.9) CSRF Vulnerability in FOX – Currency Switcher Professional for WooCommerce Stored XSS vulnerability in Brontobytes Cookie Bar allows remote attackers to inject malicious scripts into web pages. CVE-2023-49837 CVE-2023-49838 CVE-2023-49839 Unprotected Storage of Credentials in didi KnowSearch 0.3.2/0.3.1.2 CSRF Vulnerability in Palscode Multi Currency For WooCommerce Stored Cross-site Scripting (XSS) Vulnerability in FancyThemes Optin Forms Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page CSRF Vulnerability in QuanticEdge First Order Discount Woocommerce CSRF Vulnerability in WPPerformanceTester Stored Cross-Site Scripting Vulnerability in Paul Bearne Author Avatars List/Block Stored Cross-site Scripting (XSS) Vulnerability in Twinpictures Annual Archive Critical Vulnerability in Supcon InPlant SCADA (up to 20230901): Improper Authentication via Project.xml Manipulation CSRF Vulnerability in PayTR Taksit Tablosu – WooCommerce CSRF Vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce CSRF Vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce Insufficient Computational Effort in Supcon InPlant SCADA Project.xml Password Hash Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in WP Project Manager – Task, Team, and Project Management Plugin Arbitrary File Read Vulnerability in WWBN AVideo Arbitrary File Read Vulnerability in WWBN AVideo Arbitrary File Read Vulnerability in WWBN AVideo Critical SQL Injection Vulnerability in infinitietech taskhub 2.8.7 Guest User Privilege Escalation in Mattermost Private Playbook Run Task Update Improper URL Filtering in IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED, and 3957-VEC Information Disclosure Vulnerability in IBM System Storage Virtualization Engine TS7700 Unrestricted File Upload Vulnerability in Bettershop LaikeTui Vulnerability in IBM Financial Transaction Manager for SWIFT Services 3.2.4: Modification of Sending Address and Message Type in MER Facility OS Command Injection Vulnerability in AE1021PE and AE1021 Firmware Unsanitized Compilation Parameters in Streampark Maven Integration Arbitrary File Read Vulnerability in MCL-Net Versions Prior to 4.6 Update Package (P01) CVE-2023-49906 CVE-2023-49907 CVE-2023-49908 CVE-2023-49909 Unquoted Search Path Vulnerability in NextBX QWAlerter 4.50 CVE-2023-49910 CVE-2023-49911 CVE-2023-49912 CVE-2023-49913 Denial of Service Vulnerability in InteraXon Muse 2 Devices via Brain-Hack Attack CSRF Bypass Vulnerability in Apache Airflow 2.7.0 - 2.7.3 Sensitive Information Exposure in Beats and Elastic Agent Logs Sensitive Information Leakage in App Search Logs Cross-Site Scripting (XSS) Vulnerability in MISP Event Timeline Widget Improper Privilege Management in SoliPay Mobile App: Collecting User Data CVE-2023-49930 CVE-2023-49931 CVE-2023-49932 Improper Enforcement of Message Integrity in SchedMD Slurm Communication Channel SQL Injection Vulnerability in SchedMD Slurm 23.11.x Slurm 23.02.x and 23.11.x: Incorrect Access Control via Slurmd Message Integrity Bypass NULL Pointer Dereference Vulnerability in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x Double Free Vulnerability in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x Incorrect Access Control in SchedMD Slurm 22.05.x and 23.02.x Allows Unauthorized Modification of Extended Group List Remote Code Execution Vulnerability in Allow PHP in Posts and Pages Plugin for WordPress Stored XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP Bypassing Challenge Response Feature in BeyondTrust Privilege Management for Windows Unauthenticated Access to Private Repository Actions in Forgejo 2FA Bypass Vulnerability in Forgejo before 1.20.5-1 with Docker Basic Authentication Information Disclosure Vulnerability in Forgejo Bypassing Two-Factor Authentication in Passwork before 6.2.0 Stored Cross-Site Scripting Vulnerability in Embed Calendly Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Logpoint SIEM SQL Injection Vulnerability in 3CX CRM Integration Unvalidated Length Field in BootNotification Message Leads to Denial of Service in Dalmann OCPP.Core Random transactionId in StopTransaction message terminates active transactions Multiple Concurrent Transactions with Same ConnectorId and idTag Arbitrary Property Manipulation in Dalmann OCPP.Core CVE-2023-49959 NSClient Vulnerability: Unauthorized User Can Disable Netskope Client CVE-2023-49960 Incorrect Access Control in WALLIX Bastion and Access Manager: A Gateway to Sensitive Data Exposure CVE-2023-49963 Server-Side Template Injection (SSTI) Vulnerability in Hyland Alfresco Community Edition through 7.2.0 CVE-2023-49965 Typecho v1.2.1 Vulnerable to XML Quadratic Blowup Attack via /index.php/action/xmlrpc Component CVE-2023-49968 CVE-2023-49969 Privilege Escalation via Password Change Vulnerability in ProIntegra Uptime DC Software CVE-2023-49970 CVE-2023-49971 CVE-2023-49973 CVE-2023-49974 CVE-2023-49976 CVE-2023-49977 CVE-2023-49978 CVE-2023-49979 CVE-2023-49980 CVE-2023-49981 CVE-2023-49982 CVE-2023-49983 CVE-2023-49984 CVE-2023-49985 CVE-2023-49986 CVE-2023-49987 CVE-2023-49988 CVE-2023-49989 SQL Injection Vulnerability in Horizontal Scrolling Announcement Plugin for WordPress Buffer-Overflow Vulnerability in Espeak-ng 1.52-dev's SetUpPhonemeTable Function Stack Buffer Underflow in CountVowelPosition function of Espeak-ng 1.52-dev's synthdata.c Stack Buffer Overflow in RemoveEnding function of Espeak-ng 1.52-dev Buffer Overflow Vulnerability in Espeak-ng 1.52-dev's ReadClause Function Floating Point Exception in Espeak-ng 1.52-dev: Vulnerability in PeaksToHarmspect Function Command Injection Vulnerability in Tenda W30E V16.01.0.12(4843) via setUmountUSBPartition Function Stack Overflow Vulnerability in Tenda W30E V16.01.0.12(4843) via formResetMeshNode Function Stack Overflow Vulnerability in Tenda W30E V16.01.0.12(4843) via formUpgradeMeshOnline Function Stack Overflow Vulnerability in Tenda W30E V16.01.0.12(4843) via formRebootMeshNode Function CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 Stored Cross-Site Scripting Vulnerability in Horizontal scrolling announcement for WordPress Plugin CVE-2023-50010 Remote Command Execution Vulnerability in PopojiCMS Version 2.0.1: Exploiting the Meta Social Field CVE-2023-50015 Cross-Site Request Forgery (CSRF) Vulnerability in Dreamer CMS v4.1.3 via /admin/database/backup Component AMF Crash Vulnerability in open5gs v2.6.6 Arbitrary Command Execution Vulnerability in pgAdmin SIGPIPE Vulnerability in open5gs v2.6.6: Crashing AMF SQL Injection Vulnerability in Presta Monster Multi Accessories Pro Module for PrestaShop SQL Injection Vulnerability in Buy Addons baproductzoommagnifier Module for PrestaShop Versions 1.0.16 and Earlier SQL Injection Vulnerability in PrestaShop Sliding Cart Block Module (blockslidingcart) Sensitive LDAP Logs Stored in Buffer File Vulnerability SQL Injection Vulnerability in JmsSetting Module (jmssetting) for PrestaShop <= 1.1.0 SQL Injection Vulnerability in PHPGurukul Small CRM 3.0 Users Login Panel Arbitrary File Upload Vulnerability in Textpattern CMS v4.8.8 Leads to Server Permission Loss Authentication Bypass Vulnerability in Hospital Management System Version 378c157 Out-of-Bounds Read Vulnerability in Cesanta MJS 2.20.0 Stored Cross-Site Scripting Vulnerability in Autocomplete Location Field Contact Form 7 WordPress Plugin CVE-2023-50053 CVE-2023-50059 CSRF Vulnerability in WP Discord Invite WordPress Plugin SQL Injection Vulnerability in PrestaShop Op'art Easy Redirect Plugin (Versions 1.3.8 - 1.3.12) Stored Cross-Site Scripting (SXSS) Vulnerability in WireMock with GUI versions 3.2.0.0 through 3.0.4.0 Authenticated SQL Injection in Student Information System v1.0 via 'id' Parameter in marks.php Multiple SQL Injection Vulnerabilities in Sourcecodester Customer Support System 1.0 Multiple SQL Injection Vulnerabilities in Sourcecodester Customer Support System 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in OpenKM 7.1.40 (dbb6e88) With Professional Extension SQL Injection Vulnerability in EmpireCMS v7.5 via ftppassword parameter at SetEnews.php Unauthenticated SQL Injection Vulnerability in Student Information System v1.0 Vulnerability: Session Leakage in Aoyun Technology pbootcms V3.1.2 Command Injection Vulnerability in NETGEAR WNR2000v4 Version 1.0.0.70 Arbitrary User Execution via Scheduled Security Scan Policies in GitLab EE Arbitrary File Write Vulnerability in ureport2 2.2.9 and Earlier: Unauthorized File Manipulation via Crafted POST Request Cross Site Scripting (XSS) Vulnerability in APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 Host Header Injection Vulnerability in APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 OS Command Injection in reNgine through 2.0.2 via WAF Detector URL Parameter Buffer Overflow Vulnerability in STMicroelectronics STSAFE-A1xx Middleware Authenticated SQL Injection in Student Information System v1.0 via 'coursecode' parameter in marks.php JFinalcms 5.0.0 Cross Site Scripting (XSS) Vulnerability in Carousel Image Editing Cross Site Scripting (XSS) Vulnerability in JFinalcms 5.0.0 Label Management Editing Cross Site Scripting (XSS) Vulnerability in JFinalcms 5.0.0 ZZCMS 2023 File Upload Vulnerability Authenticated SQL Injection in Student Information System v1.0 via 'coursename' parameter in marks.php Authentication Bypass Vulnerability in TestLink through 1.9.20 due to Type Juggling Unquoted Search Path Vulnerability in Topaz OFD 2.11.0.201 (VDB-239853) Infinite Loop DoS Vulnerability in MP4Box GPAC Version 2.3-DEV Denial of Service (DoS) Vulnerability in Autel EVO NANO Drone Flight Control Firmware 1.6.5 Unlimited Attempts Vulnerability in Hozard Alarm System v1.0 Allows Brute Force Attack on SMS Authentication Default Credentials Vulnerability in Flient Smart Door Lock v1.0 Default Engineer Password Vulnerability in Hozard Alarm System v1.0 RFID Tag Cloning Vulnerability in Hozard Alarm System v1.0 Improper Authentication in Hozard Alarm System v1.0 Allows Disarming from Any Phone Number Replay Attack Vulnerability in Hozard Alarm System v1.0 NFC Tag Cloning Vulnerability in Flient Smart Door Lock v1.0 Allows Unauthorized Access Cross-Site Scripting (XSS) Vulnerability in Pluck CMS 4.7.18 Arbitrary Code Execution via Cross Site Scripting (XSS) in JFinalcms 5.0.0 JFinalcms 5.0.0 Cross Site Scripting (XSS) Vulnerability in Site Management Office Critical SQL Injection Vulnerability in Sakshi2610 Food Ordering Website 1.0 (VDB-239855) Arbitrary Command Execution Vulnerability in TOTOlink A3700R Router Firmware V9.1.2u.5822_B20200513 Cross-Site Scripting (XSS) Vulnerability in UCMS 1.4.7 via ajax.php?do=strarraylist Bypassing Application Restrictions in ScaleFusion Agent 10.5.2 Critical Remote Code Execution Vulnerability in spider-flow up to 0.5.0 EmpireCMS v7.5 SQL Injection Vulnerability in DoExecSql Function File Upload Path Traversal Vulnerability in Struts 2.x File Content Exposure Vulnerability in Pega Platform Versions 8.2.1 to Infinity 23.1.0 Unauthenticated XSS Vulnerability in Pega Platform 8.5.4 to 8.8.3 with Redirect Parameter CVE-2023-50167 CVE-2023-50168 Critical SQL Injection Vulnerability in lmxcms up to 1.41 (VDB-239858) Recovery Notification Bypass Vulnerability in WWBN AVideo dev master commit 15fed957fb Stored Cross-Site Scripting Vulnerability in GROWI Versions Prior to v6.0.0 Critical SQL Injection Vulnerability in SourceCodester Lost and Found Information System 1.0 CVE-2023-50186 CVE-2023-50187 CVE-2023-50188 CVE-2023-50189 Critical SQL Injection Vulnerability in Tongda OA (VDB-239860) CVE-2023-50190 CVE-2023-50191 CVE-2023-50192 CVE-2023-50193 CVE-2023-50194 CVE-2023-50195 CVE-2023-50196 CVE-2023-50197 CVE-2023-50198 CVE-2023-50199 Critical SQL Injection Vulnerability in 07FLY CRM V2's Administrator Login Page (VDB-239861) CVE-2023-50200 CVE-2023-50201 CVE-2023-50202 CVE-2023-50203 CVE-2023-50204 CVE-2023-50205 CVE-2023-50206 CVE-2023-50207 CVE-2023-50208 CVE-2023-50209 Cross-Site Scripting (XSS) Vulnerability in SourceCodester AC Repair and Services System 1.0 CVE-2023-50210 CVE-2023-50211 CVE-2023-50212 CVE-2023-50213 CVE-2023-50214 CVE-2023-50215 CVE-2023-50216 CVE-2023-50217 CVE-2023-50218 CVE-2023-50219 Critical Absolute Path Traversal Vulnerability in DedeCMS up to 5.7.100 (VDB-239863) CVE-2023-50220 CVE-2023-50221 CVE-2023-50222 CVE-2023-50223 CVE-2023-50224 CVE-2023-50225 CVE-2023-50226 CVE-2023-50227 CVE-2023-50228 CVE-2023-50229 Critical SQL Injection Vulnerability in Tongda OA 2017 (VDB-239864) CVE-2023-50230 CVE-2023-50231 CVE-2023-50232 CVE-2023-50233 CVE-2023-50234 CVE-2023-50235 Privilege Escalation Vulnerability in Polarion ALM (All Versions) Cross Site Scripting (XSS) Vulnerability in Planno 23.04.04 Comment Handler Memory Overflow Vulnerability in OpenEXR-viewer (Versions prior to 0.6.1) Heap-based Buffer Overflow in jq 1.7: Patched in Version 1.7.1 H2O HTTP/3 State Exhaustion Vulnerability CKAN Out-of-Memory Error Vulnerability ReDoS Vulnerability in Sentry's Astro SDK 7.78.0-7.86.0 Cross-Site Scripting (XSS) Vulnerability in KOHA up to 23.05.03 (CVE-2021-239866) Cacti 1.2.25 - Reflection Cross-Site Scripting Vulnerability in templates_import.php Infinite Recursion Vulnerability in php-svg-lib (CVE-2021-XXXX) PHAR Deserialization Vulnerability in php-svg-lib Prior to Version 0.5.1 Unauthenticated Access to Pod Logs in Laf Cloud Development Platform Remote Code Execution Vulnerability in Deepin Linux's Default Document Reader Deepin-Compressor Path Traversal Remote Command Execution Vulnerability Bypass of Mandatory Field Requirements in Froxlor Server Administration Software (Versions Prior to 2.1.2) Disconnect Vulnerability in eProsima Fast DDS (formerly Fast RTPS) Unauthenticated Blind SSRF in Medusa TV Show Manager Unauthenticated Blind SSRF in Medusa's Slack Notifier Cross-Site Scripting (XSS) Vulnerability in Tongda OA 11.10 CVE-2023-50260 Memory Exhaustion Vulnerability in Dompdf's SVG Image Parsing Unauthenticated File Access in Nautobot Arbitrary File Read Vulnerability in Bazarr (CVE-2021-12345) Arbitrary File Read Vulnerability in Bazarr Prior to 1.3.1 Blind Server-Side Request Forgery (SSRF) in Bazarr 1.2.4 Unauthorized Resource Update Vulnerability in MeterSphere Stack-based Buffer Overflow in jq 1.7: Patched in 1.7.1 Uncontrolled Recursion Vulnerability in Squid Proxy Server Critical SQL Injection Vulnerability in SourceCodester Simple Membership System 1.0 (CVE-2021-XXXX) Session Fixation Vulnerability in Apache DolphinScheduler HP-UX System Management Homepage (SMH) Information Disclosure Vulnerability Remote Authentication Bypass Vulnerability in HPE Integrated Lights-Out (iLO) 5 and 6 HPE OneView Local Privilege Escalation via Command Injection ClusterService Authentication Bypass Vulnerability in HPE OneView Information Exposure through Debug Log File in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme Critical SQL Injection Vulnerability in mccms 2.6 (VDB-239871) Sensitive Information Exposure via Solr Metrics API in Apache Solr Insufficiently Protected Credentials Exposed in Apache Solr Apache Solr Schema Designer Allows Unauthenticated Remote Code Execution Sensitive Information Exposure in GROWI App Settings Page Open Redirect Vulnerability in PowerCMS (6, 5, and 4 Series) Allows Remote Attackers to Redirect Users Exposure of Sensitive Information to Unauthorized Actors in Apache Solr Streaming Expressions Critical SQL Injection Vulnerability in Tongda OA up to 11.10 (VDB-239872) CVE-2023-50303 CVE-2023-50305 IBM Common Licensing 9.0 Local User Enumeration Vulnerability CVE-2023-50307 Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows 11.5 Critical SQL Injection Vulnerability in OpenRapid RapidCMS 1.3.1 CVE-2023-50311 CVE-2023-50312 CVE-2023-50313 Critical SQL Injection Vulnerability in OpenRapid RapidCMS 1.3.1 CVE-2023-50324 Inadequate Account Lockout Setting in IBM PowerSC Insecure HTTP Methods Vulnerability in IBM PowerSC Session Identifier Exposure in IBM PowerSC Critical SQL Injection Vulnerability in OpenRapid RapidCMS 1.3.1 User Account Manipulation Vulnerability in GROWI versions prior to v6.0.6 Privilege Escalation: Mattermost Allows Demoted Guests to Modify Group Names Stored Cross-Site Scripting Vulnerability in GROWI User Management Page Unrestricted Upload Vulnerability in SourceCodester My Food Recipe 1.0 Improper Access Control (Obsolete Web Pages) Vulnerability in HCL DRYiCE MyXalytics Insecure Direct Object Reference (IDOR) Vulnerability in HCL DRYiCE MyXalytics Allows Unauthorized User Data Access Improper Access Control in HCL DRYiCE MyXalytics: Unauthorized Access to User Information Unauthenticated File Download Vulnerability in HCL DRYiCE MyXalytics Open Redirect Vulnerability in HCL DRYiCE MyXalytics: Exploiting User Redirection for Malicious Purposes Information Disclosure Vulnerability in HCL DRYiCE MyXalytics: Exposing Detailed File Information CVE-2023-50347 Improper Error Handling in HCL DRYiCE MyXalytics Allows Information Disclosure Sametime Proxy Application Cross Site Request Forgery (CSRF) Vulnerability Insecure Transmission of Sensitive Cookies in PT-G503 Series Firmware Vulnerability: Broken Cryptographic Algorithm in HCL DRYiCE MyXalytics Insecure Key Rotation in HCL DRYiCE MyXalytics: A Threat to Data Confidentiality and Integrity Improper Certificate Validation in AREAL Topkapi Vision (Server) Allows for SSL Man-in-the-Middle Attack Cross-Site Scripting Vulnerability in AREAL SAS Websrv1 ASP Website Enables Privilege Escalation Title: OS Command Injection Vulnerability in Multiple QNAP Operating System Versions Unchecked Return Value Vulnerability in QNAP Operating System CSRF Vulnerability in GitHub Repository usememos/memos prior to 0.15.1 CVE-2023-50361 CVE-2023-50362 CVE-2023-50363 CVE-2023-50364 Stored Cross-site Scripting (XSS) Vulnerability in Averta Shortcodes and Extra Features for Phlox Theme Stored XSS Vulnerability in Alma – Pay in Installments or Later for WooCommerce Stored Cross-site Scripting (XSS) Vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh Stored Cross-Site Scripting (XSS) Vulnerability in Advanced Page Visit Counter Plugin for WordPress CSRF Vulnerability in Hiroaki Miyashita Custom Post Type Page Template CVE-2023-50374 Reflected XSS Vulnerability in Simple Membership Plugin Stored Cross-site Scripting (XSS) Vulnerability in AB-WP Simple Counter CVE-2023-50378 CVE-2023-50379 CVE-2023-50380 Unrestricted Upload of Dangerous Files in Apache Solr KeyTrap: DNSSEC Denial of Service Vulnerability SolarWinds Platform SQL Injection Remote Code Execution Vulnerability Time-Based Blind SQL Injection in Track The Click WordPress Plugin Insecure Folder Permissions in Acronis Cyber Protect Home Office (Windows) before build 40713: Sensitive Information Disclosure Vulnerability Privilege Escalation in SAP BTP Security Services Integration Library Arbitrary Privilege Escalation in SAP BTP Security Services Integration Library Arbitrary Privilege Escalation in SAP BTP Security Services Integration Library Datacarrier Size Limit Bypass Vulnerability in Bitcoin Core and Bitcoin Knots Critical SQL Injection Vulnerability in IzyBat Orange Casiers (before 20230803_1) via getEnsemble.php Ingress Nginx Annotation Injection: Exploiting Arbitrary Command Execution Vulnerability: Bypassing Windows Hello Authentication via Goodix Fingerprint Device on Dell Inspiron 15 Computers Information Leak in sec_attest_info in Linux Kernel CVE-2023-50432 CVE-2023-50433 CVE-2023-50434 CVE-2023-50436 CVE-2023-50437 Path Disclosure Vulnerability in PRIMX ZED! and ZONECENTRAL for Windows Nginx Ingress Code Injection Vulnerability via permanent-redirect Annotation UNC Reference Injection Vulnerability in PRIMX ZED! Containers Vulnerability: Unauthenticated Modification of Encrypted Folders to Trigger Outbound Network Traffic Vulnerability: Local Attacker Can Temporarily Exclude File Types from Encryption in PRIMX ZONECENTRAL Vulnerability: Unauthorized Modification of Encrypted Disks to Trigger Outbound Network Traffic Encrypted User Information Disclosure Vulnerability Shell Injection Vulnerability in GL.iNet Routers Privilege Escalation Vulnerability in Mullvad VPN Windows App Arbitrary Code Execution in Pillow through 10.1.0 via Environment Parameter ActiveAdmin Concurrency Vulnerability: Unauthorized Access to Private Data via CSV Export Directory Traversal Vulnerability in JFinalCMS 5.0.0 SQL Injection Vulnerability in Biltay Technology Kayisi Sensitive User Configuration Data Leakage in Zammad Login Screen Improper SSL/TLS Validation in Zammad: Exploitable by Man-in-the-Middle Attackers Email Address Verification Vulnerability in Zammad Phishing Link Injection in Zammad Notification Emails Unauthorized Access to Knowledge Base Entries in Zammad SQL Injection Vulnerability in Biltay Technology Procost (Procost: before 1390) IP Spoofing Vulnerability in Caddy-Geo-IP Middleware Stored XSS Vulnerability in MonicaHQ 4.0.0 via Authenticated User Uploaded SVG Document Authenticated Command Injection Vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 Buffer Overflow Vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 SQL Injection Vulnerability in DRD Fleet Leasing DRDrive Cross-Site Scripting (XSS) Vulnerability in SeaCMS v12.8 admin_ Video.php Component Segmentation Violation Vulnerability in cJSON v1.7.16 via cJSON_InsertItemInArray Segmentation Violation Vulnerability in cJSON v1.7.16 via cJSON_SetValuestring XSS Vulnerability in bill-ahmed qbit-matUI v1.16.4: Remote Information Disclosure via Fixed Session Identifiers (SID) in index.js Weak Hashing Algorithm Vulnerability in bcoin-org bcoin 2.2.0 Privilege Escalation Vulnerability in nos client version 0.6.6 Stored Cross-Site Scripting Vulnerability in WDContactFormBuilder Plugin for WordPress Weak Encryption Algorithms in blinksocks' /presets/ssr-auth-chain.js Component Remote Code Execution Vulnerability in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 Stored Cross-Site Scripting Vulnerability in RafflePress WordPress Plugin Segmentation Fault Vulnerability in NCurse v6.4-20230418 via _nc_wrap_entry() Stored Cross-Site Scripting Vulnerability in Leaflet Map Plugin for WordPress Stored Cross-Site Scripting Vulnerability in CallRail Phone Call Tracking Plugin for WordPress Authentication Bypass Vulnerability in Hospital Management System Version 378c157 Unauthenticated Arbitrary Email Creation and Relay Vulnerability in Super Store Finder Plugin for WordPress CVE-2021-3434: Vulnerability in le_ecred_reconf_req Function Cross-Site Scripting (XSS) Vulnerability in layui v2.74 via data-content Parameter L1D Cache Information Disclosure Vulnerability in XiangShan v2.1 Skupper Operator Vulnerability: Unauthorized Viewing of Deployments in Adjacent Clusters SQL Injection Vulnerability in Semcms v4.8 via AID Parameter in SEMCMS_Function.php Arbitrary Code Execution via File Upload in Pluck-CMS v4.7.18 Cross-Site Scripting (XSS) Vulnerability in RPCMS v3.5.5's /logs/dopost.html Component Stored XSS Vulnerability in EyouCMS-V1.6.5-UTF8-SP1 via Public Security Registration Number Parameter Privilege Escalation via Reflected Cross Site Scripting (XSS) in Cacti v1.2.25 Stored XSS Vulnerability in ActivityPub WordPress Plugin Infinite Loop Vulnerability in IPAddressBitsDivision Component Remote Code Execution (RCE) Vulnerability in easy-rules-mvel v4.1.0 via MVELRule Component OOM Vulnerability in jline-groovy v3.24.1's GroovyEngine.execute Component SQL Injection Vulnerability in Mingsoft MCMS v5.2.9 via categoryType Parameter at /content/list.do Splash Screen Input Validation Vulnerability Stack Overflow Vulnerability in Tenda A18 v15.13.07.09 via devName Parameter SQL Injection Vulnerability in Grupo Embras GEOSIAP ERP v2.2.167.02 via codLogin Parameter Out-of-Bounds Read Vulnerability in Santesoft Sante FFT Imaging Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 23.9.1 AVA Teaching Video Application Service Platform 3.1 - Remote Code Execution via Cross Site Scripting (XSS) Vulnerability Vulnerability: Predefined CI Variable Override via REST API in GitLab Privilege Escalation and Information Disclosure Vulnerability in fit2cloud Cloud Explorer Lite v1.4.1 Vulnerability in EBYTE E880-IR01-V1.1: Information Disclosure via Crafted POST Request Stored Cross-Site Scripting Vulnerability in WordPress Charts Plugin (Versions up to 0.7.0) Buffer Overflow Vulnerability in libming 0.4.8 parser.c Component Stored Cross-Site Scripting Vulnerability in Widget Responsive for Youtube Plugin for WordPress Cross Site Scripting (XSS) Vulnerability in xiweicheng TMS v.2.28.0 via Crafted Script in Click Here Function CuteHttpFileServer XSS Vulnerability in File Upload Function Remote Code Execution Vulnerability in Evernote for MacOS v.10.68.2 Remote Command Execution (RCE) Vulnerability in TOTOLINK X6000R v9.4.0cu.852_B20230719 via /cgi-bin/cstecgi.cgi CVE-2023-50658 Heap-based Buffer Overflow in exiftags 1.01: Exploiting snprintf Vulnerability in nikon_prop1 CVE-2023-50677 Buffer Overflow Vulnerability in Delta Electronics DIAScreen CVE-2023-50685 Arbitrary Code Execution via File Upload in JIZHICMS v.2.5 Remote Code Execution Vulnerability in dom96 Jester v.0.6.0 and Earlier Remote Code Execution Vulnerability in dom96 HTTPbeast v.0.4.1 and Earlier Sensitive Information Exposure in Social Media Share Buttons & Social Sharing Icons Plugin for WordPress CVE-2023-50702 Network-based Man-in-the-Middle (MitM) Attack Vulnerability Open Redirect Vulnerability Server Information Disclosure Vulnerability Unauthorized Access to Clear Credentials and Session Tokens via Memory Dump Session Hijacking Vulnerability Timing Attack Vulnerability in yii2-authclient Denial of Service Vulnerability in Cube API Stored Cross-Site Scripting Vulnerability in Sitekit WordPress Plugin (Versions up to 1.4) Path Parameter Override Vulnerability in Hono Web Framework Out-of-Bounds Memory Access in vmm-sys-util's FamStructWrapper::deserialize Stored Cross-Site Scripting (XSS) Vulnerability in Iris-Web Privilege Escalation Vulnerability in Speckle Server Vulnerability in PKCE Implementation in yii2-authclient prior to version 2.2.15 Unauthenticated LAN Browsing Discloses Active User Accounts in Home Assistant CVE-2023-50716 Password Hash Disclosure in XWiki Platform JSON-Java Denial of Service Vulnerability Email Address Disclosure in XWiki Solr-based Search XWiki Platform Search Administration Interface Remote Code Execution Vulnerability Reflected XSS and Remote Code Execution Vulnerability in XWiki Platform Arbitrary Code Execution Vulnerability in XWiki Platform Reflected XSS vulnerability in Resque versions before 2.1.0 Reflected XSS Vulnerability in Resque-Web CVE-2023-50726 Reflected XSS Vulnerability in Resque 2.5.0 and earlier Uncaught Exception Vulnerability in octokit/webhooks Unrestricted File Upload Vulnerability in Traccar Prior to 5.11 Stored Cross-Site Scripting Vulnerability in WordPress iframe Forms Plugin (Versions up to 1.0) Potential Denial of Service Vulnerability in Grackle GraphQL Server Path Injection Vulnerability in MindsDB Remote Code Execution Vulnerability in XWiki Platform CVE-2023-50734 CVE-2023-50735 CVE-2023-50736 CVE-2023-50737 Authentication Bypass Vulnerability in D-Link D-View 8 v2.0.1.28 CVE-2023-50740 Unauthenticated SQL Injection Vulnerability in Online Notice Board System v1.0 Buffer Overflow Vulnerability in IdeaPad Duet 3-10IGL5's FmpSipoCapsuleDriver Unauthenticated SQL Injection Vulnerabilities in Online Notice Board System v1.0 Unauthenticated SQL Injection Vulnerabilities in Online Notice Board System v1.0 Stored Cross-Site Scripting Vulnerability in Ziteboard Online Whiteboard Plugin for WordPress Insecure File Upload Vulnerability in Online Notice Board System v1.0 Date and Time Mismatch Vulnerability in Thunderbird < 115.6 PGP/MIME Payload Spoofing Vulnerability in Thunderbird < 115.6 Arbitrary File Deletion Vulnerability in Jenkins Scriptler Plugin Jenkins Scriptler Plugin Vulnerability: Unauthorized Access to Groovy Script Contents CSRF Vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and Earlier Unauthenticated Remote Code Execution in Jenkins Nexus Platform Plugin CSRF Vulnerability in Jenkins Nexus Platform Plugin Allows Unauthorized Access to Stored Credentials Unauthenticated Remote Code Execution in Jenkins Nexus Platform Plugin Google Cloud IAM Conditions Not Preserved in Vault Secrets Engine Jenkins OpenId Connect Authentication Plugin Vulnerability: Password Recovery and Administrator Access Open Redirect Vulnerability in Jenkins OpenId Connect Authentication Plugin Unencrypted Storage of Access Tokens in Jenkins Dingding JSON Pusher Plugin Unmasked Access Tokens in Jenkins Dingding JSON Pusher Plugin CSRF Vulnerability in Jenkins HTMLResource Plugin Allows Arbitrary File Deletion Copy Job CSRF Vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and Earlier Unencrypted Storage of PaaSLane Authentication Tokens in Jenkins PaaSLane Estimate Plugin Unmasked Authentication Tokens in Jenkins PaaSLane Estimate Plugin CSRF Vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and Earlier Unauthenticated Remote Code Execution in Jenkins PaaSLane Estimate Plugin ThinkPad BIOS Vulnerability: Unauthorized Firmware Tampering Vulnerability in m2crypto Allows Remote Decryption of TLS Captured Messages Vulnerability in python-cryptography Package Allows Remote Decryption of TLS Captured Messages Apache Airflow Variable Management Vulnerability Buffer Overflow Vulnerability in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 Arbitrary Directory Name Disclosure in Zoho ManageEngine ADAudit Plus (CVE-2021-XXXX) Lenovo LeCloud App Vulnerability: Arbitrary Component Access and File Downloads Lenovo Tablet Privilege Escalation Vulnerability: Unauthorized Access to Device Identifiers and System Commands DOM-based JavaScript Injection Vulnerability in Zimbra Collaboration Modern UI Lenovo Tab M8 HD Local Application Information Disclosure Vulnerability CVE-2023-50811 SQL Injection Vulnerability in History Log Plugin for WordPress CVE-2023-50821 Stored Cross-Site Scripting Vulnerability in Currency Converter Widget – Exchange Rates Stored Cross-site Scripting (XSS) Vulnerability in Wipeout Media CSS & JavaScript Toolbox Stored XSS Vulnerability in Insert or Embed Articulate Content into WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Terrier Tenacity iframe Shortcode Stored Cross-site Scripting (XSS) Vulnerability in Freshlight Lab Menu Image, Icons made easy Stored Cross-site Scripting (XSS) Vulnerability in Accredible Certificates & Open Badges Stored Cross-Site Scripting (XSS) Vulnerability in Ultimate Dashboard – Custom WordPress Dashboard Stored Cross-site Scripting (XSS) Vulnerability in Aerin Loan Repayment Calculator and Application Form Stored Cross-site Scripting (XSS) Vulnerability in Seosbg Seos Contact Form Stored Cross-Site Scripting (XSS) Vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce Stored Cross-site Scripting (XSS) Vulnerability in Mondula GmbH Multi Step Form Stored Cross-Site Scripting Vulnerability in ExtendThemes Colibri Page Builder Stored Cross-Site Scripting Vulnerability in August Infotech WooCommerce Menu Extension CSRF Vulnerability in Praveen Goswami Advanced Category Template Stored Cross-Site Scripting (XSS) Vulnerability in ibericode HTML Forms SQL Injection Vulnerability in Login Lockdown – Protect Login Form SQL Injection Vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more SQL Injection vulnerability in JS Help Desk Plugin Reflected Cross-site Scripting (XSS) Vulnerability in Hestia Control Panel (HestiaCP) SQL Injection vulnerability in wpdevelop, oplugins Booking Manager SQL Injection vulnerability in BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin (Versions n/a - 1.0.72) SQL Injection vulnerability in Matthew Fries MF Gig Calendar SQL Injection vulnerability in Clockwork SMS Notifications SQL Injection vulnerability in James Ward Mail logging – WP Mail Catcher SQL Injection Vulnerability in GeoDirectory – WordPress Business Directory Plugin SQL Injection vulnerability in RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login SQL Injection Vulnerability in Welcart e-Commerce SQL Injection Vulnerability in Aaron J 404 Solution SQL Injection vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress Stored Cross-Site Scripting Vulnerability in Advanced Menu Widget Plugin for WordPress SQL Injection Vulnerability in Simply Schedule Appointments Booking Plugin SQL Injection vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt (n/a - 2.4.3) SQL Injection vulnerability in Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms SQL Injection vulnerability in Squirrly SEO - Advanced Pack (Versions n/a - 2.3.8) SQL Injection Vulnerability in Sam Perrow Pre* Party Resource Hints SQL Injection vulnerability in Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits SQL Injection vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit CSRF Vulnerability in Multiple WordPress Plugins Stored Cross-site Scripting (XSS) Vulnerability in Themeum WP Crowdfunding Plugin Stored Cross-Site Scripting Vulnerability in Copy Anything to Clipboard WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in TMS Booking for Appointments and Events Calendar – Amelia CVE-2023-50861 Unauthenticated SQL Injection Vulnerability in Travel Website v1.0 Unauthenticated SQL Injection Vulnerability in Travel Website v1.0 Unauthenticated SQL Injection in Travel Website v1.0 Unauthenticated SQL Injection Vulnerability in Travel Website v1.0 Unauthenticated SQL Injection Vulnerability in Travel Website v1.0 Unauthenticated SQL Injection Vulnerability in Travel Website v1.0 NSEC3 Vulnerability: Denial of Service via CPU Consumption in DNSSEC Responses Unrestricted JavaScript Injection in Pagelayer WordPress Plugin CSRF Vulnerability in JetBrains TeamCity Login (pre-2023.11.1) Authorization Bypass Vulnerability in JetBrains YouTrack before 2023.3.22268 CVE-2023-50872 CSRF Vulnerability in Add Any Extension to Pages Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More Stored Cross-site Scripting (XSS) vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning CSRF Vulnerability in InspireUI MStore API Stored Cross-Site Scripting (XSS) Vulnerability in Automattic WordPress.Com Editing Toolkit QEMU Vulnerability: Arbitrary Disk Offset Overwrite Exploit Stored Cross-Site Scripting (XSS) Vulnerability in BuddyPress Community Software Stored Cross-Site Scripting (XSS) Vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More CVE-2023-50885 CVE-2023-50886 Stored Cross-Site Scripting (XSS) Vulnerability in Beaver Builder – WordPress Page Builder Unauthenticated Access to Login Page in Defender Security WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Zoho Forms Form Plugin for WordPress Reflected XSS Vulnerability in CodexThemes TheGem WordPress Theme Cross-site Scripting (XSS) Vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder CVE-2023-50894 CVE-2023-50895 Stored Cross-Site Scripting (XSS) Vulnerability in weForms – Easy Drag & Drop Contact Form Builder For WordPress CVE-2023-50898 Improper Check in KVM's svm_set_x2apic_msr_interception() Allows Direct Access to Host x2APIC MSRs, Leading to Denial of Service Reflected XSS Vulnerability in HT Mega – Absolute Addons For Elementor CSRF Vulnerability in WPExpertsio New User Approve Plugin CVE-2023-50905 Arm Ltd Valhall GPU Kernel Driver Use After Free Vulnerability CVE-2023-50914 CVE-2023-50915 Kyocera Device Manager UNC Path Authentication Vulnerability Command Execution Vulnerability in MajorDoMo (aka Major Domestic Module) ACL Bypass Vulnerability in MISP Audit Logs Controller NGINX Authentication Bypass via Lua String Pattern Matching Vulnerability Session ID Reuse Vulnerability in GL.iNet Devices Root Privilege Escalation Vulnerability in GL.iNet Devices Arbitrary Code Execution via AdminToken Cookie Theft on GL.iNet Devices Covert Channel Vulnerability in QUIC's Latency Spin Bit Specification Insufficient Validation of User Supplied Data in Englesystem v3.4.1: JavaScript Injection Vulnerability Out-of-Bounds Read Vulnerability in Contiki-NG RPL-Lite Implementation Out-of-Bounds Read Vulnerability in Contiki-NG RPL-Lite Implementation Unauthorized Access to Sandbox AWS Accounts via Event API CSRF Vulnerability in savignano S/Notify for Jira CSRF Vulnerability in savignano S/Notify for Bitbucket CSRF Vulnerability in savignano S/Notify for Confluence IBM PowerSC HTML Injection Vulnerability Single-Factor Authentication Vulnerability in IBM PowerSC Improper Access Restriction in IBM PowerSC 1.3, 2.0, and 2.1 Session Invalidation Vulnerability in IBM PowerSC Weak Cryptographic Algorithms in IBM PowerSC Remote Click Hijacking Vulnerability in IBM PowerSC Weak Cryptographic Algorithms in IBM PowerSC Cross-Origin Resource Sharing (CORS) Vulnerability in IBM PowerSC Session Fixation Vulnerability in IBM PowerSC Apache Airflow XCom Data Poisoning Vulnerability Unauthorized Access to DAG Source Code in Apache Airflow Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 Hard-coded Credentials Vulnerability in IBM Storage Fusion HCI 2.1.0 through 2.6.1 CVE-2023-50949 Sensitive Email Information Disclosure in IBM QRadar SIEM 7.5 (IBM X-Force ID: 275709) Sensitive Information Disclosure in IBM QRadar Suite and IBM Cloud Pak for Security Information Disclosure Vulnerability in IBM InfoSphere Information Server 11.7 Privileged User Exploitation in IBM Storage Defender - Resiliency Service 2.0 CVE-2023-50959 Stored Cross-Site Scripting Vulnerability in WordPress HTML Filter and CSV-File Search Plugin CVE-2023-50961 Missing HTTP Strict Transport Security (HSTS) Implementation in IBM PowerSC HTTP Header Injection Vulnerability in IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 Stack-based Buffer Overflow in MicroHttpServer Allows Remote Code Execution via Long URI CVE-2023-50966 CVE-2023-50967 Arbitrary File Properties Reading and SSRF Vulnerability in Apache OFBiz CVE-2023-50969 Path Traversal Vulnerability in HYPR Workforce Access on Windows Insecure Storage of Appwrite User Credentials in Appwrite CLI Arbitrary Code Execution Vulnerability in TD Bank TD Advanced Dashboard Client for macOS Missing Authorization Checks in Redpanda Transactions API Marvin Side Channel Vulnerability in Crypto++ (aka cryptopp) during PKCS#1 v1.5 Padding Decryption Privilege Escalation Vulnerability in Campaign Monitor Forms by Optin Cat WordPress Plugin Denial of Service in Crypto++ (cryptopp) via DER Public-Key Data for F(2^m) Curve Denial of Service Vulnerability in ModularSquareRoot Function in Crypto++ Unrestricted File Upload and Remote Code Execution in Stud.IP 5.x through 5.3.3 Command Injection Vulnerability in Tenda i29 v1.0 V1.0.0.5 via sysScheduleRebootSet Function Buffer Overflow Vulnerability in Tenda i29 v1.0 V1.0.0.5 via ip Parameter in spdtstConfigAndStart Function Buffer Overflow Vulnerability in Tenda i29 v1.0 V1.0.0.5 via lanGw Parameter Buffer Overflow Vulnerability in Tenda i29 v1.0 V1.0.0.5 via sysLogin Function Buffer Overflow Vulnerability in Tenda i29 v1.0 V1.0.0.5 via sysTimeInfoSet Function Buffer Overflow Vulnerability in Tenda i29 v1.0 V1.0.0.5 via wifiRadioSetIndoor Function Command Injection Vulnerability in Tenda i29 v1.0 V1.0.0.5 via pingSet Function Local File Inclusion Vulnerability in WordPress HTML Filter and CSV-File Search Plugin Buffer Overflow Vulnerability in Tenda i29 v1.0 V1.0.0.5 via rebootTime Parameter Buffer Overflow Vulnerability in Tenda i29 Router: Remote DoS via pingIp Parameter Stack Overflow Vulnerability in Tenda i29 v1.0 V1.0.0.5 via setPing Function Command Injection Vulnerability in Ruijie WS6008 and WS6108 via downFiles Function Unencrypted Transmission of Sensitive Information in SICK APU RDT400 Unrestricted File Access Vulnerability in Chinese Perpetual Calendar v9.0.0 RDT400 in SICK APU: Unprivileged Remote File Download Vulnerability Unfiltered URL Opening Vulnerability in AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 TOTOlink EX1800T v9.1.0cu.2112_B20220316 - Unauthorized Arbitrary Command Execution Vulnerability Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 Unauthorized Arbitrary Command Execution in TOTOLINK EX1800T V9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOLINX EX1800T v9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 TOTOlink EX1800T v9.1.0cu.2112_B20220316 - Unauthorized Arbitrary Command Execution Vulnerability Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 RDT400 in SICK APU: Insufficient Control Flow Management Vulnerability Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T v9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T V9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T V9.1.0cu.2112_B20220316 Arbitrary Command Execution Vulnerability in TOTOlink EX1800T V9.1.0cu.2112_B20220316 Vulnerability: Unauthorized Arbitrary Command Execution in TOTOLINK EX1800T UI Layer or Frame Vulnerability in SICK APU Allows Remote Information Disclosure Arbitrary Command Execution Vulnerability in TOTOlink EX1200L V9.3.5u.6146_B20201023 via cstecgi.cgi setOpModeCfg Interface Arbitrary Command Execution Vulnerability in TOTOlink EX1200L V9.3.5u.6146_B20201023 via cstecgi.cgi UploadFirmwareFile Interface Arbitrary Command Execution Vulnerability in TOTOLINK EX1200L V9.3.5u.6146_B20201023 on cstecgi.cgi NTPSyncWithHost Interface Improper Input Validation in nocodb/nocodb: Prior to Version 0.96.0 Use-after-free vulnerability in amdgpu_cs_wait_all_fences in Linux kernel before 6.4.12 Use-after-free vulnerability in Linux kernel before 6.4.5 during nonblocking atomic commit and driver unload race condition in drivers/gpu/drm/drm_atomic.c SQL Injection Vulnerability in S-CMS v5.0 via A_newsauth Parameter SQL Injection Vulnerability in S-CMS v5.0 via A_bbsauth Parameter at /admin/ajax.php Vulnerability: File Download Bypass in Frontend File Manager Plugin WordPress Plugin SQL Injection Vulnerability in S-CMS v5.0 via A_productauth Parameter SQL Injection Vulnerability in S-CMS v5.0 via A_textauth Parameter at /admin/ajax.php SQL Injection Vulnerability in S-CMS v5.0 via A_formauth Parameter at /admin/ajax.php Privilege Escalation Vulnerability in MOKOSmart MKGW1 BLE Gateway v.1.1.1 and Earlier User Impersonation Vulnerability in GitLab EE Versions 13.12 to 16.4.1 Unauthenticated Log File Disclosure Vulnerability in QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 DOM Based Reflected Cross Site Scripting (XSS) Vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 DOM Based Reflected XSS Vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 Unauthenticated Access Control Vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 Authenticated Remote Code Execution Vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 Unauthenticated Reflected XSS Vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Authenticated Reflected XSS Vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Unauthenticated Access Control Vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 Unauthenticated Remote SMB Service Disabling Vulnerability in QStar Archive Solutions Stored XSS Vulnerability in Nagios XI NOC Component Remote Code Execution Vulnerability in Buffalo LS210D v.1.78-0.03 Firmware Update Script Stack Overflow Vulnerability in json-path v2.8.0 via Criteria.parse() Method Infinite Loop Denial of Service (DoS) Vulnerability in hutool-core v5.8.23 Excessive Execution Time Vulnerability in MVEL 2.5.0.Final SQL Injection Vulnerability in Easy Newsletter Signups WordPress Plugin Stack Overflow Vulnerability in NumberUtil.toBigDecimal Method Stack Overflow Vulnerability in Hyavijava v6.0.07.1 via ResultConverter.convert2Xml Method Stored Cross-Site Scripting Vulnerability in WP Mailto Links – Protect Email Addresses Plugin for WordPress Stack Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) via formGetWeiXinConfig Function Stack Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) via R7WebsSecurityHandler Stack Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) Upgrade Function Stack Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) via fromSetLocalVlanInfo Function Tenda M3 V1.0.0.12(4856) Command Execution Vulnerability Stack Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) via formDelWlRfPolicy Function Stack Overflow Vulnerability in Tenda W9 V1.0.0.7(4456)_CN via formSetAutoPing Function Command Injection Vulnerability in Tenda W9 V1.0.0.7(4456)_CN via formSetDiagnoseInfo Function Command Injection Vulnerability in Tenda W9 V1.0.0.7(4456)_CN via formexeCommand Function Stored Cross-Site Scripting Vulnerability in BSK PDF Manager Plugin for WordPress Command Injection Vulnerability in Tenda W9 V1.0.0.7(4456)_CN via formGetDiagnoseInfo Function Stack Overflow Vulnerability in Tenda W9 V1.0.0.7(4456)_CN via formSetUplinkInfo Function Stack Overflow Vulnerability in Tenda W9 V1.0.0.7(4456)_CN via formWifiMacFilterSet Function Floating Point Exception (Divide-by-Zero) Vulnerability in mupdf 1.23.4 Floating Point Exception (Divide-by-Zero) Vulnerability in MuPDF 1.23.4 Floating Point Exception (Divide-by-Zero) Vulnerability in mupdf 1.23.4: bmp_decompress_rle4() Function in load-bmp.c Floating Point Exception (Divide-by-Zero) Vulnerability in MuPDF 1.23.4 Floating Point Exception (Divide-by-Zero) Vulnerability in mupdf 1.23.4: compute_color() Function in jquant2.c Cross-Site Scripting (XSS) Vulnerability in Os Commerce's featured_type_name[1] Parameter Cross-Site Scripting (XSS) Vulnerability in Os Commerce via specials_type_name[1] Parameter Remote Code Execution Vulnerability in D-Link DIR-815 v1.01SSb08.bin Arbitrary Command Execution Vulnerability in FLIR AX8 up to 1.46.16 Directory Traversal Vulnerability in FLIR AX8 Thermal Sensor Cameras (CVE-2021-XXXX) Vulnerability: Denial of Service and Cross Site Scripting in HP Enterprise LaserJet and HP LaserJet Managed Printers Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stack Overflow Vulnerability in TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web Stored Cross-Site Scripting Vulnerability in idbbee WordPress Plugin CVE-2023-51141 CVE-2023-51142 CVE-2023-51146 CVE-2023-51147 CVE-2023-51148 Absolute Path Traversal Vulnerability in Ansible Automation Platform Arbitrary File Download Vulnerability in Jizhicms v2.5 Stored Cross-Site Scripting Vulnerability in Live Updates from Excel Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in /sofer/DocumentService.asc/SaveAnnotation Endpoint Arbitrary Web Script Injection in Forminator WordPress Plugin Arbitrary Command Execution Vulnerability in ROS2 Foxy Fitzroy Privilege Escalation Vulnerability in ROS2 Foxy Fitzroy Buffer Overflow Vulnerability in ROS2 Foxy Fitzroy Stored Cross-Site Scripting Vulnerability in WPvivid WordPress Plugin (Versions up to 0.9.89) Default Credential Vulnerability in ROS2 Foxy Fitzroy Cleartext Transmission Vulnerability in ROS2 Foxy Fitzroy Arbitrary Command Execution Vulnerability in ROS2 Foxy Fitzroy Arbitrary Code Execution Vulnerability in ROS2 Foxy Fitzroy Arbitrary File Upload Vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 Stored Cross-Site Scripting Vulnerability in WPvivid WordPress Plugin Remote Code Execution via SQL Injection in Webkul Bundle Product 6.0.1 Remote Code Execution Vulnerability in TenghuTOS TWS-200 Firmware Version: V4.0-201809201424 SSRF vulnerability in Grafana CSV Datasource Plugin Path Traversal Vulnerability in JSON Datasource Plugin for Grafana Unfiltered HTML Injection in Pagelayer WordPress Plugin XSS Vulnerability in GetSimple CMS 3.3.16 via Source Code Mode in /admin/edit.php Stored Cross-Site Scripting Vulnerability in Contact Form by FormGet Plugin for WordPress Cross Site Scripting (XSS) Vulnerability in PublicCMS 4.0 CVE-2023-51254 Arbitrary Code Execution Vulnerability in Jasper-Software Jasper v.4.1.1 and Earlier Memory Leak Vulnerability in YASM v.1.3.0: Denial of Service via new_Token Function Stored Cross-Site Scripting Vulnerability in Delete Me WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Font Awesome Plugin for WordPress Privilege Escalation in nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 Stored Cross-Site Scripting Vulnerability in TCD Google Maps Plugin for WordPress CVE-2023-51281 Sensitive Information Disclosure in mingSoft MCMS v.5.2.4 via Crafted Password Parameter Buffer Overflow Vulnerability in Delta Electronics WPLSoft Allows Code Execution via Crafted DVP File Heap Buffer-Overflow Vulnerability in Delta Electronics ISPSoft Allows Code Execution Unauthenticated Access Vulnerability in Soisy Pagamento Rateale Plugin for WordPress IP Address Spoofing Vulnerability in User-Activity-Log-Pro WordPress Plugin Information Disclosure Vulnerability in Easy Registration Forms for WordPress Stored Cross-Site Scripting Vulnerability in Simple Cloudflare Turnstile Plugin for WordPress Remote Code Execution and Information Disclosure Vulnerability in ujcms v.8.0.2 CSRF Vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking CSRF Vulnerability in Bright Plugins Block IPs for Gravity Forms Information Disclosure Vulnerability in TopoGrafix DataPlugin for GPX Stored Cross-site Scripting (XSS) Vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button Information Disclosure Vulnerability in VR-S1000 Firmware Ver. 2.37 and Earlier CVE-2023-51364 CVE-2023-51365 CVE-2023-51369 Arbitrary Web Script Injection in Simply Excerpts WordPress Plugin Stored Cross-Site Scripting Vulnerability in NinjaTeam WP Chat App Stored Cross-site Scripting (XSS) vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget (CVE-2021-XXXX) Stored Cross-Site Scripting Vulnerability in HasThemes HashBar – WordPress Notification Bar Cross-site Scripting (XSS) Vulnerability in Google Photos Gallery with Shortcodes Stored Cross-site Scripting (XSS) Vulnerability in ZeroBounce Email Verification & Validation CSRF Vulnerability in Rise Blocks – A Complete Gutenberg Page Builder Improperly Scoped Token Vulnerability in GitHub Enterprise Server Vulnerability: Glitch Detection Not Enabled by Default in Silicon Labs Secure Vault High Parts EFx32xG2xB (Except EFR32xG21B) Improperly Scoped Token Access Vulnerability in GitHub Enterprise Server Incomplete Application of Destination Constraints in ssh-agent OpenSSH Shell Command Injection Vulnerability Unauthorized Data Access in Sandbox Accounts for Events Command Execution Vulnerability in Hertzbeat Alert Expressions AviatorScript Injection in Hertzbeat's CalculateAlarm.java YAML Deserialization Vulnerability in Hertzbeat Buffer Overflow Vulnerability in Zephyr STM32 Crypto Driver Logging Vulnerability in journalpump Exposes Service Integration Configuration and Credentials CVE-2023-51391 Vulnerability: Use of Software AES-CCM in Ember ZNet v7.2.0 to v7.4.0 Increases Risk of Sidechannel Attacks Uncontrolled Resource Consumption Vulnerability in Silicon Labs Ember ZNet SDK NULL Pointer Dereference Vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0 in High Traffic Environments CVE-2023-51395 Stored Cross-site Scripting (XSS) Vulnerability in Brizy.Io Brizy – Page Builder (Versions n/a through 2.4.29) Stored Cross-Site Scripting Vulnerability in Brainstorm Force WP Remote Site Search Stored Cross-Site Scripting Vulnerability in WPFactory Back Button Widget Reflected Cross-Site Scripting Vulnerability in Bonus for Woo WordPress Plugin CSRF Vulnerability in Ultimate Addons for WPBakery Page Builder Stored Cross-site Scripting (XSS) Vulnerability in Nicdark Restaurant Reservations Stored Cross-site Scripting (XSS) Vulnerability in MyAgilePrivacy CVE-2023-51405 Sensitive Information Exposure in FastDup – Fastest WordPress Migration & Duplicator Plugin CVE-2023-51407 Sensitive Information Exposure to Unauthorized Actor in WP Optin Wheel Plugin CVE-2023-51409 Reflected Cross-Site Scripting Vulnerability in BSK Contact Form 7 Blacklist WordPress Plugin Unrestricted File Upload Vulnerability in WPVibes WP Mail Log Unrestricted File Upload Vulnerability in Shabti Kaplan Frontend Admin by DynamiApps Unrestricted File Upload Vulnerability in Piotnet Forms Deserialization of Untrusted Data vulnerability in EnvialoSimple: Email Marketing y Newsletters Stored Cross-Site Scripting (XSS) Vulnerability in GiveWP Donation Plugin and Fundraising Platform CVE-2023-51416 Unrestricted Upload of Dangerous File Type in JVM Gutenberg Rich Text Icons CVE-2023-51418 Unrestricted File Upload Vulnerability in BERTHA AI Path Traversal Vulnerability in H3C GR-1100-P and Other Models Code Injection Vulnerability in Verge3D Publishing and E-Commerce Unrestricted File Upload Vulnerability in Verge3D Publishing and E-Commerce Deserialization of Untrusted Data vulnerability in WebinarIgnition Plugin SQL Injection vulnerability in Saleswonder Team Webinar Plugin CVE-2023-51425 Type Confusion Vulnerability in Honor Products: Potential Information Leak Type Confusion Vulnerability in Honor Products: Potential Information Leak Type Confusion Vulnerability in Honor Products: Potential Information Leak Honor Products Vulnerable to Privilege Assignment Vulnerability: Risk of Information Leakage Critical Remote Code Execution Vulnerability in D-Link DAR-7000 (Unsupported) Honor Products Vulnerable to Privilege Assignment Vulnerability: Risk of Information Leak Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Out of Bounds Read Vulnerability in Certain Honor Products: Potential Information Leak Honor Products Vulnerable to Privilege Assignment Vulnerability: Risk of Information Leakage Honor Products Vulnerable to Buffer Overflow Exploitation: Risk of Code Execution Honor Products Vulnerable to Privilege Assignment Vulnerability: Risk of Information Leakage Timing Discrepancy Vulnerability in Apache Pulsar SASL Authentication Provider Unauthorized Access Vulnerability in SIMATIC IPC1047E, IPC647E, and IPC847E with maxView Storage Manager Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Unrestricted File Upload Vulnerability in D-Link DAR-7000 and DAR-8000 (Unsupported) TCP Sequence Number Validation Vulnerability in SIMATIC CP 343-1 and SIPLUS NET CP 343-1 Apache Axis Improper Input Validation Vulnerability Authentication Bypass Vulnerability in Navidrome's Subsonic Endpoint Denial of Service Vulnerability in FreeSWITCH Prior to Version 1.10.11 CVE-2023-51444 CVE-2023-51445 LDAP Injection Vulnerability in GLPI 10.0.11 and Earlier Versions Cross-Site Scripting (XSS) Vulnerability in Decidim Dynamic File Upload Blind SQL Injection Vulnerability in Cacti SNMP Notification Receivers File traversal vulnerability in Gradio versions prior to 4.11.0 Unrestricted File Upload Vulnerability in D-Link DAR-7000 (Unsupported) OS Command Injection Vulnerability in baserCMS Site Search Feature Arbitrary URL GET Requests Vulnerability in Symbolicator CVE-2023-51452 CVE-2023-51453 CVE-2023-51454 CVE-2023-51455 CVE-2023-51456 Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Unrestricted File Upload Vulnerability in D-Link DAR-7000 and DAR-8000 Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.18 and Earlier Authentication Bypass Vulnerability Allows Remote Code Execution Unrestricted File Upload Vulnerability in Jacques Malgrange Rencontre – Dating Site SQL Injection vulnerability in Mestres do WP Checkout Mestres WP Unrestricted File Upload Vulnerability in D-Link DAR-7000 (Unsupported) Deserialization of Untrusted Data Vulnerability in Rencontre – Dating Site CVE-2023-51471 CVE-2023-51472 Unrestricted File Upload Vulnerability in Pixelemu TerraClassifieds Plugin CVE-2023-51474 Unrestricted File Upload Vulnerability in IOSS WP MLM SOFTWARE PLUGIN CVE-2023-51477 CVE-2023-51478 Unrestricted Upload Vulnerability in D-Link DAR-7000 and DAR-8000 (Unsupported) Stored Cross-Site Scripting Vulnerability in realmag777 Active Products Tables for WooCommerce CVE-2023-51482 CVE-2023-51484 Stored Cross-Site Scripting Vulnerability in Pay with Vipps and MobilePay for WooCommerce CVE-2023-51486 CVE-2023-51487 Cross-site Scripting (XSS) Vulnerability in Crowdsignal Dashboard – Polls, Surveys & more (Versions n/a - 3.0.11) CVE-2023-51489 Unrestricted Upload Vulnerability in D-Link DAR-7000 (Unsupported) Sensitive Information Exposure Vulnerability in WPMU DEV Defender Security CVE-2023-51491 Stored Cross-site Scripting (XSS) Vulnerability in If-So Dynamic Content Personalization Plugin Stored Cross-site Scripting (XSS) Vulnerability in Howard Ehrenberg Custom Post Carousels with Owl CVE-2023-51499 Unrestricted Upload Vulnerability in D-Link DAR-7000 and DAR-8000 (Unsupported) CVE-2023-51500 Reflected XSS Vulnerability in Uncode - Creative & WooCommerce WordPress Theme User-Controlled Key Authorization Bypass in WooCommerce Stripe Payment Gateway Authorization Bypass Through User-Controlled Key Vulnerability in WooPayments Stored Cross-site Scripting (XSS) Vulnerability in Dan's Embedder for Google Calendar Deserialization of Untrusted Data Vulnerability in Active Products Tables for WooCommerce Stored Cross-Site Scripting (XSS) Vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional Sensitive Information Exposure Vulnerability in Jordy Meow Database Cleaner Reflected XSS Vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Critical SQL Injection Vulnerability in D-Link DAR-8000 (Unsupported) CVE-2023-51510 CVE-2023-51512 Stored Cross-Site Scripting Vulnerability in CBX Bookmark & Favorite Plugin CVE-2023-51515 Open Redirect Vulnerability in CodePeople Calculated Fields Form CVE-2023-51518 Critical SQL Injection Vulnerability in Unsupported D-Link DAR-7000 and DAR-8000 Stored Cross-Site Scripting (XSS) Vulnerability in WP Booking Calendar CVE-2023-51521 CVE-2023-51522 CVE-2023-51525 Unauthorized Access to Sensitive Data in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4 CVE-2023-51528 CVE-2023-51529 Critical SQL Injection Vulnerability in D-Link DAR-8000 (Unsupported) CVE-2023-51530 CVE-2023-51531 Stored Cross-site Scripting (XSS) Vulnerability in Icegram Engage – WordPress Lead Generation Plugin CVE-2023-51533 Stored Cross-site Scripting (XSS) Vulnerability in Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content CSRF Vulnerability in CleanTalk's Spam Protection and Anti-Spam Plugin Stored XSS Vulnerability in CRM Perks Forms – WordPress Form Builder CSRF Vulnerability in Awesome Support – WordPress HelpDesk & Support Plugin CSRF Vulnerability in Apollo13Themes Apollo13 Framework Extensions Unrestricted Upload Vulnerability in D-Link DAR-8000 (Unsupported) Stored Cross-site Scripting (XSS) Vulnerability in Kunal Nagar Custom 404 Pro Stored Cross-site Scripting (XSS) Vulnerability in Aleksandar Urošević Stock Ticker CSRF and Deserialization Vulnerability in ThemeHigh Job Manager & Career Plugin SQL Injection vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin (Versions n/a - 1.7.6) Stored Cross-site Scripting (XSS) Vulnerability in Neil Gee SlickNav Mobile Menu CVE-2023-51549 SQL Injection Vulnerability in SoliPay Mobile App (before 5.0.8) CVE-2023-51550 CVE-2023-51551 CVE-2023-51552 CVE-2023-51553 CVE-2023-51554 CVE-2023-51555 CVE-2023-51556 CVE-2023-51557 CVE-2023-51558 CVE-2023-51559 Memory Leak Vulnerability Introduced in GNU C Library Fix for CVE-2023-4806 CVE-2023-51560 CVE-2023-51561 CVE-2023-51562 CVE-2023-51563 CVE-2023-51564 CVE-2023-51565 CVE-2023-51566 CVE-2023-51567 CVE-2023-51568 CVE-2023-51569 Denial of Service Vulnerability in MariaDB via OpenVAS Port Scan CVE-2023-51570 CVE-2023-51571 CVE-2023-51572 CVE-2023-51573 CVE-2023-51574 CVE-2023-51575 CVE-2023-51576 CVE-2023-51577 CVE-2023-51578 CVE-2023-51579 Denial of Service Vulnerability in vringh_kiov_advance in Linux Kernel CVE-2023-51580 CVE-2023-51581 CVE-2023-51582 CVE-2023-51583 CVE-2023-51584 CVE-2023-51585 CVE-2023-51586 CVE-2023-51587 CVE-2023-51588 CVE-2023-51589 Improper Permissions Verification in Mattermost Bot Management CVE-2023-51590 CVE-2023-51591 CVE-2023-51592 CVE-2023-51593 CVE-2023-51594 CVE-2023-51595 CVE-2023-51596 CVE-2023-51597 CVE-2023-51598 CVE-2023-51599 Information Disclosure Vulnerability in Mattermost API CVE-2023-51600 CVE-2023-51601 CVE-2023-51602 CVE-2023-51603 CVE-2023-51604 CVE-2023-51605 CVE-2023-51606 CVE-2023-51607 CVE-2023-51608 CVE-2023-51609 Stored Cross-Site Scripting Vulnerability in Modal Window Plugin for WordPress CVE-2023-51610 CVE-2023-51611 CVE-2023-51612 CVE-2023-51613 CVE-2023-51614 CVE-2023-51615 CVE-2023-51616 CVE-2023-51617 CVE-2023-51618 CVE-2023-51619 Stored Cross-Site Scripting Vulnerability in Options for Twenty Seventeen Plugin for WordPress CVE-2023-51620 CVE-2023-51621 CVE-2023-51622 CVE-2023-51623 CVE-2023-51624 CVE-2023-51625 CVE-2023-51626 CVE-2023-51627 CVE-2023-51628 CVE-2023-51629 Stored Cross-Site Scripting Vulnerability in Weather Atlas Widget Plugin for WordPress Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability CVE-2023-51631 CVE-2023-51633 Stored Cross-Site Scripting Vulnerability in Bellows Accordion Menu Plugin for WordPress Unrestricted Job Execution in Nautobot Docker Desktop Enhanced Container Isolation (ECI) Bypass Vulnerability Unauthorized Access Vulnerabilities in Hertzbeat Monitoring System Arbitrary Object Access Vulnerability in AWS SDK for PHP Mutation Cross-Site Scripting (mXSS) Vulnerability in OWASP AntiSamy .NET JNDI Injection Vulnerability in Hertzbeat's JmxCollectImpl.java iPrint&Scan Desktop for Windows Symlink Attack Vulnerability Code Execution Vulnerability in JetBrains IntelliJ IDEA via Malicious Plugin Repository Apache IoTDB Deserialization of Untrusted Data Vulnerability Access Token Theft via Crafted Extension Icon URL in Docker Desktop Filesystem Exposure Vulnerability in Wasmer Runtime Insecure Certificate Revocation List (CRL) Check in Snowflake Connector .NET OpenID Connect Email Address Manipulation Vulnerability in Hail Command Injection in tj-actions/changed-files GitHub Action (CVE-2021-XXXX) Unauthenticated Blind SSRF Vulnerability in Audiobookshelf Stored Cross-Site Scripting Vulnerability in PickPlugins Related Post Plugin CSRF Vulnerability in WP Zone Inline Image Upload for BBPress Stored Cross-Site Scripting Vulnerability in Artios Media Product Code for WooCommerce Stored Cross-Site Scripting Vulnerability in User Activity Log Pro WordPress Plugin CVE-2023-51672 CSRF Vulnerability in Stylish Price List – Price Table Builder & QR Code Restaurant Menu Stored Cross-Site Scripting (XSS) Vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More Open Redirect Vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More Title: Server-Side Request Forgery (SSRF) Vulnerability in Leevio Happy Addons for Elementor Stored Cross-site Scripting (XSS) Vulnerability in Magazine3 Schema & Structured Data for WP & AMP CSRF Vulnerability in Doofinder WP & WooCommerce Search Out-of-Bounds Write Vulnerability in `FilterNodeD2D1` in Firefox on Windows CVE-2023-51681 CVE-2023-51683 Stored Cross-Site Scripting (XSS) Vulnerability in Easy Digital Downloads Stored Cross-Site Scripting Vulnerability in WP Review Slider Sensitive Information Exposure vulnerability in impleCode Product Catalog Simple Sensitive Information Exposure to Unauthorized Actor in impleCode eCommerce Product Catalog Plugin for WordPress Stored Cross-Site Scripting Vulnerability in naa986 Easy Video Player Out-of-Bounds Write Vulnerability in Firefox and Thunderbird Stored Cross-Site Scripting (XSS) Vulnerability in Advanced iFrame Stored Cross-site Scripting (XSS) Vulnerability in gVectors Team Comments – wpDiscuz CVE-2023-51692 Stored Cross-site Scripting (XSS) Vulnerability in Themify Icons Plugin (Versions n/a - 2.0.1) Stored Cross-Site Scripting Vulnerability in Epiphyt Embed Privacy Stored Cross-Site Scripting (XSS) Vulnerability in Everest Forms Plugin CVE-2023-51696 Unauthenticated Blind SSRF Vulnerability in Audiobookshelf Critical Command Injection Vulnerability in Atril Document Viewer CVE-2023-51699 Canvas Rendering Vulnerability in Firefox < 118: Memory Leak and Sandbox Escape Deserialization of Untrusted Data Vulnerability in WP-Mobile-BankID-Integration Plugin for WordPress Bypass of Security Checks via Misinterpreted ContentType Header in Fastify-Reply-From Plugin Insecure Storage and Logging of Kubernetes Configuration File in Airflow Cross-Site Scripting (XSS) Vulnerability in MediaWiki's RightsLogFormatter.php Remote Command Execution Vulnerability in MotionPro on ArrayOS AG before 9.4.0.505 Unauthenticated Information Disclosure in Bentley eB System Management Console Use-after-free vulnerability during Ion compilation in Firefox and Thunderbird CVE-2023-51710 DLL Hijacking Vulnerability in Regify Regipay Client for Windows Out-of-Bounds Read Vulnerability in ProFTPD before 1.3.8a Integer Overflow Vulnerability in Qt's HTTP2 Implementation Incorrect Access Control in Dataiku DSS before 11.4.5 and 12.4.1: Full Authentication Bypass Vulnerability Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Use-after-free Vulnerability in Firefox < 118: Ion Engine Hashtable Mutation Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) via Insufficient Validation of SMTP Username Parameter Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) via Insufficient Validation of DDNS Username Parameter Integer Overflow Vulnerability in Firefox with Non-Standard Configuration Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) via L2TP/PPTP Username Parameter Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) Stored XSS Vulnerability in Skyworth Router CM5100 (Version 4.1.1.24) Stored XSS Vulnerability in Skyworth Router CM5100, Version 4.1.1.24 Use-after-free vulnerability in Windows sandbox code during process creation in Firefox Plaintext Transmission of Authentication Credentials in Skyworth Router CM5100 Plaintext Transmission of Authentication Credentials in Skyworth Router CM5100 Insufficient Validation of User Input in Skyworth Router CM5100 Allows for Denial of Service Attack Insufficient Validation of User Input in Skyworth Router CM5100 Allows for Denial of Service Attack Null Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Stack Overflow Vulnerability in JT2Go and Teamcenter Visualization Stack Overflow Vulnerability in JT2Go and Teamcenter Visualization CVE-2023-51747 Improper User Limitation in ScaleFusion 10.5.2 Allows Unauthorized Access to Edge Application Unrestricted Search Access in ScaleFusion 10.5.2 Exploitable Crash Vulnerability in Firefox < 118: ImageBitmap Use After Free during Process Shutdown Vulnerability: Unrestricted File Downloads in ScaleFusion 10.5.2 Vulnerability: Unauthorized Access to Edge Application in ScaleFusion 10.5.2 Memory Corruption Vulnerabilities in Firefox and Thunderbird Authentication Bypass Vulnerability in Emerson Rosemount GC370XA, GC700XA, and GC1500XA Products CSV Injection in ActiveAdmin's csv_builder.rb (before 3.2.0) SMTP Smuggling Vulnerability in Postfix SMTP Smuggling Vulnerability in Sendmail 8.17.2 SMTP Smuggling Vulnerability in Exim Vulnerability: Row Hammer Attack in OpenSSH 9.6 Path Disclosure Vulnerability in Vrm 360 3D Model Viewer WordPress Plugin Arbitrary File Read Vulnerability in Apache DolphinScheduler (CVE-2021-12345) Buffer Overflow Vulnerability in MicroHttpServer Allows Remote Code Execution Kiosk Escape Vulnerability in One Identity Password Manager CVE-2023-51773 CVE-2023-51774 CVE-2023-51775 CVE-2023-51779 Use-After-Free Vulnerability in NVMe/TCP Subsystem of Linux Kernel Use-after-free vulnerability in do_vcc_ioctl in Linux kernel before 6.6.8 Use-after-free vulnerability in atalk_ioctl in Linux kernel before 6.6.8 Use-after-free vulnerability in rose_ioctl in Linux kernel before 6.6.8 Apache InLong Remote Code Execution Vulnerability Apache InLong Deserialization of Untrusted Data Vulnerability CVE-2023-51786 Memory Leak in Wind River VxWorks 7 OpenSSL Exit Out-of-Bounds Read Vulnerability in Open Design Alliance Drawings SDK Cross Site Scripting Vulnerability in Piwigo v.14.0.0 Admin Tools Plug-in Component CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 CVE-2023-51794 CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 Out-of-Bounds Write Vulnerability in Open Design Alliance Drawings SDK CVE-2023-51800 CVE-2023-51801 CVE-2023-51802 CVE-2023-51803 Sensitive Information Disclosure in rymcu forest v.0.02 via HTTP Body URL Manipulation SQL Injection Vulnerability in TDuckCloud tduck-platform v.4.0: Remote Information Disclosure via getFormKey Parameter Arbitrary Code Execution via File Upload Vulnerability in Ujcms v.8.0.2 Cross Site Scripting Vulnerability in OFCMS v.1.14 Title Addition Component Stored Cross-Site Scripting Vulnerability in WP Discord Invite WordPress Plugin SQL Injection Vulnerability in StackIdeas EasyDiscuss v.5.0.5: Remote Information Disclosure Remote Code Execution (RCE) Vulnerability in Tenda AX3 v16.03.12.11 via /goform/SetNetControlList Endpoint Arbitrary Code Execution via CSRF in Free Open-Source Inventory Management System v.1.0 Vulnerability: Sensitive Data Exposure in Subiquity Version 23.09.1 and Earlier Remote Code Execution Vulnerability in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 SQL Injection Vulnerability in PMB 7.4.7 and Earlier Versions Unsafe Deserialization Vulnerability in Illumio PCE's network_traffic API Endpoint Command Injection Vulnerability in TRENDnet TEW-411BRPplus v.2.07_eu via debug.cgi CVE-2023-51835 Critical Security Flaw: Missing SSL Certificate Validation in Ylianst MeshCentral 1.1.16 Title: Critical Vulnerability in Ylianst MeshCentral 1.1.16: Use of Insecure Cryptographic Algorithm Insecure Cryptographic Algorithm in DeviceFarmer stf v3.6.6 Critical Vulnerabilities: Signed to Unsigned Conversion Errors and Buffer Overflow in Zephyr IPM Drivers DoraCMS 2.1.8 Vulnerability: Use of Hard-coded Cryptographic Key Algorithm-Downgrade Vulnerability in Ylianst MeshCentral 1.1.16 Cross Site Scripting (XSS) vulnerability in react-dashboard 1.4.0 due to missing httpOnly flag Insecure File Upload Vulnerability in Gym Management System Project v1.0 Use After Free Vulnerability in Google Chrome Allows Remote Heap Corruption High Severity Use After Free Vulnerability in Google Chrome Extensions Denial-of-Service Vulnerability in WagoAppRTU MMS Interpreter Buffer Overflow Vulnerability in Mathtex v.1.05 and Earlier: Remote Code Execution via LaTeX String Length Buffer Overflow Vulnerability in Mathtex 1.05 and Earlier Versions: Denial of Service via \convertpath Arbitrary Code Execution via Command Injection in Mathtex v.1.05 and Earlier Buffer Overflow Vulnerability in nomath() Function in Mathtex v.1.05 and Earlier: Remote Denial of Service Exploit via Crafted URL Remote Code Execution Vulnerability in Mathtex v.1.05 and Earlier via Stack Overflow in validate() Function Path Traversal Vulnerability in Ansible Automation Hub Allows Symlink Attack Remote Code Execution Vulnerability in Mathtex 1.05 and Earlier Versions Remote Code Execution Vulnerability in Weaver e-cology v.10.0.2310.01 Open Redirect Vulnerability in Liferay Portal and Liferay DXP Remote Code Execution Vulnerability in yonyou YonBIP v3_23.05 Critical Vulnerability: Excessive Data Query Operations in pimcore/demo GitHub Repository Prior to 10.3.0 Arbitrary File Upload Vulnerability in YonBIP v3_23.05 Arbitrary File Upload Vulnerability in YonBIP v3_23.05 Arbitrary File Read Vulnerability in YonBIP v3_23.05 SQL Injection Vulnerability in YonBIP v3_23.05 via com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() Method Arbitrary File Upload Vulnerability in YonBIP v3_23.05 Privilege Escalation: Mattermost Allows System Role to Read DM Conversation Posts Denial of Service (DoS) Vulnerability in alanclarke URLite v.3.1.0 Remote Code Execution and Privilege Escalation in Relic relic-toolkit 0.6.0 User Permission Validation Vulnerability in Mattermost Multiple Reflected XSS Vulnerabilities in actiNAS-SL-2U-8 3.2.03-SP1 Remote Unauthorized Access to Data in actiNAS SL 2U-8 RDX 3.2.03-SP1 Site-wide Directory Listing Vulnerability in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 Critical CSRF Vulnerability Found in Verydows v2.0's /protected/controller/backend/role_controller Component Unvalidated Permissions in Mattermost Enable Unauthorized Soft Deletion of Teams SQL Injection Vulnerability in Stock Management System 1.0: Remote Code Execution via id Parameter in manage_bo.php Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via adv.iptv.stbpvid Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.stb.mode Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.stb.port Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via adv.iptv.stballvlans Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.city.vlan Parameter in formSetIptv Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.stb.mode Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.stb.port Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via adv.iptv.stbpvid Parameter Notification Prop Character Limit Bypass Vulnerability in Mattermost Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.city.vlan Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via adv.iptv.stballvlans Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.stb.mode Parameter in setIptvInfo Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.city.vlan Parameter in setIptvInfo Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.stb.port Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via adv.iptv.stbpvid Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via adv.iptv.stballvlans Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.stb.port Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via adv.iptv.stballvlans Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.city.vlan Parameter Use-After-Free Vulnerability in Linux Kernel's nf_tables Component Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via iptv.stb.mode Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via adv.iptv.stbpvid Parameter Command Injection Vulnerability in Tenda AX1803 v1.0.0.1 via fromAdvSetLanIp Function SQL Injection Vulnerability in Update Artist Image Functionality of PHPGurukul Art Gallery Management System v1.1 Vulnerability: Unauthorized Write Access to Protected Branches via Deploy Keys Authentication Bypass Vulnerability in CrateDB 5.5.1 Admin UI Component Command Injection Vulnerability in D-Link DIR-822+ V1.0.2 Login Bypass Vulnerability in D-Link DIR-822+ V1.0.2 HNAP1 Interface Login Bypass Vulnerability in D-Link DIR-822+ V1.0.2 HNAP1 Interface Vulnerability: Local File Inclusion to Remote Code Execution in PHP to Page Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Flowpaper Plugin for WordPress OpenHook Plugin for WordPress Remote Code Execution Vulnerability Remote Command Execution (RCE) Vulnerability in TOTOlink EX1800T V9.1.0cu.2112_B20220316 via setTelnetCfg Interface Remote Command Execution Vulnerability in TOTOlink A3700R v9.1.2u.5822_B20200513 via NTPSyncWithHost Function Remote Command Execution (RCE) Vulnerability in TOTOlink A3700R v9.1.2u.5822_B20200513 via setTracerouteCfg Function Remote Command Execution (RCE) Vulnerability in TOTOlink A3700R v9.1.2u.5822_B20200513 via setDiagnosisCfg Function Unsanitized Input in WP Sessions Time Monitoring Plugin Allows for SQL Injection Remote Command Execution (RCE) Vulnerability in TOTOlink A3700R v9.1.2u.5822_B20200513 via setOpModeCfg Function Remote Command Execution (RCE) Vulnerability in TOTOlink A3700R v9.1.2u.5822_B20200513 via UploadFirmwareFile Function Remote Command Execution (RCE) Vulnerability in TOTOlink EX1200T V4.1.2cu.5232_B20210713 Arbitrary Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.852_B20230719 Arbitrary Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.852_B20230719 SQL Injection Vulnerability in ChatBot Plugin for WordPress (Versions up to 4.8.9) Arbitrary Command Execution Vulnerability in TOTOLINK X6000R v9.4.0cu.852_B20230719 Arbitrary Code Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 Arbitrary Command Execution Vulnerability in TOTOLINK X6000R V9.4.0cu.852_B20230719 CVE-2023-52043 Arbitrary Code Execution via Cross Site Scripting (XSS) in Webmin v.2.105 and Earlier CVE-2023-52047 CVE-2023-52048 Stored Cross-Site Scripting Vulnerability in Add Custom Body Class Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Gestsup v3.2.46 Allows Arbitrary Code Execution Arbitrary User Profile Editing Vulnerability in Gestsup v3.2.46 SQL Injection Vulnerability in Wuzhicms v4.1.0 via $keywords Parameter in /core/admin/copyfrom.php Cross-Site Scripting (XSS) Vulnerability in Kodbox v1.43 via Operation and Login Logs Cross-Site Scripting (XSS) Vulnerability in kodbox v1.49.04 via URL Parameter Arbitrary Pipeline Execution Vulnerability in GitLab CE and EE CVE-2023-52070 Off-by-one Out-of-bounds Array Index Vulnerability in curl-8_4_0 and curl-8_5_0 Cross-Site Request Forgery (CSRF) Vulnerability in FlyCms v1.0 Cross-Site Request Forgery (CSRF) Vulnerability in FlyCms v1.0 Cross-Site Request Forgery (CSRF) Vulnerability in FlyCms v1.0 Denial of Service Vulnerability in ReVanced API due to Lack of Error Caching Path Traversal and Arbitrary File Write Vulnerability in Atril Document Viewer (Versions prior to 1.26.2) Nexkey Vulnerability: Unauthorized Access to Admin APIs Denial of Service Vulnerability in msgpackr 1.10.0 and earlier CVE-2023-52080 Unicode normalization bypass vulnerability in ffcss 0.2.0 SQL Injection Vulnerability in Lychee Photo-Management Tool Stored XSS vulnerability in Winter CMS Media Manager Stored XSS vulnerability in Winter CMS prior to 1.2.4 Local File Inclusion Vulnerability in Winter CMS v1.2.3 and below Arbitrary File Upload Vulnerability in resumable.php (PHP Backend for resumable.js) Stored Cross-Site Scripting Vulnerability in WordPress Online Booking and Scheduling Plugin Local Privilege Escalation Vulnerability in Trend Micro Apex One Local Privilege Escalation Vulnerability in Trend Micro Apex One Local Privilege Escalation Vulnerability in Trend Micro Apex One Privilege Escalation Vulnerability in Trend Micro Apex One Agent Local Privilege Escalation Vulnerability in Trend Micro Apex One Agent Updater Invalid Timestamp Generation in SteVe Community ocpp-jaxb before 0.0.8 Foreground Service Bypass Vulnerability in NMS Module DMS Module Denial of Service (DoS) Vulnerability: Impact on Availability Foreground Service Bypass Vulnerability in NMS Module: Implications for Service Confidentiality Reflected Cross-Site Scripting Vulnerability in AMP+ Plus WordPress Plugin Celia Keyboard Module Access Control Vulnerability Wi-Fi Module Component Exposure Vulnerability: Threat to Service Availability and Integrity Unverified Parameter Vulnerability in WMS Module: A Threat to Service Confidentiality FLP Module Buffer Overflow Vulnerability: Potential Out-of-Bounds Read Exploitation Unverified Parameter Vulnerability in WMS Module: A Threat to Service Confidentiality Nearby Module Privilege Escalation Vulnerability: Impact on Availability API Permission Verification Vulnerability in DownloadProviderMain Module Unverified Permissions in WMS Module: A Threat to Service Confidentiality ActivityManagerService Module Vulnerability: Process Priority Elevation Inaccurate Trust Relationships in Distributed Scenarios: A Threat to Service Confidentiality Reflected Cross-Site Scripting Vulnerability in Fattura24 WordPress Plugin Out-of-Bounds Access Vulnerability in Sensor Module: Impact on Availability BootLoader Module Authorization Vulnerability: Threat to Service Integrity Critical Unauthorized File Access Vulnerability in Wallpaper Service Module ActivityManagerService Module Vulnerability: launchAnyWhere Exploitation Impacting Availability ScreenReader Module Data Confidentiality Vulnerability: Threat to Service Integrity Critical Use-After-Free (UAF) Vulnerability in iaware Module Multi-Screen Interaction Module Permission Management Vulnerability: Device Service Exception Risk Stored Cross-Site Scripting Vulnerability in WP User Profile Avatar Plugin CSRF Vulnerability in Icegram Engage WordPress Plugin Vulnerability: Arbitrary File Deletion in AI ChatBot Plugin for WordPress CSRF Vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact Forms and More CSRF Vulnerability in NitroPack – Cache & Speed Optimization Plugin CSRF Vulnerability in PressTigers Simple Job Board CSRF Vulnerability in WPChill Strong Testimonials Stored Cross-Site Scripting (XSS) Vulnerability in WP Tabs – Responsive Tabs Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Webvitaly Iframe Sensitive Information Exposure in Suman Bhattarai Send Users Email CSRF Vulnerability in WPC Product Bundles for WooCommerce CSRF Vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard Plugin CSRF Vulnerability in teachPress: Versions n/a through 9.0.4 CSRF Vulnerability in Affiliates Manager Plugin SQL Injection Vulnerability in WP Zinc Page Generator SQL Injection vulnerability in Jewel Theme WP Adminify SQL Injection vulnerability in WhileTrue Most And Least Read Posts Widget SQL Injection vulnerability in Eyal Fitoussi GEO my WordPress SQL Injection vulnerability in WS Form LITE – Drag & Drop Contact Form Builder for WordPress CSRF Vulnerability in Smash Balloon Custom Twitter Feeds Plugin Command Injection Vulnerability in `tj-actions/verify-changed-files` Action Path Traversal Vulnerability in Engrampa Archive Manager Allows Remote Command Execution Improper Access Control in Misskey Social Media Platform Privilege Escalation Vulnerability in Puppet Bolt versions prior to 3.27.4 SQL Injection vulnerability in Cool Plugins Events Shortcodes For The Events Calendar Unauthorized Access to Sensitive Information in WP Stripe Checkout CVE-2023-52144 CSRF Vulnerability in Republish Old Posts Plugin Unauthorized Access to Sensitive Information in Aaron J 404 Solution Sensitive Information Exposure in Affiliates Manager Plugin CSRF Vulnerability in Wow-Company Floating Button Vulnerability: Integer Overflow in libnbd's nbd_get_size() Function CSRF Vulnerability in Dynamic Content for Elementor Plugin Sensitive Information Exposure Vulnerability in Uncanny Automator Plugin Out-of-Bounds Read and Application Crash in mUPnP for C through 3.0.2 SQL Injection Vulnerability in PMB 7.4.7 and Earlier Arbitrary Code Execution via File Upload in PMB 7.4.7 and Earlier SQL Injection Vulnerability in PMB 7.4.7 and Earlier: Remote Code Execution via /admin/sauvegarde/run.php CVE-2023-52159 Authentication Bypass Vulnerability in PEAP Implementation of wpa_supplicant Unauthenticated Access Point Bypass in iNet Wireless Daemon (IWD) Heap Buffer Overflow in VP8 Encoding in libvpx: Remote Code Execution Vulnerability Write Access Violation in XnView Classic before 2.51.3 on Windows Write Access Violation in XnView Classic before 2.51.3 on Windows Stored Cross-site Scripting (XSS) Vulnerability in Auto Amazon Links – Amazon Associates Affiliate Plugin Stored Cross-Site Scripting Vulnerability in MojofyWP WP Affiliate Disclosure Plugin Critical Use After Free Vulnerability in Google Chrome's Site Isolation SQL Injection vulnerability in Recipe Maker For Your Food Blog from Zip Recipes Deserialization of Untrusted Data Vulnerability in Presslabs Theme per user Deserialization of Untrusted Data Vulnerability in ARI Stream Quiz – WordPress Quizzes Builder CSRF Vulnerability in WP Job Portal – A Complete Job Board Sensitive Information Exposure to Unauthorized Actor in Everest Backup Plugin Sensitive Information Exposure to Unauthorized Actor in Image Source Control Lite – Show Image Credits and Captions Stored Cross-site Scripting (XSS) Vulnerability in Russell Jamieson Footer Putter Stored Cross-site Scripting (XSS) Vulnerability in Jhayghost Ideal Interactive Map Sensitive Information Exposure in WP Swings Coupon Referral Program Stored XSS vulnerability in Torbjon Infogram – Add charts, maps and infographics Stored Cross-Site Scripting (XSS) Vulnerability in Keap Official Opt-in Forms Stored Cross-site Scripting (XSS) Vulnerability in Live Composer Team Page Builder Stored Cross-site Scripting (XSS) Vulnerability in Takayuki Miyauchi oEmbed Gist Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Kerry James Reflected XSS Vulnerability in Phil Ewels CPT Bootstrap Carousel Stored Cross-Site Scripting (XSS) Vulnerability in Impactpixel Ads Invalid Click Protection Stored Cross-site Scripting (XSS) Vulnerability in Michiel van Eerd Private Google Calendars CSRF and Deserialization Vulnerability in ARMember – Membership Plugin SQL Injection Vulnerability in Brian D. Goad pTypeConverter Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free Stored Cross-site Scripting (XSS) Vulnerability in cformsII Plugin SQL Injection Vulnerability in Javik Randomize Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free Deserialization of Untrusted Data Vulnerability in Live Composer Team Page Builder Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free Sensitive Information Exposure in Constant Contact Forms Critical Code Injection Vulnerability in ForU CMS CVE-2023-52211 Cross-site Scripting (XSS) Vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings CVE-2023-52214 SQL Injection Vulnerability in Simple Inventory Management Plugin for WooCommerce CSRF Vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer Deserialization of Untrusted Data Vulnerability in Woocommerce Tranzila Payment Gateway Deserialization of Untrusted Data Vulnerability in Gecka Terms Thumbnails Hard-coded Password Vulnerability in Viessmann Vitogate 300 Web Management Interface (CVE-2021-XXXX) CVE-2023-52220 Unrestricted File Upload Vulnerability in UkrSolution Barcode Scanner and Inventory Manager CSRF Vulnerability in WooCommerce: Versions n/a through 8.2.2 CVE-2023-52223 Deserialization of Untrusted Data Vulnerability in Tagbox Tagbox CVE-2023-52226 CVE-2023-52228 CVE-2023-52229 Critical Remote Code Execution Vulnerability in HimitZH HOJ up to 4.6-9a65e3f CVE-2023-52231 CVE-2023-52234 CVE-2023-52235 XXE Vulnerability in Magic xpi Integration Platform 4.13.4 via onItemImport XSS Vulnerability in Kantega SAML SSO OIDC Kerberos Single Sign-on Apps for Atlassian Products Arbitrary Code Execution Vulnerability in Provectus Kafka-UI Arbitrary Lua Code Execution Vulnerability in Unified Remote 3.13.0 Cross-Site Scripting (XSS) Vulnerability in LogoBee 0.2's updates.php?id= Vulnerability: Bypassing Prohibited Branch Checks in GitLab Arbitrary Code Execution Vulnerability in Outdoorbits Little Backup Box Improper Schema Restriction in Brave Browser WebUI Factory and Redirect Reflected XSS Vulnerability in Beesblog Component Stored XSS Vulnerability in IDURAR (aka idurar-erp-crm) 2.0.1 via Crafted JSON Email Template Use-After-Free Vulnerability in ehttp 1.0.6: Exploiting epoll_socket.cpp read_func Out-of-Bounds Read Vulnerability in ehttp 1.0.6 XSS Vulnerability in MDaemon SecurityGateway 9.0.3 Allows Domain Administrators to Attack Global Administrators Unrestricted File Upload Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.8 Kernel Driver Vulnerability in Topaz Antifraud Allows Unauthorized Process Termination XSS Vulnerability in YzmCMS 6.5 through 7.0 via Referer HTTP Header Vulnerability: Unauthorized Access to Hidden Images in Gallery3d on Tecno Camon X CA7 Devices Denial of Service and Heap Memory Corruption Vulnerability in RoyalTSX Stored Cross-Site Scripting Vulnerability in User Registration WordPress Plugin Double Free or Corruption Vulnerability in Bytecode Alliance wasm-micro-runtime (WAMR) before 1.3.0 SQL Injection Vulnerability in ExamSys 9150244 via s_score2 Parameter Unauthenticated Remote Credential Disclosure in Tencent tdsqlpcloud (CVE-2023-42387) Unauthenticated Directory Traversal Vulnerability in Flaskcode Package Unauthenticated Directory Traversal Vulnerability in Flaskcode Package Unsanitized Settings in E2Pdf WordPress Plugin Allow Cross-Site Scripting Attacks CVE-2023-52296 Stored Cross-Site Scripting Vulnerability in TM WooCommerce Compare & Wishlist Plugin Null Pointer Dereference in paddle.nextafter() Function in PaddlePaddle before 2.6.0 Null Pointer Dereference in paddle.put_along_axis leading to Runtime Crash and Denial of Service Stack Overflow Vulnerability in PaddlePaddle's paddle.searchsorted() Function FPE Vulnerability in PaddlePaddle's paddle.topk Leading to Runtime Crash and Denial of Service FPE Vulnerability in paddle.lerp Function in PaddlePaddle Stack Overflow Vulnerability in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0 FPE Vulnerability in PaddlePaddle's paddle.amin Function Heap Buffer Overflow in paddle.repeat_interleave in PaddlePaddle: A Critical Vulnerability Stored Cross-Site Scripting Vulnerability in Magic Action Box WordPress Plugin (Versions up to 2.17.2) Command Injection Vulnerability in PaddlePaddle before 2.6.0 Command Injection Vulnerability in PaddlePaddle before 2.6.0 Nullptr Dereference Vulnerability in paddle.crop in PaddlePaddle before 2.6.0 FPE Vulnerability in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0 Command Injection Vulnerability in PaddlePaddle convert_shape_compare Function Stored Cross-Site Scripting Vulnerability in Font Awesome More Icons WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in ecrire/public/assembler.php in SPIP Side-Channel Leakage in PyCryptodome and PyCryptodomex: Exploiting OAEP Decryption for Manger Attack Unrestricted File Upload Vulnerability in Trend Micro Apex Central Remote Code Execution via Local File Inclusion in Trend Micro Apex Central Widget Vulnerability in Trend Micro Apex Central Dashboard Widgets Allows Remote Code Execution Vulnerability in Trend Micro Apex Central Dashboard Widgets Allows Remote Code Execution Title: Cross-Site Scripting (XSS) Vulnerability in Trend Micro Apex Central Dashboard Widgets Cross-Site Scripting (XSS) Vulnerability in Trend Micro Apex Central Dashboard Widgets Stored Cross-Site Scripting Vulnerability in Font Awesome Integration Plugin for WordPress Remote Code Execution Vulnerability in Trend Micro Apex Central Post-Authenticated SSRF Vulnerability in Trend Micro Apex Central Allows Unauthorized Access to Internal Services Privilege Escalation Vulnerability in Trend Micro Deep Security and Cloud One Privilege Escalation Vulnerability in Trend Micro Deep Security and Cloud One Endpoint Security Integer Overflow Vulnerability in libebml MemIOCallback.cpp Stored Cross-Site Scripting Vulnerability in Related Products for WooCommerce Plugin CVE-2023-52341 CVE-2023-52342 CVE-2023-52343 CVE-2023-52344 CVE-2023-52345 CVE-2023-52346 CVE-2023-52347 CVE-2023-52348 CVE-2023-52349 Unrestricted Option Update and Object Injection Vulnerability in Ovic Responsive WPBakery WordPress Plugin CVE-2023-52350 CVE-2023-52351 CVE-2023-52352 Mbed TLS TLS Version Mishandling Vulnerability SMTP Smuggling Vulnerability in chasquid before 1.13 Denial of Service Vulnerability in libtiff's TIFFRasterScanlineSize64() API Heap-Buffer Overflow Vulnerability in libtiff's TIFFReadRGBATileExt() API Mismatch in Serialization/Deserialization in Vibration Framework: A Threat to Availability Audio Module API Configuration Defects: A Threat to Availability CVE-2023-52359 Circular Object Reference Vulnerability in Infinispan Allows for Denial of Service Attacks Baseband Logic Vulnerability: Threat to Service Integrity VerifiedBoot Module Authentication Vulnerability: Integrity Compromise Risk Lock Screen Permission Management Vulnerability Design Process Defects in Control Panel Module Leading to Unintended App Process Activation CVE-2023-52364 Smart Activity Recognition Module Out-of-Bounds Read Vulnerability Smart Activity Recognition Module Out-of-Bounds Read Vulnerability Media Library Module: Improper Access Control Vulnerability Account Module Input Verification Vulnerability: Abnormal Feature Behavior NFC Module Stack Overflow Vulnerability: Threatening Service Availability and Integrity Stored Cross-Site Scripting Vulnerability in Memberlite Shortcodes WordPress Plugin Network Acceleration Module Stack Overflow Vulnerability: Unauthorized File Access Null Reference Vulnerability in Motor Module: A Threat to Availability Input Parameter Verification Vulnerability in Motor Module: Impact on Availability Unauthorized File Sharing Vulnerability in Content Sharing Pop-up Module Package Management Module Permission Control Vulnerability WindowManagerServices Module Permission Control Vulnerability: A Threat to Availability Gallery Module Information Disclosure Vulnerability Unverified Input Data Vulnerability in Cellular Data Module: Risk of Out-of-Bounds Access WindowManagerServices Module Logic Vulnerability: Abnormal Feature Behavior CalendarProvider Module Permission Control Vulnerability HTML Injection Vulnerability in EventPrime WordPress Plugin Email Module Access Control Vulnerability: Threat to Service Confidentiality Email Module Script Injection Vulnerability CVE-2023-52382 CVE-2023-52385 CVE-2023-52386 GPU Module Resource Reuse Vulnerability: A Threat to Service Confidentiality CVE-2023-52388 Poco::UTF32Encoding Integer Overflow and Stack Buffer Overflow Vulnerability IP Address Manipulation Vulnerability in CleanTalk WordPress Plugin PAM Propagation Scripts Vulnerability: Password Retrieval via GET Request Directory Traversal Vulnerability in AI ChatBot for WordPress Allows DoS via qcld_openai_upload_pagetraining_file Function Denial of Service Vulnerability in libexpat through 2.5.0 Recursive XML Entity Expansion Vulnerability in libexpat through 2.5.0 Segmentation Fault in OpenDDS DataWriter with Large resource_limits.max_samples Denial of Service Vulnerability in Connect2id Nimbus JOSE+JWT Integer Overflow Vulnerability in dm_table_create() Function in Linux Kernel Stored Cross-Site Scripting Vulnerability in Login Screen Manager WordPress Plugin Reflected XSS Vulnerability in Caddy-Security Plugin 1.1.20 Bypassing CSRF Protection in Plack::Middleware::XSRFBlock Package CVE-2023-52432 Vulnerability: Skipping Sync GC for New Elements in nft_set_rbtree Transaction Linux Kernel SMB Client Vulnerability: Out-of-Bounds Read in smb2_parse_contexts() Vulnerability: Integer Overflow in skb_segment() in Linux Kernel Null-termination vulnerability in f2fs xattr list Linux Kernel Vulnerability: Use-after-free in Binder Shrinker's Callback Use-after-free vulnerability in uio_open in the Linux kernel Reflected Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 2.0 Slub Overflow Vulnerability in ksmbd_decode_ntlmssp_auth_blob() Out-of-bounds vulnerability in ksmbd's init_smb2_rsp_hdr() function Vulnerability: Inadequate Validation of Session and Tree IDs in Compound Requests in ksmbd AppArmor vulnerability: Crash when parsed profile name is empty f2fs_rename() vulnerability causing dirent corruption Use-after-free vulnerability in pvrusb2 module in Linux kernel Race condition between btf_put() and map_free() in the Linux kernel Vulnerability: Use-after-free in bpf inner map freeing Fix for NULL pointer dereference in gfs2_rgrp_dump Fixing NULL Pointer Dereference in mtd and gluebi Modules Arbitrary File Creation and Code Execution via FileUtil.extract() in TensorflowModel NULL pointer dereference vulnerability in upi_fill_topology() function Linux Kernel Vulnerability: Out-of-bounds Access in powerpc/pseries/memhp Linux Kernel Vulnerability: Inconsistent Access to Uninitialized Stack Slots hisi_acc_vfio_pci: Migration Data Corruption Vulnerability Fixing Kernel Panic in nvmet-tcp due to Invalid H2C PDU Length Vulnerability: Corrupting IOVA rbtree with 0-length IOVA region reservation Fix for deadlock in imx UART tx statemachine when using serial port as RS485 port Linux Kernel Vulnerability: Resource Leakage and Use-After-Free in serial: 8250: omap Driver Partition Length Alignment Vulnerability in Linux Kernel Duplicate list deletion vulnerability in Linux kernel's media: v4l: async module SICK Flexi Soft Gateways Authentication Bypass Vulnerability NULL pointer dereference vulnerability in drm/amd/display during hibernate sequence Fixing Bounds Limiting for Malformed Entities in drm/sched Improper Check for Corrupted Spilled Pointer in Linux Kernel efivarfs Remount Vulnerability: Crash on Remounting as RW without SetVariable Support Out-of-bounds string access vulnerability in EDAC/thunderx driver CVE-2023-52465 CVE-2023-52466 CVE-2023-52467 CVE-2023-52468 CVE-2023-52469 File Path Manipulation Vulnerability in Mitsubishi Electric FA Engineering Software Products CVE-2023-52470 CVE-2023-52471 CVE-2023-52472 CVE-2023-52473 CVE-2023-52474 CVE-2023-52475 CVE-2023-52476 CVE-2023-52477 CVE-2023-52478 CVE-2023-52479 CVE-2023-52480 CVE-2023-52481 CVE-2023-52482 CVE-2023-52483 CVE-2023-52484 CVE-2023-52485 CVE-2023-52486 CVE-2023-52487 CVE-2023-52488 CVE-2023-52489 Use After Free Vulnerability in Arm Ltd Bifrost and Valhall GPU Kernel Drivers CVE-2023-52490 CVE-2023-52491 CVE-2023-52492 CVE-2023-52493 CVE-2023-52494 CVE-2023-52495 CVE-2023-52497 CVE-2023-52498 CVE-2023-52499 Local File Inclusion Vulnerability in Grid Plus WordPress Plugin (Versions up to 1.3.2) CVE-2023-52500 CVE-2023-52501 CVE-2023-52502 CVE-2023-52503 CVE-2023-52504 CVE-2023-52505 CVE-2023-52506 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 Vulnerability: Unauthorized Data Modification and Loss in Grid Plus WordPress Plugin CVE-2023-52510 CVE-2023-52511 CVE-2023-52512 CVE-2023-52513 CVE-2023-52514 CVE-2023-52515 CVE-2023-52516 CVE-2023-52517 CVE-2023-52518 CVE-2023-52519 Stored Cross-Site Scripting Vulnerability in FareHarbor WordPress Plugin (Versions up to 3.6.7) CVE-2023-52520 CVE-2023-52521 CVE-2023-52522 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52526 CVE-2023-52527 CVE-2023-52528 CVE-2023-52529 Unauthenticated Access to Assets Data in Nozomi Networks Guardian and CMC via WebSocket Channel CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52533 CVE-2023-52534 CVE-2023-52535 CVE-2023-52536 CVE-2023-52537 CVE-2023-52538 CVE-2023-52539 Sensitive Information Exposure in ChatBot Plugin for WordPress CVE-2023-52540 CVE-2023-52541 CVE-2023-52542 CVE-2023-52543 CVE-2023-52544 CVE-2023-52545 CVE-2023-52546 CVE-2023-52549 Auto-Renewal Vulnerability in Puppet Server Certificates: Revocation Failure CVE-2023-52550 CVE-2023-52551 CVE-2023-52552 CVE-2023-52553 CVE-2023-52554 CVE-2023-52555 CVE-2023-52556 CVE-2023-52557 CVE-2023-52558 CVE-2023-52559 Vulnerability: Information Disclosure and Privilege Escalation in Drupal's JSON:API Module CVE-2023-52560 CVE-2023-52561 CVE-2023-52562 CVE-2023-52563 CVE-2023-52564 CVE-2023-52565 CVE-2023-52566 CVE-2023-52567 CVE-2023-52568 CVE-2023-52569 Path Traversal Vulnerability in WhiteHSBG JNDIExploit 1.4 on Windows (VDB-240866) CVE-2023-52570 CVE-2023-52571 CVE-2023-52572 CVE-2023-52573 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52577 CVE-2023-52578 CVE-2023-52579 Critical SQL Injection Vulnerability in OpenRapid RapidCMS 1.3.1 CVE-2023-52580 CVE-2023-52581 CVE-2023-52582 CVE-2023-52583 CVE-2023-52584 CVE-2023-52585 CVE-2023-52586 CVE-2023-52587 CVE-2023-52588 CVE-2023-52589 Denial of Service Vulnerability in ForU CMS (VDB-240868) CVE-2023-52590 CVE-2023-52591 CVE-2023-52593 CVE-2023-52594 CVE-2023-52595 CVE-2023-52596 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 Critical SQL Injection Vulnerability in SourceCodester Simple Membership System 1.0 (VDB-240869) CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52605 CVE-2023-52606 CVE-2023-52607 CVE-2023-52608 CVE-2023-52609 Critical SQL Injection Vulnerability in Tongda OA 2017 (VDB-240870) CVE-2023-52610 CVE-2023-52611 CVE-2023-52612 CVE-2023-52613 CVE-2023-52614 CVE-2023-52615 CVE-2023-52616 CVE-2023-52617 CVE-2023-52618 CVE-2023-52619 Unrestricted Upload Vulnerability in OpenRapid RapidCMS 1.3.1 CVE-2023-52620 CVE-2023-52621 CVE-2023-52622 CVE-2023-52623 CVE-2023-52624 CVE-2023-52625 CVE-2023-52626 CVE-2023-52627 CVE-2023-52628 CVE-2023-52629 Critical Remote Code Execution Vulnerability in ZZZCMS 2.1.7 CVE-2023-52630 CVE-2023-52631 CVE-2023-52632 CVE-2023-52633 CVE-2023-52634 CVE-2023-52635 CVE-2023-52636 CVE-2023-52637 CVE-2023-52638 CVE-2023-52639 Critical SQL Injection Vulnerability in huakecms 3.0 (CVE-2021-240877) CVE-2023-52640 CVE-2023-52641 CVE-2023-52642 CVE-2023-52643 CVE-2023-52644 CVE-2023-52645 CVE-2023-52646 CVE-2023-52647 CVE-2023-52648 CVE-2023-52649 Critical SQL Injection Vulnerability in Tongda OA 2017 (VDB-240878) CVE-2023-52650 CVE-2023-52651 CVE-2023-52652 CVE-2023-52653 Critical SQL Injection Vulnerability in DedeBIZ 6.2 (VDB-240879) Critical SQL Injection Vulnerability in Tongda OA 2017 (VDB-240880) Critical SQL Injection Vulnerability in DedeBIZ 6.2 (VDB-240881) SQL Injection Vulnerability in SourceCodester Best Courier Management System 1.0 (VDB-240882) SQL Injection Vulnerability in SourceCodester Best Courier Management System 1.0 (CVE-2021-240883) SQL Injection Vulnerability in SourceCodester Best Courier Management System 1.0 (edit_parcel.php) CVE-2023-52713 CVE-2023-52714 CVE-2023-52715 CVE-2023-52716 CVE-2023-52717 Critical SQL Injection Vulnerability in SourceCodester Best Courier Management System 1.0 (CVE-2021-240885) CVE-2023-52722 CVE-2023-52723 CVE-2023-52724 CVE-2023-52725 CVE-2023-52726 CVE-2023-52727 CVE-2023-52728 CVE-2023-52729 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Best Courier Management System 1.0 Local Denial-of-Service (DoS) Vulnerability in GX Works2 Simulation Function Local Denial-of-Service (DoS) Vulnerability in GX Works2 Simulation Function Critical SQL Injection Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240904) Unrestricted Upload Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240905) Critical SQL Injection Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240906) Critical SQL Injection Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240907) Critical SQL Injection Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240908) Critical SQL Injection Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240909) Critical SQL Injection Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240910) Critical SQL Injection Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240911) Unrestricted File Upload Vulnerability in SourceCodester Engineers Online Portal 1.0 (VDB-240912) Critical SQL Injection Vulnerability in Tongda OA 2017 (VDB-240913) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Expense Tracker App v1 Cross-Site Scripting (XSS) Vulnerability in Unsupported BEECMS 4.0 Remote Unauthorized Access and Firmware Manipulation Vulnerability in SIM1012 Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.8.4 Stored Cross-Site Scripting Vulnerability in Blog Filter Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Advanced Custom Fields: Extended Plugin for WordPress Critical SQL Injection Vulnerability in ECshop 4.1.5 (VDB-240924) Critical SQL Injection Vulnerability in ECshop 4.1.1 (VDB-240925) Stored Cross-Site Scripting Vulnerability in Blog Filter Plugin for WordPress Weak Password Recovery Vulnerability in Xinhu RockOA 1.1/2.3.2/15.X3amdi Unauthorized Access to Backup Files in Xinhu RockOA 2.3.2 Critical SQL Injection Vulnerability in Tongda OA 2017 (VDB-240938) File Overwrite Vulnerability in Fuji Electric Tellus Lite Critical SQL Injection Vulnerability in TTSPlanning up to 20230925 (VDB-240939) Critical Remote Code Execution Vulnerability in DedeCMS 5.7.111 (CVE-2021-240940) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Best Courier Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Online Banquet Booking System 1.0 Cross-Site Scripting (XSS) Vulnerability in Online Banquet Booking System 1.0 Cross-Site Scripting (XSS) Vulnerability in Online Banquet Booking System 1.0 Cross-Site Scripting Vulnerability in Photos and Files Contest Gallery WordPress Plugin Stored Cross-Site Scripting Vulnerability in Podcast Subscribe Buttons Plugin for WordPress Session Management Flaw in Pre-2021.7.6 and Pre-2023.5 Versions of Puppet Enterprise Denial of Service Vulnerability in Silicon Labs Z-Wave Devices Vulnerability: Unauthorized Modification of Data in WP EXtra Plugin Improper Enforcement of Unique Action in phpkobo Ajax Poll Script 3.18 Unrestricted Email Sending Vulnerability in WP EXtra Plugin for WordPress SQL Injection Vulnerability in Google Maps made Simple WordPress Plugin Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.18 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.18 Hard-coded Credentials Vulnerability in Microweber GitHub Repository Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.18 Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.18 Unauthenticated Access to GitHub Repository hamza417/inure Prior to Build94 Critical SQL Injection Vulnerability in D-Link DAR-7000 (Unsupported) Cross-site Scripting (XSS) Vulnerability in Dolibarr GitHub Repository Critical Denial of Service Vulnerability in eeroOS (up to 6.16.4-11) via Ethernet Interface (VDB-241024) Unescaped Custom Shipping Phone Field in Woocommerce Vietnam Checkout WordPress Plugin (CVE-2021-12345) Critical Vulnerability in SATO CL4NX-J Plus 1.13.2-u455_r2: Improper Authentication in WebConfig Path Traversal Vulnerability in SATO CL4NX-J Plus 1.13.2-u455_r2 Improper Authentication in SATO CL4NX-J Plus 1.13.2-u455_r2 Cookie Handler Improper Authentication Vulnerability in Field Logic DataCube4 (VDB-241030) OpenGraph Cache Overflow Vulnerability in Mattermost Unauthenticated File Exposure in Mattermost Draft Posts Vulnerability: Bypassing Patch in Consul Library for GitLab-EE Input ID Deduplication Vulnerability in Mattermost Stored Cross-Site Scripting Vulnerability in WP Responsive Header Image Slider Plugin Stored Cross-Site Scripting Vulnerability in Buzzsprout Podcasting Plugin for WordPress SQL Injection Vulnerability in iPanorama 360 – WordPress Virtual Tour Builder Plugin Stored Cross-Site Scripting Vulnerability in Contact Form Form For All WordPress Plugin Stored Cross-Site Scripting Vulnerability in Theme Blvd Shortcodes Plugin for WordPress Keystroke Logging Vulnerability in Mattermost Desktop Unauthenticated PHP Object Injection in Five Star Restaurant Menu and Food Ordering WordPress Plugin Heap Use-After-Free Vulnerability in ImageMagick's coders/bmp.c Unsanitized Settings in Popup Box WordPress Plugin Allows for Cross-Site Scripting Attacks Heap-based Buffer Overflow in Vim Prior to 9.0.1969 Use-after-free vulnerability in Linux kernel's fs/smb/client component allows local privilege escalation Type Confusion Vulnerability in V8 Engine in Google Chrome Critical Vulnerability in Korenix JetNet Series Allows Unauthorized Replacement of Operating System Stored XSS Vulnerability in Product Catalog Mode For WooCommerce WordPress Plugin Memory Leak Vulnerability in ruby-magick Interface with ImageMagick Critical SQL Injection Vulnerability in SuiteCRM GitHub Repository (salesagility/suitecrm) prior to 7.14.1 Stored Cross-site Scripting (XSS) Vulnerability in SuiteCRM GitHub Repository Unauthenticated Post Editing Vulnerability in Awesome Support WordPress Plugin Improper Access Control in SuiteCRM GitHub Repository Reflected Cross-Site Scripting Vulnerability in Awesome Support WordPress Plugin Arbitrary File Deletion Vulnerability in Awesome Support WordPress Plugin Authorization Bypass in GitLab CE/EE Slack/Mattermost Integrations Stored Cross-Site Scripting Vulnerability in Instagram for WordPress Plugin Improper Access Control in Report Log Filters Feature in Devolutions Server 2023.2.10.0 and Earlier Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates WordPress Plugin Stored Cross-Site Scripting Vulnerability in Carousel, Recent Post Slider, and Banner Slider Plugin for WordPress Vulnerability: Truncation and Overrun Bug in Symmetric Cipher Initialization Potential Escalation of Privilege and Information Disclosure Vulnerability in HP LIFE Android Mobile App Open vSwitch Vulnerability: ICMPv6 Neighbor Advertisement Bypass Heap Buffer Overflow in xorg-x11-server's XIChangeDeviceProperty and RRChangeOutputProperty Functions Unintended Data Disclosure Vulnerability in msdosfs Filesystem Privilege Escalation via copy_file_range System Call Vulnerability: Lack of Speculative Execution Workarounds on CPU 0 RTPS Dissector Memory Leak Vulnerability in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 Zyxel NAS326 and NAS542 Firmware Command Injection Vulnerability Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-241255) Open Redirect Vulnerability in mosparo/mosparo prior to 1.0.2 Abuse of Korenix JetNet TFTP Service through Improper Authentication Out-of-bounds Read Vulnerability in gpac/gpac prior to v2.2.2-DEV Stored XSS Vulnerability in MegaBIP and SmodBIP Software Undertow AJP Request Max-Header-Size Denial of Service Vulnerability Use-After-Free Vulnerability in xorg-x11-server: X Server Crash in Zaphod Mode Stored Cross-Site Scripting Vulnerability in Elementor Addon Elements Plugin for WordPress Vulnerability: Cross-Site Request Forgery in Funnelforms Free WordPress Plugin Cross-Site Request Forgery Vulnerability in Funnelforms Free WordPress Plugin (Versions up to 3.4) Insecure Credential Exposure in Infinispan Configuration Serialization Unauthenticated Arbitrary Post Copying Vulnerability in Funnelforms Free WordPress Plugin Unauthenticated Arbitrary Post Deletion Vulnerability in Funnelforms Free WordPress Plugin Unauthenticated Modification of Data in Funnelforms Free WordPress Plugin CVE-2023-5388 Vulnerability: File Modification Exploit on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC File Reading Vulnerability Arbitrary Code Execution Vulnerability through Deserialization CVE-2023-5392 CVE-2023-5393 CVE-2023-5394 CVE-2023-5395 CVE-2023-5396 CVE-2023-5397 CVE-2023-5398 CWE-22: Path Traversal Vulnerability in C-Bus File Command CVE-2023-5400 CVE-2023-5401 Remote Code Execution Vulnerability in Transfer Command CVE-2023-5403 CVE-2023-5404 CVE-2023-5405 CVE-2023-5406 CVE-2023-5407 Privilege Escalation Vulnerability in OpenShift Kubernetes API Server Potential Physical Attack Vulnerability in HP t430 and t638 Thin Client PCs CVE-2023-5410 Unauthenticated Modification of Data in Funnelforms Free WordPress Plugin (Versions up to 3.4) SQL Injection Vulnerability in Image Horizontal Reel Scroll Slideshow Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Image Horizontal Reel Scroll Slideshow Plugin for WordPress Directory Traversal Vulnerability in Icegram Express WordPress Plugin (Versions up to 5.6.23) Unauthenticated Modification of Data Vulnerability in Funnelforms Free WordPress Plugin Vulnerability: Unauthorized Category Deletion in Funnelforms Free Plugin for WordPress Unauthenticated Modification of Funnelforms Free Plugin Data in WordPress Unauthenticated Modification of Data in Funnelforms Free WordPress Plugin CustomerID Field Manipulation Vulnerability in OTRS Insecure Certificate Validation in OTRS and ((OTRS)) Community Edition Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Unauthenticated Modification of Data Vulnerability in Post Meta Data Manager Plugin for WordPress Unauthenticated Attackers Can Delete User, Term, and Post Meta in Post Meta Data Manager Plugin for WordPress GPU Use After Free Vulnerability in Arm GPU Kernel Drivers SQL Injection Vulnerability in Image Vertical Reel Scroll Slideshow Plugin for WordPress SQL Injection Vulnerability in Information Reel WordPress Plugin (Versions up to 10.0) SQL Injection Vulnerability in Jquery News Ticker Plugin for WordPress (Versions up to 3.0) SQL Injection Vulnerability in Left Right Image Slideshow Gallery Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Jquery News Ticker Plugin for WordPress SQL Injection Vulnerability in Message Ticker Plugin for WordPress SQL Injection Vulnerability in Superb Slideshow Gallery Plugin for WordPress SQL Injection Vulnerability in Up Down Image Slideshow Gallery Plugin for WordPress SQL Injection Vulnerability in Vertical Marquee Plugin for WordPress SQL Injection Vulnerability in WP Fade In Text News Plugin for WordPress (Versions up to 12.0) SQL Injection Vulnerability in wp image slideshow plugin for WordPress (up to version 12.0) SQL Injection Vulnerability in Wp Photo Text Slider 50 Plugin for WordPress (Versions up to 8.0) NULL Pointer Dereference in Vim Account Footprinting Vulnerability in EDM Informatics E-invoice Cross Site Request Forgery vulnerability in ePolicy Orchestrator allows unauthorized privilege escalation Open Redirect Vulnerability in ePolicy Orchestrator (ePO) Dashboard Cross-Site Request Forgery Vulnerability in WP Register Profile With Shortcode Plugin Security Vulnerability: Deactivation of Theft Deterrence Feature in HP Displays Insufficient Verification of Data Vulnerability in BIG-IP Edge Client Installer on macOS CVE-2023-5451 Stored Cross-site Scripting (XSS) Vulnerability in Snipe-IT GitHub Repository (snipe/snipe-it) Prior to v6.2.2 Unauthenticated Arbitrary Post Deletion in Templately WordPress Plugin Cross-Site Request Forgery Vulnerability in IPA Session Login CVE-2023-5456 CVE-2023-5457 Unsanitized SVG File Upload Vulnerability in CITS Support WordPress Plugin Critical Denial of Service Vulnerability in Delta Electronics DVP32ES2 PLC 1.48 Heap-based Buffer Overflow in Delta Electronics WPLSoft up to 2.51 Cleartext Transmission of Sensitive Information in Delta Electronics WPLSoft 2.51 Critical Denial of Service Vulnerability in XINJE XD5E-30R-E 3.5.3b Modbus Handler (VDB-241585) Uncontrolled Search Path Vulnerability in XINJE XDPPro up to 3.7.17a SQL Injection Vulnerability in Jquery Accordion Slideshow Plugin for WordPress SQL Injection Vulnerability in Popup with fancybox Plugin for WordPress SQL Injection Vulnerability in Wp Anything Slider Plugin for WordPress (Versions up to 9.1) Stored Cross-Site Scripting Vulnerability in GEO my WordPress Plugin for WordPress (Versions up to 4.0) Stored Cross-Site Scripting Vulnerability in Slick Contact Forms Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Drop Shadow Boxes WordPress Plugin (Versions up to 1.7.13) Stored Cross-Site Scripting Vulnerability in Etsy Shop Plugin for WordPress Critical SQL Injection Vulnerability in codeprojects Farmacia 1.0 (VDB-241608) Use After Free Vulnerability in Profiles in Google Chrome Use After Free Vulnerability in Cast in Google Chrome Heap Buffer Overflow in PDF File Parsing in Google Chrome Bypassing Discretionary Access Control via Crafted Chrome Extension in Google Chrome (CVE-2021-37976) Use After Free Vulnerability in Blink History in Google Chrome Local Privilege Escalation Vulnerability in Google Chrome Installer Cross-Origin Data Leakage in Autofill in Google Chrome Bypassing Enterprise Policy via Malicious Extension Installation in Google Chrome Remote Code Execution Vulnerability in Google Chrome Payments (Chromium security severity: High) Remote Security UI Spoofing Vulnerability in Google Chrome Out of Bounds Memory Access Vulnerability in USB in Google Chrome Bypassing Content Security Policy via Inappropriate Intents Implementation in Google Chrome Remote Security UI Spoofing Vulnerability in Google Chrome Autofill Bypass Vulnerability in Google Chrome (CVE-2021-12345) Remote Spoofing of Security UI in Google Chrome (CVE-2021-37975) Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Unrestricted Upload Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Critical OS Command Injection Vulnerability in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 (VDB-241646) Critical SQL Injection Vulnerability in QDocs Smart School 6.4.1 Cross-Site Scripting (XSS) Vulnerability in Translator PoqDev Add-On 1.0.11 Critical SQL Injection Vulnerability in Tongda OA 2017 11.10 (CVE-2021-241650) CSRF Vulnerability in GitHub Repository chiefonboarding/chiefonboarding prior to v2.0.47 Week-long log retrieval vulnerability in Shenzhen Reachfar v28 Remote Code Injection Vulnerability Enables Full Device Takeover BackWPup Plugin for WordPress Directory Traversal Vulnerability Unauthenticated Arbitrary Post and Page Deletion Vulnerability in ImageMapper Plugin for WordPress Stored Cross-Site Scripting Vulnerability in ImageMapper WordPress Plugin Inadequate Authorization in myStickymenu WordPress Plugin (Before 2.6.5) Allows Unauthorized Actions CSRF Vulnerability in GitHub Repository snipe/snipe-it (prior to v.6.2.3) File Integrity Compromise through HTML Encoding Vulnerability in GitLab CE/EE File Path Enumeration Vulnerability in eSOMS Report Generation Path Disclosure Vulnerability Information Disclosure Vulnerability Premature Exit Vulnerability in BIND's Query-Handling Code CSRF Vulnerability in EventPrime WordPress Plugin Out-of-bounds Read Vulnerability in gpac/gpac prior to 2.2.2 GitHub Repository Unauthorized Access Vulnerability Mattermost Mobile App Freezing Vulnerability Remote Code Execution Vulnerability in M-Files Web Companion Insufficient Blacklisting in M-Files Web Companion: Remote Code Execution via Specific File Types Authorization Bypass in Limit Login Attempts Reloaded WordPress Plugin Kubernetes Windows Node Privilege Escalation Vulnerability Stored XSS Vulnerability in Ninja Forms Contact Form WordPress Plugin Cross-Site Request Forgery Vulnerability in Thumbnail Slider With Lightbox Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerability in ImageMapper WordPress Plugin (up to 1.2.6) Unauthenticated Access Vulnerability in AI ChatBot Plugin for WordPress Vulnerability: Cross-Site Request Forgery in AI ChatBot Plugin for WordPress Critical Use After Free Vulnerability in vim/vim Repository (prior to v9.0.2010) Privilege Escalation Vulnerability in LXD Group Configuration Cross-Site Request Forgery Vulnerability in Delete Usermeta WordPress Plugin Stored Cross-Site Scripting Vulnerability in MpOperationLogs WordPress Plugin (Versions up to 1.0.1) Critical Remote Code Execution Vulnerability in Lesson Activity Critical Remote Code Execution Vulnerability in IMSCP Activity XSS Vulnerability in CSV Grade Import Method Privacy Breach: Students in Only see own membership Groups Able to View Other Members Meeting ID Duplication Vulnerability in BigBlueButton Vulnerability: Stored XSS and IDOR Risks in Wiki Comments Sensitive User Information Exposed in H5P Metadata Author Field Stored XSS Vulnerability in Quiz Grading Report: Insufficient Sanitization of ID Numbers XSS Vulnerability in Course Upload Preview Cache Poisoning Vulnerability in File Serving Endpoints Category Manipulation Vulnerability Remote Code Execution Vulnerability in Misconfigured Shared Hosting Environment Forum Summary Report Displays Users from Other Groups Password Disclosure Vulnerability in Sophos Firewall's Secure PDF eXchange (SPX) Feature Vulnerability in AXIS OS Secure Boot Protection Allows Sophisticated Bypass Attack TLS Certificate Verification Bypass in LINE Client for iOS prior to 13.16.0 Cross-site Scripting (XSS) Vulnerability in frappe/lms Repository Reflected Cross-Site Scripting (XSS) Vulnerability in structurizr/onpremises GitHub Repository Sandbox Bypass Vulnerability in tracker-miners Package Reflected Cross-Site Scripting Vulnerability in LearnPress WordPress Plugin Arbitrary Option Deletion Vulnerability in 10Web Booster WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP-UserOnline WordPress Plugin Unauthenticated Attackers Can Disclose Email Addresses of WordPress Users via REST API Oracle Style Attack Cross-Site Scripting (XSS) Vulnerability in KNIME Analytics Platform Fatal Exception Caused by IRQ Context Sleep in SJA1000 CAN Controller Driver Backend Stored Cross-site Scripting (XSS) Vulnerability in froxlor/froxlor prior to 2.1.0-dev1 Stored Cross-Site Scripting Vulnerability in Shortcode Menu Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Simple Shortcodes WordPress Plugin (Versions up to 1.0.20) Stored Cross-Site Scripting Vulnerability in QR Code Tag Plugin for WordPress Heap-based Buffer Overflow Vulnerability in Samba Allows Remote DoS Attack Account Footprinting Vulnerability in Inohom Home Manager Gateway Improper Input Validation in vriteio/vrite prior to 0.3.0 SSRF Vulnerability in vriteio/vrite prior to 0.3.0 Unrestricted Resource Allocation Vulnerability in vriteio/vrite (prior to 0.3.0) Use-After-Free Vulnerability in xorg-x11-server-Xvfb Insecure Permission Inheritance in Devolutions Server 2022.3.13.0 and Earlier Sensitive Information Exposure in WPvivid WordPress Plugin via Plaintext Google Drive API Secrets Stored Cross-Site Scripting Vulnerability in Bitly's WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Portábilis i-Educar up to 2.7.5 Information Disclosure Vulnerability in yhz66 Sandbox 6.1.0 Critical SQL Injection Vulnerability in SourceCodester Library System 1.0 (VDB-242145) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Medicine Tracker System 1.0 (index.php) - VDB-242146 Cross-Site Scripting (XSS) Vulnerability in ZZZCMS 2.2.0 Personal Profile Page Component (VDB-242147) PHP Object Injection Vulnerability in WP Simple Galleries Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Motorcycle Rental System 1.0 NULL Pointer Dereference Vulnerability in gpac/gpac prior to 2.3.0-DEV Critical SQL Injection Vulnerability in SourceCodester Free Hospital Management System for Small Practices 1.0 (VDB-242186) Path Traversal Vulnerability in kphrx pleroma Critical SQL Injection Vulnerability in SourceCodester Judging Management System 1.0 (VDB-242188) Critical NULL Pointer Dereference Vulnerability in seleniumhq/selenium (prior to 4.14.0) SQL Injection Vulnerability in librenms/librenms prior to 23.10.0 Code Execution Without Integrity Check in PHOENIX CONTACT MULTIPROG and ProConOS eCLR (SDK) Privilege Escalation Vulnerability in SecuExtender SSL VPN Client Software Insecure Trust Validation of Intermediate Certificates in Secure Traffic Scanning Feature Critical Denial of Service Vulnerability in gpac/gpac Repository (Version Prior to 2.3.0-DEV) Stored Cross-site Scripting (XSS) Vulnerabilities in 3DSwym in 3DSwymer Stored XSS Vulnerability in 3DDashboard of 3DSwym: Arbitrary Script Code Execution Arbitrary File Upload Vulnerability in WooCommerce Ninja Forms Product Add-ons WordPress Plugin Cross-Site Request Forgery Vulnerability in Social Media Share Buttons & Social Sharing Icons Plugin for WordPress Insecure Configuration in Asgaros Forum WordPress Plugin Allows Remote Code Execution Stored Cross-Site Scripting Vulnerability in URL Shortify WordPress Plugin Stored Cross-Site Scripting Vulnerability in ChatBot for WordPress FAQ Builder Path Traversal Vulnerability in TACC ePO Extension Allows Arbitrary Code Execution Reflected Cross-Site Scripting Vulnerability in Seraphinite Accelerator WordPress Plugin Arbitrary Redirect Vulnerability in Seraphinite Accelerator WordPress Plugin Unauthenticated Reset and Import Settings Vulnerability in Seraphinite Accelerator WordPress Plugin User Email Address Disclosure via Tags Feed in GitLab Stored Cross-Site Scripting Vulnerability in Super Testimonials Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Theme Switcha Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Skype Legacy Buttons Plugin for WordPress CVE-2023-5617 Stored Cross-Site Scripting Vulnerability in Modern Footnotes WordPress Plugin Stored XSS Vulnerability in Web Push Notifications WordPress Plugin Stored Cross-Site Scripting Vulnerability in Thumbnail Slider With Lightbox Plugin for WordPress Privilege Escalation Vulnerability in Nessus Network Monitor Improper ACL Configuration in NNM Installation Directory Allows Arbitrary Code Execution Nessus Network Monitor Blind SQL Injection Vulnerability Patch Application Regression in Red Hat Build of python-eventlet Leads to Incomplete Fix for CVE-2021-21419 CSRF Vulnerability in GitHub Repository pkp/ojs prior to 3.3.0-16 Authentication Bypass Vulnerability in NPort 6000 Series Open Redirect Vulnerability: Potential Information Disclosure through Phishing Attempts Untrusted Firmware Installation Vulnerability: CWE-494 Stored XSS Vulnerability in Roundcube Email Client Denial of Service Vulnerability in Eclipse Mosquito 2.0.5 and earlier Use-After-Free Vulnerability in VMware Guest with 3D Acceleration (CVE-2023-33951 and CVE-2023-33952) ArslanSoft Education Portal SQL Injection Vulnerability Improper Protection of Outbound Error Messages and Alert Signals in ArslanSoft Education Portal Allows Account Footprinting ArslanSoft Education Portal Unrestricted File Upload and Command Injection Vulnerability ArslanSoft Education Portal Unrestricted File Upload Vulnerability Stored Cross-Site Scripting Vulnerability in Booster for WooCommerce Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Team Showcase Plugin for WordPress SQL Injection Vulnerability in Article Analytics WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Martins Free & Easy SEO BackLink Link Building Network WordPress Plugin Unauthenticated Remote File Access in Advantech R-SeeNet v2.4.23 Out-of-bounds Write Vulnerability in Arm GPU Kernel Drivers Authorization Bypass in WP Mail Log WordPress Plugin SQL Injection Vulnerability in WP Mail Log WordPress Plugin URL Modification Vulnerability in Zyxel ATP and USG Series Firmware Arbitrary Post Deletion Vulnerability in WP Hotel Booking WordPress Plugin Unauthenticated SQL Injection Vulnerability in WP Hotel Booking WordPress Plugin Stored XSS Vulnerability in WassUp Real Time Analytics WordPress Plugin Unvalidated URL Fetching Vulnerability in React Developer Tools Extension Stored Cross-Site Scripting Vulnerability in WP MapIt Plugin Stored Cross-Site Scripting Vulnerability in Interact: Embed A Quiz On Your Site WordPress Plugin Stored Cross-Site Scripting Vulnerability in SendPress Newsletters Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Social Feed Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Sponsors Plugin for WordPress CVE-2023-5663 Stored Cross-Site Scripting Vulnerability in Garden Gnome Package Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Payment Forms for Paystack WordPress Plugin Stored Cross-Site Scripting Vulnerability in Accordion Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Tab Ultimate WordPress Plugin Stored Cross-Site Scripting Vulnerability in WhatsApp Share Button Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Featured Image Caption Plugin for WordPress Potential Privilege Escalation Vulnerability in HP Print and Scan Doctor for Windows Local File Inclusion Vulnerability in WP Mail Log WordPress Plugin Arbitrary File Upload and Remote Code Execution in WP Mail Log WordPress Plugin SQL Injection Vulnerability in WP Mail Log WordPress Plugin CVE-2023-5675 Vulnerability: Infinite Busy Hang and Segmentation Fault in Early Shutdown Signal Handling in Eclipse OpenJ9 Remote Code Execution Vulnerability in AXIS OS Vulnerability Title: Excessive Long X9.42 DH Key Generation and Checking Vulnerability Vulnerability: DNS64 and Serve-Stale Interaction Crash Resolver Cache Performance Degradation Due to Large Number of ECS Records Critical SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway 6.3 Critical SQL Injection Vulnerability in Tongda OA 2017 (VDB-243058) Critical OS Command Injection Vulnerability in Beijing Baichuo Smart S85F Management Platform (CVE-2023-1059) Critical Remote Command Injection Vulnerability in Beijing Baichuo Smart S85F Management Platform (CVE-2023-1012) CVE-2023-5685 Heap-based Buffer Overflow in radareorg/radare2 prior to 5.9.0 CSRF Vulnerability in GitHub Repository mosparo/mosparo (prior to 1.0.3) DOM-based Cross-site Scripting (XSS) Vulnerability in modoboa/modoboa prior to 2.2.2 DOM-based Cross-site Scripting (XSS) Vulnerability in modoboa/modoboa prior to 2.2.2 CSRF Vulnerability in modoboa/modoboa GitHub Repository (prior to 2.2.2) Stored Cross-Site Scripting Vulnerability in Chatbot for WordPress Plugin CVE-2023-5692 Critical SQL Injection Vulnerability in CodeAstro Internet Banking System 1.0 (VDB-243131) Cross-Site Scripting (XSS) Vulnerability in CodeAstro Internet Banking System 1.0 Cross-Site Scripting (XSS) Vulnerability in CodeAstro Internet Banking System 1.0 Cross-Site Scripting (XSS) Vulnerability in CodeAstro Internet Banking System 1.0 Cross-Site Scripting (XSS) Vulnerability in CodeAstro Internet Banking System 1.0 Cross-Site Scripting (XSS) Vulnerability in CodeAstro Internet Banking System 1.0 Cross-Site Scripting (XSS) Vulnerability in CodeAstro Internet Banking System 1.0 Critical SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway 6.3 (VDB-243138) Cross-Site Scripting (XSS) Vulnerability in vnotex vnote up to 3.17.0 Viessmann Vitogate 300 up to 2.1.3.0 - Unpatched Direct Request Vulnerability Stored Cross-Site Scripting Vulnerability in Gift Up Gift Cards for WordPress and WooCommerce Plugin Stored Cross-Site Scripting Vulnerability in CPO Shortcodes Plugin for WordPress Stored Cross-Site Scripting Vulnerability in VK Filter Search Plugin for WordPress Stored Cross-Site Scripting Vulnerability in VK Blocks WordPress Plugin Stored Cross-Site Scripting Vulnerability in SEO Slider Plugin for WordPress Stored Cross-Site Scripting Vulnerability in WP Post Columns Plugin SQL Injection Vulnerability in WD WidgetTwitter Plugin for WordPress (Versions up to 1.0.9) Unauthenticated Access to Sensitive Data in System Dashboard Plugin for WordPress Unauthenticated Access Vulnerability in System Dashboard Plugin for WordPress Unauthenticated Access Vulnerability in System Dashboard Plugin for WordPress Unauthenticated Access and Data Retrieval Vulnerability in System Dashboard Plugin for WordPress Unauthenticated Access to Data Key Specs in System Dashboard Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Plerdy Plugin for WordPress Arbitrary File Write Vulnerability in ASUS Armoury Crate Heap Out-of-Bounds Write Vulnerability in Linux Kernel's perf Component Vue.js Devtools Extension Vulnerability: Screenshot Data Leakage via postMessage() API Crimson 3.2 Windows-based Configuration Tool Password Truncation Vulnerability Quarkus Gradle Plugin Information Leakage Vulnerability Insufficient Activation-Delay Vulnerability in Firefox and Thunderbird Information Leakage and Vary Header Disclosure in Firefox < 119 Cookie Injection Vulnerability in Firefox < 119 Critical Vulnerability: Crashing Due to Large Draw Calls in Firefox and Thunderbird Arbitrary URL Opening Vulnerability in Firefox and Thunderbird Full Screen Notification Spoofing Vulnerability on macOS Download Vulnerability: Missing Executable File Warning in Windows Operating Systems Garbage Collection Object Mishandling Vulnerability Full Screen Spoofing Vulnerability in Firefox < 119 with WebAuthn Prompt Memory Corruption Vulnerabilities in Firefox and Thunderbird Memory Corruption Vulnerability in Firefox 118: Potential Arbitrary Code Execution Address Bar Spoofing Vulnerability in Firefox and Thunderbird Unauthenticated User Role Escalation in WordPress Backup & Migration Plugin Cross-Site Scripting Vulnerability in WordPress Backup & Migration Plugin Elevation of Privilege Vulnerability in HP PC Hardware Diagnostics Windows Stored Cross-Site Scripting Vulnerability in Facebook Messenger Live Chat Plugin for WordPress Stored Cross-Site Scripting Vulnerability in POWR Plugin for WordPress Stored Cross-Site Scripting Vulnerability in EasyRotator for WordPress Plugin Stored Cross-Site Scripting Vulnerability in Telephone Number Linker Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Very Simple Google Maps Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Reusable Text Blocks Plugin for WordPress Remote Code Execution Vulnerability in Synology Camera Firmware (BC500 and TC500) via Externally-Controlled Format String in CGI Component Remote Code Execution Vulnerability in Wave Camera Device Installation Classic Buffer Overflow Vulnerability in Synology SSL VPN Client before 1.4.7-0687 Reflected Cross-Site Scripting Vulnerability in EmbedPress WordPress Plugin Reflected Cross-Site Scripting in EmbedPress WordPress Plugin (<= 3.9.2) Arbitrary Configuration Injection Vulnerability in pip's Mercurial VCS URL Installation Vulnerability: Buffer Overflows in Bluetooth Subsystem due to Disabled Asserts in hci_core.c Weak Default Administrative Credentials in Sielco PolyEco1000 Cross-Site Request Forgery Vulnerability in Digital Publications by Supsystic Plugin for WordPress Stored Cross-Site Scripting Vulnerability in WP Crowdfunding WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Firefox for iOS < 119 Unauthenticated Remote Denial of Service (DoS) Vulnerability in Helix Core TOCTOU Bug in IOCTL Handling: Local Privilege Escalation in Avast/Avg Antivirus 23.8 SQL Injection Vulnerability in Burst Statistics Plugin for WordPress RCE Vulnerability in Filr WordPress Plugin (Version 1.2.3.6 and earlier) Remote Code Execution Vulnerability in Eclipse Glassfish 5 and 6 with Old JDK Versions Template Injection Vulnerability in Ansible Bypassing Permissions via Data Source Switching in Devolutions Remote Desktop Manager Remote Code Execution Vulnerability in Remote Desktop Manager 2023.2.33 and Earlier on Windows Cross-Site Scripting Vulnerability in RTU500 Webserver Vulnerability in HCI IEC 60870-5-104: Link Layer Blocking Cross-Site Scripting (XSS) Vulnerability in RTU500 Series Webserver Improper HTML Injection Vulnerability in Proofpoint Enterprise Protection Stored XSS Vulnerability in Proofpoint Enterprise Protection AdminUI Cross-Site Request Forgery Vulnerability in Debug Log Manager Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Animated Counters WordPress Plugin CVE-2023-5775 Cross-Site Request Forgery Vulnerability in Post Meta Data Manager Plugin for WordPress Remote Control Exploit in Weintek EasyBuilder Pro: Private Key Exposure Out of Bounds Vulnerability in remove_rx_filter Function Critical SQL Injection Vulnerability in Tongda OA 2017 11.10 Critical SQL Injection Vulnerability in Tongda OA 2017 11.10 Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.10 Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-243589) Critical SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway 6.3 (VDB-243590) Critical SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway 6.3 Remote Code Execution Vulnerability in GeoServer GeoWebCache up to 1.15.1 Critical SQL Injection Vulnerability in Shaanxi Chanming Education Technology Score Query System 5.0 (VDB-243593) Cross-Site Scripting (XSS) Vulnerability in Dragon Path 707GR1 up to 20231022 Unrestricted File Upload Vulnerability in SourceCodester File Manager App 1.0 (VDB-243595) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Sticky Notes App 1.0 Critical SQL Injection Vulnerability in SourceCodester Sticky Notes App 1.0 (VDB-243598) Cross Site Scripting (XSS) Vulnerability in flusity CMS Critical SQL Injection Vulnerability in PHPGurukul Online Railway Catering System 1.0 Unrestricted Upload Vulnerability in CodeAstro POS System 1.0 Unrestricted Upload Vulnerability in CodeAstro POS System 1.0 Privilege Escalation Vulnerability in Zyxel ATP and USG Series Firmware SSRF Vulnerability in Assistant WordPress Plugin before 1.4.4 Insecure Package Deletion Authorization in WP Hotel Booking WordPress Plugin Remote Code Execution Vulnerability in AXIS OS VAPIX API Identity Verification Bypass Vulnerability in Face Unlock Module: Implications for Integrity and Confidentiality CSRF Vulnerability in WP Knowledgebase Plugin <= 1.3.4 CSRF Vulnerability in Business Directory Plugin for WordPress Critical SQL Injection Vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 (VDB-243617) Critical SQL Injection Vulnerability in SourceCodester Simple Real Estate Portal System 1.0 (VDB-243618) SQL Injection vulnerability in Mergen Software Quality Management System (before v1.2) SQL Injection vulnerability in TRtek Software Education Portal allows unauthorized database access Unintended Information Disclosure in SMU Versions Prior to 14.8.7825.01 Stored Cross-Site Scripting Vulnerability in Popup Box WordPress Plugin Cross Site Scripting (XSS) Vulnerability in flusity CMS (CVE-2021-243641) Cross Site Scripting (XSS) Vulnerability in flusity CMS Critical Unrestricted Upload Vulnerability in flusity CMS (VDB-243643) SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 (VDB-243645) Remote Code Execution via Local File Inclusion in The News & Blog Designer Pack WordPress Plugin Stored Cross-Site Scripting Vulnerability in Neon Text Plugin for WordPress Cross-Site Request Forgery Vulnerability in Amazonify WordPress Plugin Stored Cross-Site Scripting Vulnerability in Amazonify WordPress Plugin (Versions up to 0.8.1) Cross-Site Request Forgery Vulnerability in Thumbnail Slider With Lightbox WordPress Plugin (Version 1.0) Cross-Site Request Forgery Vulnerability in Thumbnail Carousel Slider Plugin for WordPress Arbitrary File Upload Vulnerability in Drag and Drop Multiple File Upload - Contact Form 7 Plugin for WordPress CSRF Vulnerability in ThemeKraft TK Google Fonts GDPR Compliant Plugin Squid Denial of Service Vulnerability: Improper Handling of Structural Elements GitLab CE/EE Denial of Service Vulnerability Critical SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway 6.3 (VDB-243716) Critical SQL Injection Vulnerability in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2 (VDB-243717) Critical SQL Injection Vulnerability in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System (CVE-2023-1026) Unrestricted Upload Vulnerability in Admission Management System 1.0 (CVE-2021-243728) Critical Vulnerability in ColumbiaSoft Document Locator: Improper Authentication in WebTools API GitLab CE/EE Vulnerability: Unauthorized Disclosure of Version Metadata Improper Input Validation in mintplex-labs/anything-llm prior to 0.1.0 Improper Access Control in GitHub Repository mintplex-labs/anything-llm Vulnerability in HashiCorp Vagrant Windows Installer Allows Unauthorized File System Writes Cross Site Scripting (XSS) Vulnerability in hu60t hu60wap6 SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 Cross-Site Scripting (XSS) Vulnerability in AlexanderLivanov FotosCMS2 up to 2.4.3 GitHub Repository LinkStack: Insufficient Session Expiration Vulnerability Privilege Chaining Vulnerability in GitHub Repository hestiacp/hestiacp prior to 1.8.9 Insecure Password Recovery Mechanism in GitHub Repository Linkstackorg/Linkstack (v4.2.9 and earlier) Heap-based Buffer Overflow Vulnerability in Academy Software Foundation OpenEXR Image Parsing Library Stored Cross-site Scripting (XSS) Vulnerability in Dolibarr GitHub Repository (prior to version 16.0.5) Remote Code Execution Vulnerability in Ads by datafeedr.com Plugin for WordPress Unverified Password Change Vulnerability in pimcore/admin-ui-classic-bundle prior to 1.2.0 Password-Protected Post Content Leakage in Simple Social Media Share Buttons WordPress Plugin Unauthenticated Access Vulnerability in Franklin Fueling System TS-550 Versions Prior to 1.9.23.8960 Privilege Escalation Vulnerability during Installation or Upgrade High Severity Integer Overflow Vulnerability in Google Chrome's USB Implementation Domain Spoofing Vulnerability in Google Chrome Downloads Obfuscation of Security UI in Google Chrome Downloads (CVE-2022-12345) Use After Free Vulnerability in Google Chrome Printing Obfuscation of Security UI in Google Chrome Downloads Use After Free Vulnerability in Profiles in Google Chrome Use After Free Vulnerability in Google Chrome's Reading Mode Use After Free Vulnerability in Google Chrome Side Panel Arbitrary Code Execution Vulnerability in Google Chrome Downloads Obfuscation of Security UI in Google Chrome WebApp Provider Domain Spoofing Vulnerability in Google Chrome's Picture In Picture Feature Arbitrary File Upload Vulnerability in Icons Font Loader Plugin for WordPress Stored Cross-site Scripting (XSS) Vulnerability in Microweber GitHub Repository Unauthenticated Access to GitHub Repository hamza417/inure Prior to Build95 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.2.2 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.2.1 GitHub Repository Session Expiration Vulnerability in thorsten/phpmyfaq prior to 3.2.2 Insecure Handling of Sensitive Cookies in GitHub Repository thorsten/phpmyfaq prior to 3.2.1 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.2.2 PostgreSQL Aggregate Function Memory Disclosure Vulnerability PostgreSQL Integer Overflow Vulnerability in SQL Array Modification Vulnerability: Denial of Service (DoS) Attack via pg_cancel_backend Role in PostgreSQL Denial of Service Vulnerability in libnbd via Malicious NBD Server Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 11.1.0 Stored Cross-Site Scripting Vulnerability in Popup Box WordPress Plugin Critical Vulnerability in Mattermost Desktop: Media Exploitation via Malicious Server Server URL Path RegExp Validation Vulnerability in Mattermost Unauthenticated SSRF Vulnerability in affiliate-toolkit WordPress Plugin Clear Text Storage of User Authentication Credentials in The Genie Company Aladdin Connect Mobile App XSS Vulnerability in Genie Company Aladdin Connect Garage Door Opener Unauthenticated Access Vulnerability in The Genie Company Aladdin Connect Garage Door Control Module Setup Unauthenticated Remote Code Execution in Export any WordPress data to XML/CSV and WP All Export Pro WordPress Plugins CSRF Vulnerability in Word Balloon WordPress Plugin Allows Arbitrary Avatar Deletion Remote File Access Vulnerability in Discontinued FFS Colibri Product Unauthenticated File Upload and PHAR Deserialization Vulnerability in WordPress Export Plugins Insufficient Session Expiration in GitHub Repository PKP/pkp-lib Prior to Version 3.3.0-16 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 Reflected Cross-site Scripting (XSS) Vulnerability in pkp/pkp-lib prior to 3.3.0-16 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 CSRF Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pkp/ojs prior to 3.3.0-16 Cross-site Scripting (XSS) Vulnerability in pkp/pkp-lib GitHub Repository Prior to Version 3.3.0-16 Stored Cross-site Scripting (XSS) Vulnerability in pkp/pkp-lib prior to 3.4.0-4 CSRF Vulnerability in GitHub Repository pkp/customLocale prior to 1.2.0-1 CSRF Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 CSRF Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 Cross-Site Request Forgery Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 Cross-site Scripting Vulnerability in pkp/pkp-lib prior to 3.3.0-16 CSRF Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pkp/pkp-lib prior to 3.3.0-16 Unrestricted Data Export Vulnerability in DeMomentSomTres WordPress Export Posts With Images Plugin Confidential File Access Vulnerability in Job Manager & Career WordPress Plugin Unrestricted Root Directory Access in File Manager WordPress Plugin Buffer Overflow Vulnerability in KEPServerEX Certificate Validation Vulnerability in KEPServerEX Cross-Site Scripting (XSS) Vulnerability in PopojiCMS 2.0.1 Stored Cross-Site Scripting Vulnerability in WP Custom Cursors WordPress Plugin CVE-2023-5912 Privilege Escalation Vulnerability in opentext Fortify ScanCentral DAST Exploiting Cross-Site Scripting (XSS) Vulnerability: A Silent Threat to Web Applications Uncontrolled Resource Consumption Vulnerability in STARDOM FCN/FCJ Controllers Critical Remote Code Execution Vulnerability in Lissy93 Dashy 2.1.1 Cross-Site Scripting (XSS) Vulnerability in phpBB Smiley Pack Handler Critical SQL Injection Vulnerability in SourceCodester Visitor Management System 1.0 (VDB-244308) Unrestricted Upload Vulnerability in SourceCodester Company Website CMS 1.0 Insecure Keyboard Input Handling in Mattermost Desktop for MacOS Functionality Bypass Vulnerability in DECE Software Geodi Unauthenticated Access to Draft, Private, and Password Protected Posts in Royal Elementor Addons and Templates WordPress Plugin Critical SQL Injection Vulnerability in Campcodes Simple Student Information System 1.0 Critical SQL Injection Vulnerability in Campcodes Simple Student Information System 1.0 Critical SQL Injection Vulnerability in Campcodes Simple Student Information System 1.0 (VDB-244325) Critical SQL Injection Vulnerability in Campcodes Simple Student Information System 1.0 (VDB-244326) Critical SQL Injection Vulnerability in Campcodes Simple Student Information System 1.0 SQL Injection Vulnerability in Campcodes Simple Student Information System 1.0 Critical SQL Injection Vulnerability in Campcodes Simple Student Information System 1.0 (VDB-244329) Cross-Site Scripting (XSS) Vulnerability in Campcodes Simple Student Information System 1.0 Unvalidated File Upload Vulnerability in rtMedia WordPress Plugin Arbitrary API PUT Requests via User Name Input Sanitization Vulnerability in GitLab CE/EE Remote Code Execution Vulnerability in rtMedia WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Not Login Hide WordPress Plugin Heap Buffer Overflow in FreeBSD's __sflush() Function Stored Cross-Site Scripting Vulnerability in Medialist WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Wp-Adv-Quiz WordPress Plugin Stack-Based Buffer Overflow in Delta Electronics DOPSoft Software Vulnerability: Cross-Site Request Forgery in WordPress Video Carousel Slider Plugin Reflected Cross-Site Scripting Vulnerability in Digirisk Plugin for WordPress (Version 6.0.0.0) Improper Authorization in amazefileutilities GitHub Repository (CVE-XXXX-XXXX) Unauthorised Access to Password-Protected Content in SmartCrawl WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Rapid7 Velociraptor Reflected Cross-Site Scripting Vulnerability in Welcart e-Commerce WordPress Plugin Unauthenticated PHP Object Injection in Welcart e-Commerce WordPress Plugin Arbitrary File Upload Vulnerability in Welcart e-Commerce WordPress Plugin Memory Consumption Denial-of-Service Vulnerability in HashiCorp Vault Stored Cross-Site Scripting Vulnerability in Contact Form Email WordPress Plugin Stored Cross-Site Scripting Vulnerability in Wp-Adv-Quiz WordPress Plugin Arbitrary File Upload and Remote Code Execution (RCE) Vulnerability in Ni Purchase Order(PO) For WooCommerce WordPress Plugin Unauthenticated XSS Vulnerability in POST SMTP Mailer WordPress Plugin Weak Password Recovery Vulnerability in Beijing Baichuo Smart S85F Management Platform V31R02B10-01 (VDB-244992) Improper Privilege Management Vulnerability in Zyxel USG FLEX and VPN Series Firmware CSRF Vulnerability in ioLogik E1200 Series Firmware v3.3 and Prior Title: Critical Vulnerability in ioLogik E1200 Series Firmware Allows for Confidentiality Breach and Unauthorized Access Denial of Service Vulnerability in GitLab EE Advanced Search Function Arbitrary Code Execution Vulnerability in 1E-Exchange-DisplayMessage Instruction Arbitrary PHP Code Execution via Specially Crafted Zip Upload in EspoCRM 7.2.5 Arbitrary PHP Code Execution Vulnerability in EspoCRM 7.2.5 Unvalidated Requests in Mattermost Calls Plugin Lead to Plugin Crash User object sanitization vulnerability in Mattermost allows password hash exposure Memory Exhaustion Vulnerability in Mattermost's /api/v4/redirect_location Endpoint Accent Character MFA Bypass Vulnerability in SMA100 SSL-VPN Virtual Office Portal Null Pointer Dereference Vulnerability in Linux Kernel's nft_inner.c Functionality CVE-2023-5973 Server-Side Request Forgery (SSRF) Vulnerability in WPB Show Core WordPress Plugin 2.2 Cross-Site Request Forgery Vulnerability in ImageMapper WordPress Plugin (up to 1.2.6) Improper Access Control in Microweber GitHub Repository Prior to Version 2.0 Vulnerability: Improper Validation of Updated Constraints in FreeBSD 13-RELEASE CSRF Vulnerability in eCommerce Product Catalog Plugin for WordPress Stored Cross-Site Scripting Vulnerability in BSK Forms Blacklist WordPress Plugin Timing Vulnerability in RSA-PSK ClientKeyExchange with Malformed Ciphertexts Cross-Site Request Forgery vulnerability in UpdraftPlus WordPress Backup & Migration Plugin Sensitive Information Exposure in Botanik Software Pharmacy Automation Firmware Update Vulnerability: Unauthorized Code Upload and Device Takeover CWE-79: Cross-Site Scripting (XSS) Vulnerability with Admin Privileges CWE-601 URL Redirection to Untrusted Site Vulnerability Cross-Site Scripting (XSS) Vulnerability: Arbitrary JavaScript Execution Reflected XSS Vulnerability in Uyumsoft LioXERP (before v.146) Stored Cross-Site Scripting (XSS) Vulnerability in Uyumsoft LioXERP CSRF Vulnerability in Interactive Contact Form and Multi Step Form Builder Plugin Arbitrary File Download and Deletion Vulnerability in Hotel Booking Lite WordPress Plugin OpenSC Vulnerability: Side-Channel Attack on PKCS#1 Encryption Padding Removal CVE-2023-5993 Vulnerability: Unauthorized Access to Internal Projects via GitLab EE Policy Bot WebAudio Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome's Garbage Collection Out-of-bounds Read Vulnerability in gpac/gpac prior to 2.3.0-DEV Stored XSS Vulnerability in Popup Builder WordPress Plugin Unauthenticated Access to Prometheus Metrics in YugabyteDB Anywhere Cross Site Scripting (XSS) Vulnerability in YugabyteDB via Log Injection Unchecked Hostname Syntax Vulnerability in libssh Stored Cross-Site Scripting Vulnerability in EventON WordPress Plugin Privilege Escalation via Insecure pc-pdl-to-image Execution in PaperCut NG UserPro Plugin for WordPress: Unauthorized Access and Data Manipulation Vulnerability UserPro Plugin for WordPress Cross-Site Request Forgery Vulnerability Privilege Escalation Vulnerability in UserPro WordPress Plugin (Versions up to 5.1.4) Stored Cross-site Scripting (XSS) Vulnerability in DECE Software Geodi (Versions before 8.0.0.27396) Remote Code Execution Vulnerability in Lanaccess ONSAFE MonitorHM 3.7.0 H2O Vulnerability: Stored XSS Exploit Enables Local File Include Attack Arbitrary Account Creation Vulnerability in MLflow Arbitrary File Upload Vulnerability in MLflow Remote Code Execution Vulnerability in H2O Dashboard's POJO Model Import Feature S3 Bucket Reference Leakage Vulnerability in H2O Unauthenticated File Overwrite Vulnerability in MLflow Server Command Injection Vulnerability in Ray's cpu_profile URL Parameter Local File Inclusion (LFI) Vulnerability in Ray's /static/ Directory Allows Unauthorized Access to Server Files LFI Vulnerability in Ray's Log API Endpoint Allows Unauthorized File Access CSRF Vulnerability in Prefect Web Server API Allows Secret Theft and Remote Code Execution LFI Vulnerability Allows Unauthorized File Access in ModelDB Server Path Traversal Vulnerability in elijaa/phpmemcachedadmin 1.3.0 Allows File Deletion Stored XSS Vulnerability in elijaa/phpmemcachedadmin 1.3.0 Reflected XSS Vulnerability in B&R Automation Runtime SVG Version Unauthenticated Arbitrary Post Deletion and Document Manipulation in EazyDocs WordPress Plugin Path Traversal Vulnerability in Network Management Card Allows File System Enumeration and Download Jira Integration Configuration Vulnerability in GitLab CE/EE: Remote Code Execution via JavaScript Injection SQL Injection Vulnerability in EazyDocs WordPress Plugin Authentication Bypass Vulnerability in Web3 WordPress Plugin (CVE-XXXX-XXXX) Stored Cross-Site Scripting Vulnerability in WP TripAdvisor Review Slider WordPress Plugin Unauthenticated File Read Vulnerability in H2O Dashboard Use-After-Free Vulnerability in LAN78XX USB Device Detachment Out-of-Bounds Access Vulnerability in nf_tables_newtable Function Unauthenticated User Email Spoofing Vulnerability Lenovo Vantage Privilege Escalation Vulnerability: Bypassing Integrity Checks for Arbitrary Code Execution Lenovo Vantage Privilege Escalation Vulnerability: Impersonation and Arbitrary Code Execution Title: Local Attacker Exploits Type Confusion to Execute Arbitrary Code in Pre-installed Apps in OpenHarmony v3.2.2 and Prior Versions Stored HTML Injection Vulnerability in EventON WordPress Plugin CVE-2023-6047 Privilege Escalation Vulnerability in Estatik Real Estate Plugin for WordPress Unauthenticated PHP Object Injection in Estatik Real Estate Plugin WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Estatik Real Estate Plugin for WordPress Vulnerability: File Integrity Compromise in GitLab CE/EE SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-244874) Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-244875) Phantom DLL Loading Vulnerability in Iconics SCADA Suite Components Arbitrary File Write Vulnerability in Nessus Application SQL Injection Vulnerability in WP Fastest Cache WordPress Plugin Sensitive Information Exposure in PayHere Payment Gateway WordPress Plugin Unrestricted Access to Detailed Scan Logs in Quttera Web Malware Scanner WordPress Plugin Privilege Escalation in WP Custom Widget Area WordPress Plugin CVE-2023-6067 CVE-2023-6068 GitHub Repository File Access Vulnerability in froxlor/froxlor prior to 2.1.0 Server-Side Request Forgery Vulnerability in ESM Prior to Version 11.6.8 Allows Arbitrary Content Upload and Configuration Alteration Command Injection Vulnerability in ESM Prior to Version 11.6.9 Cross-Site Scripting Vulnerability in Trellix Central Management (CM) Vulnerability: Denial of Service and Audio Volume Spoofing in ICAS 3 IVI ECU Critical SQL Injection Vulnerability in PHPGurukul Restaurant Table Booking System 1.0 Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Restaurant Table Booking System 1.0 Information Disclosure Vulnerability in PHPGurukul Restaurant Table Booking System 1.0 Arbitrary Post Access Vulnerability in Slider WordPress Plugin OS Command Injection Vulnerability in BIOVIA Materials Studio Products Stored Cross-Site Scripting Vulnerability in Chartjs WordPress Plugin Stored Cross-Site Scripting Vulnerability in Chartjs WordPress Plugin Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-244994) CVE-2023-6090 CVE-2023-6091 Clickjacking Vulnerability in OnCell G3150A-LTE Series Firmware v1.3 and Prior Sensitive Information Exposure in OnCell G3150A-LTE Series Firmware CVE-2023-6095 CVE-2023-6096 ICS Business Manager Version 7.06.0028.7089 SQL Injection Vulnerability ICS Business Manager Version 7.06.0028.7066 XSS Vulnerability: Remote Session Hijacking Critical Privilege Escalation Vulnerability in Shenzhen Youkate Industrial Facial Love Cloud Payment System Information Disclosure Vulnerability in Maiwei Safety Production Control Platform 4.1 Information Disclosure Vulnerability in Maiwei Safety Production Control Platform 4.1 Unrestricted Upload Vulnerability in Maiwei Safety Production Control Platform 4.1 Cross-Site Scripting (XSS) Vulnerability in Intelbras RX 1500 1.1.9 ManageEngine Products Information Disclosure Vulnerability: Exposed Encryption Keys Race Condition Vulnerability in YOP Poll Plugin for WordPress Use-after-free vulnerability in nf_tables component of Linux kernel's netfilter Use After Free Vulnerability in Google Chrome Navigation Information Leakage in WP STAGING WordPress Backup Plugin and WP STAGING Pro WordPress Backup Plugin Unauthenticated Access to Sensitive Files in Duplicator WordPress Plugin CVE-2023-6116 Obsolete Functionality in M-Files Server Rest API Methods Allows for DoS Attacks through Unwanted Server Memory Consumption Absolute Path Traversal Vulnerability in Neutron IP Camera Improper Privilege Management in Trellix GetSusp: Local Privilege Escalation Directory Traversal Vulnerability in Welcart e-Commerce Plugin for WordPress Remote Heap-Based Buffer Overflow in Linux Kernel's NVMe-oF/TCP Subsystem Reflected XSS vulnerability in Softomi Gelişmiş C2C Pazaryeri Yazılımı Remote Code Execution Vulnerability in OpenText ALM Octane SSRF Vulnerability in GitHub Repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14 GitHub Repository SalesAgility/SuiteCRM Prior to 7.14.2, 7.12.14, 8.4.2 Code Injection Vulnerability GitHub Repository Code Injection Vulnerability in salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2 Unrestricted File Upload Vulnerability in GitHub Repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Reflected Cross-site Scripting (XSS) Vulnerability in SuiteCRM Vulnerability: POLY1305 MAC Implementation Bug on PowerPC CPUs GitHub Repository Path Traversal Vulnerability in salesagility/suitecrm GitHub Repository SalesAgility/SuiteCRM Prior to 7.14.2, 7.12.14, 8.4.2 Code Injection Vulnerability CVE-2023-6132 Arbitrary File Upload Vulnerability in Forminator Plugin for WordPress Incomplete Fix for Redirect Scheme Validation in Keycloak Minerva: Side-Channel Attack on NSS NIST Curves in Firefox < 121 Unauthorized Access to Sensitive Information in Bowo Debug Log Manager CSRF Vulnerability in finnj Frontier Post: Allowing Cross-Site Request Forgery HP Workstation BIOS Vulnerability: Privilege Escalation, Code Execution, and Denial of Service Risk Unauthenticated Denial of Service Vulnerability in Essential Real Estate WordPress Plugin Unrestricted File Upload Vulnerability in Essential Real Estate WordPress Plugin Stored XSS Vulnerability in Essential Real Estate WordPress Plugin Unrestricted File Upload and Bad Filename Entropy Vulnerability in Dev Blog v1.0 CVE-2023-6143 Account Takeover Vulnerability: Exploiting User Cookie in Dev Blog v1.0 SQL Injection Vulnerability in Softomi Advanced C2C Marketplace Software Stored XSS Vulnerability in Qualys Web Application XXE Vulnerability in Qualys Jenkins Plugin for Policy Compliance Missing Permission Check in Qualys Jenkins Plugin Allows for XSS Injection XXE Injection Vulnerability in Qualys Jenkins Plugin for WAS Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows unauthorized data collection Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows unauthorized data collection Email Verification Bypass Vulnerability CVE-2023-6153 CVE-2023-6154 Unauthenticated User Email Leakage in Quiz Maker WordPress Plugin Arbitrary Livestatus Command Execution in Checkmk <= 2.2.0p15 Arbitrary Livestatus Command Execution in Checkmk <= 2.2.0p15 Vulnerability: Unauthorized Modification and Data Loss in EventON WordPress Virtual Event Calendar Plugin Regular Expression Denial of Service in GitLab CE/EE via Malicious `Cargo.toml` Input Directory Traversal Vulnerability in LifterLMS WordPress Plugin (Versions up to 7.4.2) Reflected Cross-Site Scripting Vulnerability in WP Crowdfunding WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Crowdfunding WordPress Plugin CSS Injection Vulnerability in MainWP Dashboard Plugin for WordPress Cross-Site Scripting Vulnerability in Restrict Usernames Emails Characters WordPress Plugin Reflected Cross-Site Scripting in Quiz Maker WordPress Plugin (before 6.4.9.5) CVE-2023-6173 Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.10: SSH Dissector Crash CVE-2023-6175 Linux Kernel API Null Pointer Dereference Vulnerability in Scatterwalk Functionality Arbitrary File Write Vulnerability in Nessus Rules Variables Arbitrary System Code Execution Vulnerability in Honeywell ProWatch 4.5 Memory Leak Vulnerability in tokio-boring Library (Version 4.0.0) Leads to Resource Exhaustion and Potential DoS Persistent Code Execution Vulnerability in BCB Reboot Reason Handling Cross Site Scripting Vulnerability in Citrix Session Recording: Exploiting Cross Site Scripting Arbitrary GStreamer Plugin Execution Vulnerability in LibreOffice Insufficient Macro Permission Validation in LibreOffice Allows Execution of Built-in Macros Without Warning Arbitrary File Upload Vulnerability in Paid Memberships Pro Plugin for WordPress Critical Code Injection Vulnerability in GetSimpleCMS 3.3.16/3.4.0a Unauthenticated Data Write and Export Vulnerability in M-Files Server Absolute Path Traversal Vulnerability in İzmir Katip Çelebi University Information Management System CVE-2023-6191 Unbounded Queuing of Path Validation Messages in Quiche v0.15.0 - v0.19.0 XML External Entity (XXE) Injection Vulnerability in Eclipse Memory Analyzer Cross-Site Request Forgery (CSRF) Vulnerability in Audio Merchant Plugin for WordPress Cross-Site Request Forgery Vulnerability in Audio Merchant Plugin for WordPress Exploiting SSRF Vulnerability in Book Stack Version 23.10.2: Filtering Local Files on the Server Race Condition Vulnerability in Linux Kernel Allows Arbitrary Code Execution via ICMPv6 Router Advertisement OS Command Injection Vulnerability in Univera Computer System Panorama (Versions before 8.0) Improper Authorization in Mattermost Boards Allows Guest Users to Access User Information Password Protected Posts Disclosure in Events Calendar WordPress Plugin Canvas Element Memory Leak Vulnerability Use-after-free vulnerability in MessagePort in Firefox and Thunderbird Clickjacking Vulnerability Exploiting Anti-Clickjacking Delay in Firefox and Thunderbird Use-after-free vulnerability in ReadableByteStreams due to ownership mismanagement X11 Selection API Text Leakage Vulnerability Path-traversal vulnerability in Firefox and Thunderbird versions < 120 and < 115.5.0 Insecure Loading of Content in Pop-ups: Firefox < 120 Vulnerability Clickjacking Vulnerability in Firefox < 120 Allows HTTPS-only Exception Bypass Memory Corruption Vulnerabilities in Firefox and Thunderbird Versions < 120 Critical Memory Corruption Vulnerability in Firefox < 120 CVE-2023-6214 Reflected Cross-Site Scripting (XSS) Vulnerability in MOVEit Gateway and MOVEit Transfer Privilege Escalation Vulnerability in MOVEit Transfer Versions Prior to 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7) Arbitrary File Upload Vulnerability in BookingPress Plugin for WordPress Arbitrary File Upload Vulnerability in Piotnet Forms Plugin for WordPress Insufficient Protection of Cloud Provider Puts MachineSense Devices at Risk Path Traversal Vulnerability in Quttera Web Malware Scanner WordPress Plugin Insecure Direct Object Reference vulnerability in LearnPress WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Shortcodes Plugin Insecure Direct Object Reference vulnerability in WP Shortcodes Plugin — Shortcodes Ultimate Heap-based Buffer Overflow in tiffcp Utility of libtiff Package Buffer Overflow Vulnerability in CPCA PDL Resource Download Process of Office Multifunction Printers and Laser Printers: Satera LBP670C Series/Satera MF750C Series, Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series, i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series Firmware v03.07 and Earlier Buffer Overflow Vulnerability in Address Book Password Process Buffer Overflow Vulnerability in Office Multifunction Printers and Laser Printers: Satera LBP670C Series/Satera MF750C Series, Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series, i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series Firmware v03.07 and Earlier Buffer Overflow Vulnerability in Office Multifunction Printers and Laser Printers Critical Buffer Overflow Vulnerability in Office Multifunction Printers and Laser Printers: SLP Attribute Request Process Buffer Overflow Vulnerability in CPCA Color LUT Resource Download Process of Office Multifunction Printers and Laser Printers Uncontrolled Search Path Element Vulnerability in Duet Display 2.5.9.1 CVE-2023-6236 CVE-2023-6237 Buffer Overflow Vulnerability in Linux Kernel's NVMe Driver Metadata-driven permissions miscalculation vulnerability in M-Files Server versions 23.9-23.11.13168.7 Marvin Vulnerability: Side-Channel Leakage in RSA Decryption Operation in Linux Kernel CVE-2023-6241 Cross-Site Request Forgery (CSRF) Vulnerability in EventON WordPress Plugin Cross-Site Request Forgery (CSRF) Vulnerability in EventON WordPress Virtual Event Calendar Plugin Denial of Service Vulnerability in Candid Rust Library Heap-based Buffer Overflow in glibc's __vsyslog_internal Function CVE-2023-6247 Unsecured MQTT Server Allows Remote Code Execution and Data Leakage on Syrus4 IoT Gateway Unsigned Conversion Vulnerability in ESP32_IPM_Send Password Protected Posts Disclosure in BestWebSoft's Like & Share WordPress Plugin CSRF Vulnerability in Checkmk Allows Deletion of User Messages Chameleon Power Framework Path Traversal Vulnerability in getImage Parameter Uninstaller Key Extraction Vulnerability in Digital Guardian's Agent Plain Text Password Exposure in OTRS AgentInterface and ExternalInterface Hard-coded Credentials Vulnerability in SoliPay Mobile App: Read Sensitive Strings CVE-2023-6257 Title: PKCS#11 Provider Vulnerability: Bleichenbacher-like Flaw Enables Side-Channel Attack on PKCS#1 1.5 Decryption Insufficiently Protected Credentials: Password Recovery Exploitation in Brivo ACS100 and ACS300 OS Command Injection Vulnerability in Brivo ACS100 and ACS300 Vulnerability: Unauthorized Access and User Impersonation in Network Optix NxCloud Content-Security-Policy Header Information Leak in Devolutions Server 2023.3.7.0 Directory Traversal Vulnerability in Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 Unauthenticated Access to Sensitive Data in Backup Migration Plugin for WordPress Vulnerability: Insecure JSON Payload Processing in Annotation-Based Security Reflected Cross-Site Scripting in JSON Content Importer WordPress Plugin Argument Injection Vulnerability in Atos Unify OpenScape Products Use-after-free vulnerability in Linux kernel ATA over Ethernet (AoE) driver Sensitive Information Leakage in Backup Migration WordPress Plugin Unlimited 2FA Validation Attempts Vulnerability in Theme My Login WordPress Plugin Sound Booster Module Permission Management Vulnerability Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S80 up to 20231108 Cross-Site Scripting (XSS) Vulnerability in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1 Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-246105) Denial of Service Vulnerability in libtiff's TIFFOpen() API Reflected Cross-Site Scripting Vulnerability in Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress Plugin Arbitrary Blog Options Update Vulnerability in Woostify Sites Library WordPress Plugin 52North WPS XML External Entity (XXE) Vulnerability Cross-Site Scripting (XSS) Vulnerability in IceHrm 23.0.0.OS via /icehrm/app/fileupload_page.php Sensitive Data Exposure in Tribe29 Checkmk Appliance: Password Retrieval via Log File Reading Remote Desktop Manager 2023.3.9.3 and Earlier on macOS Code Injection Vulnerability Unrestricted Export of Sensitive Information in Swift Performance Lite WordPress Plugin Unsanitized Settings in SEOPress WordPress Plugin Allows Cross-Site Scripting Attacks Redirect_uri Validation Bypass in Keycloak: Impersonation and Access Token Theft CSRF Vulnerability in Ecwid Ecommerce Shopping Cart WordPress Plugin Prototype Pollution in sequelize-typescript prior to 2.1.6 Unvalidated Parameter SSRF Vulnerability in Popup Builder WordPress Plugin LFI Vulnerability in SiteOrigin Widgets Bundle WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in osCommerce 4 Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 Improper Validation of Array Index in Apryse iText 8.0.2 Memory Leak Vulnerability in Apryse iText 8.0.1 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Best Courier Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Best Courier Management System 1.0 Critical Remote Code Execution Vulnerability in CSZCMS 1.3.0 CSZCMS 1.3.0 - Remote Cross-Site Scripting (XSS) Vulnerability in Site Settings Page Critical Remote Command Injection Vulnerability in Tecno 4G Portable WiFi TR118 Critical SQL Injection Vulnerability in SourceCodester Free and Open Source Inventory Management System 1.0 (VDB-246131) Critical SQL Injection Vulnerability in SourceCodester Free and Open Source Inventory Management System 1.0 Critical Path Traversal Vulnerability in jeecgboot JimuReport up to 1.6.1 (VDB-246133) Critical Unrestricted Upload Vulnerability in Xiamen Four-Faith Video Surveillance Management System 2016/2017 Critical OS Command Injection Vulnerability in moses-smt mosesdecoder (up to 4.0) via contrib/iSenWeb/trans_result.php Critical SQL Injection Vulnerability in SourceCodester Loan Management System 1.0 (CVE-2021-246136) Critical SQL Injection Vulnerability in SourceCodester Loan Management System 1.0 (CVE-2021-246137) Critical SQL Injection Vulnerability in SourceCodester Loan Management System 1.0 (VDB-246138) Cross-Site Scripting (XSS) Vulnerability in SourceCodester URL Shortener 1.0 Arbitrary Code Execution Vulnerability in FPWin Pro Version 7.7.0.0 and Earlier Arbitrary Code Execution Vulnerability in FPWin Pro Version 7.7.0.0 and Earlier Arbitrary File Upload Vulnerability in MW WP Form Plugin for WordPress CVE-2023-6317 CVE-2023-6318 CVE-2023-6319 CVE-2023-6320 CVE-2023-6326 Authentication Bypass Vulnerability in Control iD iDSecure v4.7.32.0 Stored Cross-Site Scripting Vulnerability in ControlByWeb Relay Products Buffer Overflow vulnerability in HYPR Workforce Access on Windows (Workforce Access: before 8.7) User-Controlled Filename Vulnerability in HYPR Workforce Access on Windows User-Controlled Filename Vulnerability in HYPR Workforce Access on MacOS Memory Exhaustion Denial of Service Vulnerability in HashiCorp Vault Local Privilege Escalation Vulnerability in Lenovo Universal Device Client (UDC) Critical Vulnerability: Google Nest WiFi Pro Root Code-Execution and User-Data Compromise Stack-based Buffer Overflow Vulnerability in SonicWall Capture Client and NetExtender Remote Unauthenticated Access to Sensitive Court Documents in Catalis CMS360 Authentication Bypass Vulnerability in Tyler Technologies Court Case Management Plus Remote File Enumeration and Access in Tyler Technologies Court Case Management Plus Remote Directory Enumeration in Tyler Technologies Court Case Management Plus Skia Integer Overflow Vulnerability in Google Chrome WebAudio Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in Mojo in Google Chrome Type Confusion Vulnerability in Google Chrome's Spellcheck Heap Corruption Vulnerability in libavif in Google Chrome Heap Corruption Vulnerability in libavif in Google Chrome Arbitrary File Access Vulnerability in Aquaforest TIFF Server Unauthenticated Remote File Manipulation in Tyler Technologies Civil and Criminal Electronic Filing Remote File Manipulation in Tyler Technologies Magistrate Court Case Management Plus Vulnerability: Incorrect Fuse Value Selection in Gallagher Controller 7000 Platform Linux Kernel NVMe Driver NULL Pointer Dereference Vulnerability Remote Code Execution Vulnerability via File System Libraries Alumne LMS 4.0.0.1.08 - Cross-Site Scripting (XSS) Vulnerability Unauthenticated SQL Injection Vulnerability in 'My Calendar' WordPress Plugin (Version < 3.4.22) CVE-2023-6363 Stored Cross-Site Scripting (XSS) Vulnerability in WhatsUp Gold Versions Before 2023.1 Stored Cross-Site Scripting (XSS) Vulnerability in WhatsUp Gold Stored Cross-Site Scripting (XSS) Vulnerability in WhatsUp Gold Alert Center Stored Cross-Site Scripting (XSS) Vulnerability in WhatsUp Gold Versions Before 2023.1 Unauthenticated Information Enumeration in WhatsUp Gold API Endpoint Unauthenticated Access and Data Modification Vulnerability in Export WP Page to Static HTML/CSS Plugin CVE-2023-6371 SQL Injection Vulnerability in ArtPlacer Widget WordPress Plugin Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Authentication Bypass Vulnerability Remote Unauthenticated Access to Sensitive Data in Tyler Technologies Court Case Management Plus Backups Insufficient Randomization of Cached Document File Names in Henschen & Associates Court Document Management Software Xorg-Server XKB Button Actions Memory Vulnerability Logback Receiver Component Serialization Denial-of-Service Vulnerability XSS Vulnerability in Alkacon Software Open CMS 'Mercury' Template (Versions 14 and 15) Open CMS Mercury Template Open Redirect Vulnerability Improper Input Validation Vulnerability in SuperMailer 11.20.0.2204: Remote Code Execution via Malicious Configuration File Directory Listing Vulnerability in Debug Log Manager WordPress Plugin Arbitrary Avatar Deletion and Update Vulnerability in WP User Profile Avatar WordPress Plugin CVE-2023-6385 Buffer Overflow Vulnerability in Bluetooth LE HCI CPC Sample Application in Gecko SDK SSRF Vulnerability in Suite CRM version 7.14.2 Allows Arbitrary HTTP Requests Unauthenticated Redirect Vulnerability in WordPress Toolbar WordPress Plugin CSRF Vulnerability in WordPress Users WordPress Plugin CSRF Vulnerability in Custom User CSS WordPress Plugin Quarkus Cache Runtime Vulnerability: Information Leakage via Cached Uni Context Unauthenticated Access to Secured Websocket Endpoint in Quarkus Privilege Escalation via Jinja2 Template Injection in Mock Software Null Pointer Dereference Vulnerability in Zyxel ATP and USG FLEX Series Firewalls Post-Authentication Command Injection Vulnerability in Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, USG FLEX H, NWA50AX, WAC500, WAX300H, and WBE660S Firmware Format String Vulnerability in Zyxel ATP, USG FLEX, USG20(W)-VPN, and USG FLEX H Series Firmware CVE-2023-6400 Uncontrolled Search Path Vulnerability in NotePad++ up to 8.1 (VDB-246421) Critical SQL Injection Vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 (CVE-2021-246423) Arbitrary File Deletion Vulnerability via Path Traversal Man in the Middle Attack Vulnerability: Improper Enforcement of Message Integrity During Transmission EcoStruxure Control Expert: Use of Hard-coded Credentials Vulnerability SQL Injection Vulnerability in Voovi Social Networking Script v1.0 SQL Injection Vulnerability in Voovi Social Networking Script Version 1.0 SQL Injection Vulnerability in Voovi Social Networking Script (Version 1.0) via photo.php Parameters SQL Injection Vulnerability in Voovi Social Networking Script (Version 1.0) via photos.php SQL Injection Vulnerability in Voovi Social Networking Script (Version 1.0) via perfil.php SQL Injection Vulnerability in Voovi Social Networking Script (Version 1.0) via signin.php SQL Injection Vulnerability in Voovi Social Networking Script Version 1.0 SQL Injection Vulnerability in Voovi Social Networking Script version 1.0 via update.php SQL Injection Vulnerability in Voovi Social Networking Script version 1.0 XSS Vulnerability in Voovi Social Networking Script version 1.0 via editprofile.php XSS Vulnerability in Voovi Social Networking Script v1.0 via signup2.php Password Leakage Vulnerability in Download Manager WordPress Plugin Persistent XSS Vulnerability in BigProf Online Clinic Management System 2.2 Persistent XSS Vulnerability in BigProf Online Clinic Management System 2.2 Persistent XSS Vulnerability in BigProf Online Clinic Management System 2.2 Persistent XSS Vulnerability in BigProf Online Clinic Management System 2.2 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 Persistent XSS Vulnerability in BigProf Online Invoicing System 2.6 SQL Injection Vulnerability in Ekol Informatics Website Template CVE-2023-6437 Remote Code Execution Vulnerability in Thecosy IceCMS 2.0.1 Cross-Site Scripting (XSS) Vulnerability in ZenTao PMS 18.8 (VDB-246439) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Book Borrower System 1.0 (CVE-2021-246443) SQL Injection Vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 CVE-2023-6444 Stored Cross-Site Scripting Vulnerability in Calculated Fields Form Plugin for WordPress Unauthenticated Access to Private and Password Protected Events in EventPrime WordPress Plugin Default Administrative Password Vulnerability in Unitronics VisiLogic Arbitrary File Upload Vulnerability in Contact Form 7 Plugin for WordPress Lenovo App Store App Incorrect Permissions Vulnerability Allows Denial of Service AlayaCare's Procura Portal 9.0.1.2 Vulnerability: Authentication Cookie Forgery Stored Cross-Site Scripting Vulnerability in WP Review Slider WordPress Plugin Hitachi Tuning Manager on Windows Incorrect Default Permissions Vulnerability Client-side Path Traversal Vulnerability in Mattermost Webapp Exposure of ChannelIDs in Mattermost's /metrics Endpoint Potential Logging of Firestore Key Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in minipaint prior to 4.14.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester User Registration and Login System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester User Registration and Login System 1.0 Critical SQL Injection Vulnerability in SourceCodester User Registration and Login System 1.0 (VDB-246614) Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Thecosy IceCMS 2.0.1 Improper Enforcement of Unique Action in Thecosy IceCMS 2.0.1 Cross-Site Scripting (XSS) Vulnerability in PHPEMS 7.0 Content Section Handler Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Quiz System 1.0 Cross-Site Request Forgery (CSRF) Vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 CRI-O Experimental Annotation Vulnerability: Unconfined Containers and Denial of Service Privilege Escalation Vulnerability in GitLab EE Integer Overflow Vulnerability in xorg-server Logback Receiver Serialization Denial-of-Service Vulnerability Vulnerability: Unauthorized Enrollment of Fingerprint in Synaptics Fingerprint Driver Improper Authentication Vulnerability in ADiTaaS Backend API Allows Remote Attackers to Compromise Platform CVE-2023-6484 Stored Cross-Site Scripting Vulnerability in Html5 Video Player WordPress Plugin CVE-2023-6486 Stored Cross-Site Scripting Vulnerability in WP Shortcodes Plugin — Shortcodes Ultimate CVE-2023-6489 Cross-Site Request Forgery Vulnerability in Depicter Slider WordPress Plugin CVE-2023-6494 Unauthenticated Access to Manage Notification E-mails Plugin Settings Stored Cross-Site Scripting Vulnerability in WordPress Simple Shopping Cart Plugin Stored Cross-Site Scripting Vulnerability in Complianz – GDPR/CCPA Cookie Consent Plugin for WordPress Vulnerability: Stored XSS via CSRF Attack in lasTunes WordPress Plugin CVE-2023-6500 CSRF Vulnerability in Splashscreen WordPress Plugin CSRF Vulnerability in WP Plugin Lister WordPress Plugin Unauthenticated Access to Sensitive User Metadata in User Profile Builder WordPress Plugin Directory Listing Vulnerability in Migrate WordPress Website & Backups WordPress Plugin Insecure Direct Object Reference vulnerability in WP 2FA WordPress Plugin Privilege Escalation Vulnerability in CPython 3.12.0 subprocess Module on POSIX Platforms Use After Free Vulnerability in Media Stream in Google Chrome Use After Free Vulnerability in Google Chrome Side Panel Search Use after free vulnerability in Media Capture in Google Chrome prior to 120.0.6099.62 Bypassing Autofill Restrictions in Google Chrome Spoofing Vulnerability in Google Chrome's Web Browser UI Identity Authentication Bypass Vulnerability in Huawei Smart Screen Bluetooth Module User-Controlled Key Authorization Bypass Vulnerability in M?A-MED Vulnerability: Infinite Queue Growth in BIND 9 Recursive Resolver Sensitive Information Exposure in M?A-MED: Incompatible Policies Vulnerability Insecure Password Storage Vulnerability in M?A-MED: before 1.0.7 Data Leakage Vulnerability in Mia Technology Inc. M?A-MED: before 1.0.7 WP 2FA Plugin for WordPress Vulnerable to Cross-Site Request Forgery (CSRF) in Versions up to 2.5.0 CVE-2023-6522 CVE-2023-6523 Stored Cross-Site Scripting Vulnerability in MapPress Maps for WordPress Plugin CVE-2023-6525 Stored Cross-Site Scripting Vulnerability in Meta Box – WordPress Custom Fields Framework Plugin Reflected Cross-Site Scripting Vulnerability in Email Subscription Popup Plugin for WordPress Unrestricted Unserialization in Slider Revolution WordPress Plugin: Remote Code Execution Vulnerability Unauthenticated Downgrade Vulnerability in WP VR WordPress Plugin Stored Cross-Site Scripting Vulnerability in TJ Shortcodes WordPress Plugin Race Condition in Linux Kernel's Unix Garbage Collector Leads to Use-After-Free Vulnerability CSRF Vulnerability in WP Blogs' Planetarium WordPress Plugin Device Reset Locally Command Class Vulnerability TCP Sequence Number Validation Vulnerability in FreeBSD Firewall (CVE-2021-12345) Linux Kernel NVMe Driver NULL Pointer Dereference Vulnerability Linux Kernel NVMe Driver NULL Pointer Dereference Vulnerability Unintended Information Disclosure Vulnerability in SMU Versions Prior to 14.8.7825.01 Lenovo Browser Mobile and Lenovo Browser HD Apps for Android Vulnerability: Sensitive Information Disclosure Arbitrary URL Navigation Vulnerability in Emarsys SDK for Android CVE-2023-6544 Open Redirect Vulnerability in authelia-bhf Package in Beckhoff's TwinCAT/BSD Race Condition in GSM 0710 TTY Multiplexor in Linux Kernel Allows Privilege Escalation Team Membership Validation Failure in Mattermost Playbooks Authenticated Remote Code Execution in NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability in NetScaler ADC and NetScaler Gateway Stored XSS Vulnerability in class.upload.php Open Redirect Vulnerability in Language Change Action Remote Code Execution Vulnerability in Backup Migration Plugin for WordPress Unprotected admin Folder Allows Unauthorized Access to Exam Answers Reflected Cross-Site Scripting Vulnerability in Email Subscription Popup WordPress Plugin Stored Cross-Site Scripting Vulnerability in FOX – Currency Switcher Professional for WooCommerce Plugin Sensitive Information Exposure in The Events Calendar WordPress Plugin Arbitrary File Upload Vulnerability in Export and Import Users and Customers Plugin for WordPress Arbitrary File Deletion Vulnerability in MW WP Form Plugin for WordPress Linux Kernel io_uring SQ/CQ Rings Out-of-Bounds Memory Access Vulnerability Stored Cross-Site Scripting Vulnerability in Featured Image from URL (FIFU) Plugin for WordPress JPX Fragment List (flst) Box File Exfiltration Vulnerability Unconstrained Memory Consumption Vulnerability in Keycloak Subgroup Members with Developer Role Able to Bypass Protected Branches in GitLab EE Premium and Ultimate CVE-2023-6565 Critical Business Logic Errors in Microweber Repository: Version 2.0 and Earlier Time-Based SQL Injection Vulnerability in LearnPress Plugin for WordPress Reflected Cross-site Scripting (XSS) Vulnerability in mlflow/mlflow prior to 2.9.0 Arbitrary File Name or Path Manipulation in h2oai/h2o-3 Exploiting Server-Side Request Forgery (SSRF) in kubeflow/kubeflow Reflected Cross-site Scripting (XSS) Vulnerability in kubeflow/kubeflow Command Injection Vulnerability in GitHub Repository gradio-app/gradio Critical Vulnerability: Missing Passphrase in HPE OneView Restore Process Unrestricted File Upload Vulnerability in Beijing Baichuo Smart S20 up to 20231120 Critical SQL Injection Vulnerability in Beijing Baichuo S210 (CVE-2023-11121) Critical Unrestricted Upload Vulnerability in Beijing Baichuo S210 (CVE-2023-11123) Path Traversal Vulnerability in Beijing Baichuo PatrolFlow 2530Pro (CVE-2023-11126) Improper Access Controls in Software AG WebMethods 10.11.x/10.15.x Critical SQL Injection Vulnerability in osCommerce 4's POST Parameter Handler Critical Remote Code Execution Vulnerability in D-Link DIR-846 FW100A53DBR Critical SQL Injection Vulnerability in D-Link DAR-7000 (VDB-247162) Sensitive Information Exposure in ElementsKit Elementor Addons Plugin for WordPress Directory Traversal Vulnerability in Import and Export Users and Customers Plugin for WordPress CVE-2023-6584 CVE-2023-6585 Offline Mode Bypass Vulnerability in Devolutions Server Data Source Cross-Site Scripting Vulnerability in Popup Box WordPress Plugin Directory Listing Vulnerability in FastDup WordPress Plugin Client Side Permission Bypass in Devolutions Remote Desktop Manager: Unrestricted SQL Execution Vulnerability Stored Cross-Site Scripting Vulnerability in WordPress Button Plugin MaxButtons Unauthenticated Enumeration of Ancillary Credentials in WhatsUp Gold CVE-2023-6596 CVE-2023-6597 Unauthenticated Modification of Data in SpeedyCache WordPress Plugin Lack of Standardized Error Handling in Microweber GitHub Repository Prior to 2.0 Unauthenticated Modification and XSS Vulnerability in OMGF | GDPR/DSGVO Compliant, Faster Google Fonts Plugin for WordPress (up to version 5.7.9) Linux Kernel Local Denial of Service and Information Leak Vulnerability in smbCalcSize Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.10 (VDB-247243) Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-247244) Cross-Site Scripting (XSS) Vulnerability in osCommerce 4 (VDB-247245) Linux Kernel Local Denial of Service and Information Leak Vulnerability in smb2_dump_detail Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-247246) Critical OS Command Injection Vulnerability in Totolink X5000R 9.1.0cu.2300_B20230112 Cross-Site Scripting (XSS) Vulnerability in Typecho 1.2.1 Logo Handler Remote Code Execution Vulnerability in Typecho 1.2.1 Information Disclosure Vulnerability in Typecho 1.2.1 via /admin/manage-users.php (VDB-247250) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Student Attendance System 1.0 (CVE-2021-XXXX) SQL Injection Vulnerability in SourceCodester Simple Student Attendance System 1.0 (CVE-2021-247254) File Inclusion Vulnerability in SourceCodester Simple Student Attendance System 1.0 (VDB-247255) SQL Injection Vulnerability in SourceCodester Simple Student Attendance System 1.0 SQL Injection Vulnerability in POST SMTP Mailer WordPress Plugin Reflected Cross-Site Scripting Vulnerability in POST SMTP WordPress Plugin Null Pointer Dereference Vulnerability in nft_dynset_init() in nf_tables Local File Inclusion vulnerability in Essential Blocks WordPress Plugin before 4.4.3 Stored Cross-Site Scripting Vulnerability in Import and Export Users and Customers Plugin for WordPress CSRF Vulnerability in Product Enquiry for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product Enquiry for WooCommerce WordPress Plugin Unprotected REST API Routes in WP Go Maps Plugin Allow for Malicious HTML/Javascript Injection Reflected Cross-Site Scripting Vulnerability in POST SMTP Mailer Plugin for WordPress Insecure Direct Object Reference vulnerability in Contact Form 7 – Dynamic Text Extension plugin for WordPress Arbitrary Code Injection and Privilege Escalation Vulnerability in PowerSYSTEM Center versions 2020 Update 16 and prior Reflected Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin CSRF Vulnerability in Site Notes WordPress Plugin Command Injection Vulnerability in LearnPress WordPress Plugin Arbitrary File Upload Vulnerability in EditorsKit WordPress Plugin (Versions up to 1.40.3) Arbitrary File Upload Vulnerability in Greenshift WordPress Plugin (Versions up to 7.6.2) Unauthenticated Modification of Data Vulnerability in CAOS | Host Google Analytics Locally WordPress Plugin Unauthenticated Modification of Data Vulnerability in GTG Product Feed for Shopping WordPress Plugin S2 Nonce Get Command Class Packet Crash Vulnerability Stored Cross-Site Scripting Vulnerability in Post Grid Combo – 36+ Gutenberg Blocks Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in linkding 1.23.0 Critical SQL Injection Vulnerability in AMTT HiBOS 1.0 (VDB-247340) Critical SQL Injection Vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Teacher Subject Allocation Management System 1.0 (VDB-247342) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Invoice Generator System 1.0 (CVE-2021-247343) Critical SQL Injection Vulnerability in Matrimonial Site 1.0 Critical SQL Injection Vulnerability in Matrimonial Site 1.0's Register Function (VDB-247345) Cross-Site Request Forgery (CSRF) Vulnerability in PHPGurukul Teacher Subject Allocation Management System 1.0 Critical Remote Code Execution Vulnerability in PHPEMS Session Data Handler (VDB-247357) Critical SQL Injection Vulnerability in Hongjing e-HR 2020 Login Interface (VDB-247358) Critical Deserialization Vulnerability in DeepFaceLab Pretrained DF.wf.288res.384.92.72.22. Affects Unsupported Versions. Critical SQL Injection Vulnerability in SourceCodester Simple Student Attendance System 1.0 (VDB-247365) Critical SQL Injection Vulnerability in SourceCodester Simple Student Attendance System 1.0 (VDB-247366) Critical SQL Injection Vulnerability in Campcodes Web-Based Student Clearance System 1.0 (VDB-247367) NFS Client Data Leakage and Corruption Vulnerability CSRF Vulnerability in OJS: Exploiting Unwanted Actions through Cross-Site Request Forgery Stored Cross-site Scripting (XSS) Vulnerability in National Keep Cyber Security Services CyberMath Reflected XSS Vulnerability in National Keep Cyber Security Services CyberMath Unrestricted File Upload Vulnerability in CyberMath v.1.4 to v.1.5 CSRF Vulnerability in National Keep Cyber Security Services CyberMath SQL Injection vulnerability in Oduyo Financial Technology Online Collection (before v.1.0.2) CVE-2023-6678 Null Pointer Dereference Vulnerability in dpll_pin_parent_pin_set() in Linux Kernel Smartcard Authentication Bypass Vulnerability in GitLab EE JWCrypto Vulnerability: Denial of Service and Resource-Intensive Attacks QEMU VNC Server ClientCutText Message Processing Vulnerability Stored Cross-Site Scripting Vulnerability in Ibtana – WordPress Website Builder Plugin Elastic Agent Log Disclosure Vulnerability CSRF Vulnerability: Compromising Web Applications through State Changing Requests Race Condition Vulnerability in GitHub Enterprise Server Allows Admin to Maintain Permissions on Transferred Repositories Remote Code Execution Vulnerability in Cambium ePMP Force 300-25 Version 4.7.0.1 Stack-based Buffer Overflow in virtio-net Device of QEMU CVE-2023-6694 CVE-2023-6695 Reflected Cross-Site Scripting Vulnerability in WP Go Maps Plugin for WordPress Directory Traversal Vulnerability in WP Compress – Image Optimizer [All-In-One] Plugin for WordPress Arbitrary Option Updates Vulnerability in Cookie Information Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Advanced Custom Fields (ACF) Plugin for WordPress Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit Use After Free Vulnerability in Blink in Google Chrome Heap Corruption Vulnerability in libavif in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in FedCM in Google Chrome CSS Use After Free Vulnerability in Google Chrome Template Injection Vulnerability in mlflow/mlflow prior to 2.9.2 Stored Cross-Site Scripting (XSS) Vulnerability in Apache mod_proxy_cluster Buffer Overflow Vulnerability in SCI and HCI IEC 60870-5-104 Components of RTU500 Series CVE-2023-6717 Authentication Bypass Vulnerability in Repox Allows Unauthorized User Alteration or Creation Repox XSS Vulnerability: Exploiting User Interactions and Session Hijacking Stored XSS Vulnerability in Repox Remote XEE Vulnerability in Repox Fileupload Function Repox Path Traversal Vulnerability: Unauthorized Access to Sensitive Files Unrestricted File Upload Vulnerability in Repbox: Full System Compromise User-Controlled Key Authorization Bypass Vulnerability in Hearing Tracking System CVE-2023-6725 Insecure Authorization Checks in Mattermost Playbook Actions Deserialization of Untrusted Data in huggingface/transformers GitHub Repository (CVE-2021-41118) CVE-2023-6731 Cross-Site Scripting Vulnerability in Ultimate Maps by Supsystic WordPress Plugin Sensitive Information Exposure in WP-Members Membership Plugin Privilege Escalation in Checkmk mk_tsm Agent Plugin Client-side Denial of Service Vulnerability in GitLab EE Reflected Cross-Site Scripting in Enable Media Replace WordPress Plugin Stored Cross-Site Scripting Vulnerability in Pagelayer WordPress Plugin (Versions up to 1.7.8) Jar_Signature Agent Plugin Privilege Escalation in Checkmk User Account Address Editing Vulnerability in WP Customer Area WordPress Plugin Vulnerability: Unauthorized Modification of Galleries in Envira Photo Gallery Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Divi WordPress Theme Sensitive Information Insertion Vulnerability in GitHub Enterprise Server Log Files Stored Cross-Site Scripting Vulnerability in FooGallery WordPress Plugin (Versions up to 2.3.3) Potential Shell Command Injection Vulnerability Insecure Storage of Backup Information in Clone WordPress Plugin Unauthenticated Attackers Can Manipulate Hostinger WordPress Plugin Settings GitHub Repository Path Traversal Vulnerability in mlflow/mlflow (prior to 2.9.2) Critical SQL Injection Vulnerability in DedeBIZ 6.2 (VDB-247883) Excessive Authentication Attempts Vulnerability in Thecosy IceCMS 2.0.1 Information Disclosure Vulnerability in Thecosy IceCMS 2.0.1 Critical Access Control Vulnerability in Thecosy IceCMS 2.0.1 Improper Enforcement of Unique Action in Thecosy IceCMS 2.0.1 Critical Remote Code Execution Vulnerability in Thecosy IceCMS up to 2.0.1 (VDB-247888) Improper Access Controls in Thecosy IceCMS up to 2.0.1 Critical Remote Code Execution Vulnerability in Thecosy IceCMS 2.0.1 Remote Code Execution Vulnerability in Zyxel ATP, USG FLEX, and USG20(W)-VPN Series Firmware Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-247895) Cross-Site Request Forgery (CSRF) Vulnerability in PHPGurukul Teacher Subject Allocation Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Wedding Guest e-Book 1.0 Unauthenticated Access to Admin Panel in Amazing Little Poll Versions 1.3 and 1.4 Stored XSS vulnerability in Amazing Little Poll versions 1.3 and 1.4: Remote code execution via lp_admin.php parameters. Critical SQL Injection Vulnerability in SourceCodester Simple Student Attendance System 1.0 (VDB-247907) Critical SQL Injection Vulnerability in OTCMS 7.01 (VDB-247908) Improper Access Controls in CodeAstro POS and Inventory Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in CodeAstro POS and Inventory Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in CodeAstro POS and Inventory Management System 1.0 Stored Cross-Site Scripting Vulnerability in 3D FlipBook WordPress Plugin (Versions up to 1.15.2) CVE-2023-6777 Stored Cross-site Scripting (XSS) Vulnerability in allegroai/clearml-server prior to 1.13.0 Off-by-one Heap-Based Buffer Overflow in glibc's __vsyslog_internal Function Integer Overflow in glibc's __vsyslog_internal Function Stored Cross-Site Scripting Vulnerability in Orbit Fox by ThemeIsle WordPress Plugin Stored Cross-Site Scripting Vulnerability in AMP for WP Plugin Sitefinity Vulnerability: Phishing Email Distribution Exploit CVE-2023-6785 CVE-2023-6787 Cross-Site Request Forgery (CSRF) vulnerability in Metform Elementor Contact Form Builder WordPress plugin (up to version 3.8.1) allows unauthorized modification of Hubspot account connections Palo Alto Networks PAN-OS Software XSS Vulnerability Allows for Impersonation Attacks DOM-Based Cross-Site Scripting (XSS) Vulnerability in Palo Alto Networks PAN-OS Software Vulnerability in Palo Alto Networks PAN-OS Software Allows Disclosure of Stored External System Integration Credentials Palo Alto Networks PAN-OS XML API OS Command Injection Vulnerability Vulnerability: Unauthorized Revocation of XML API Keys in Palo Alto Networks PAN-OS Software Arbitrary File Upload Vulnerability in Palo Alto Networks PAN-OS Software Palo Alto Networks PAN-OS Software: Authenticated OS Command Injection Vulnerability Vulnerability: Unauthorized Settings Update in RSS Aggregator Plugin for WordPress CVE-2023-6799 Stored Cross-Site Scripting Vulnerability in Feedzy WordPress Plugin Log File Injection Vulnerability in GitHub Enterprise Server Race Condition Vulnerability in GitHub Enterprise Server Arbitrary Workflow Execution via Improper Privilege Management in GitHub Enterprise Server CVE-2023-6805 CVE-2023-6806 Stored Cross-Site Scripting Vulnerability in GeneratePress Premium Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Amelia WordPress Plugin CVE-2023-6809 CVE-2023-6810 CVE-2023-6811 CVE-2023-6814 Privilege Escalation Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Heap Overflow Vulnerability in X.Org Server Due to Insufficient Space Allocation for Mapped Buttons Use-after-free vulnerability in nf_tables component of Linux kernel's netfilter CVE-2023-6821 User Account Address Disclosure Vulnerability in WP Customer Area WordPress Plugin CVE-2023-6825 Arbitrary File Upload Vulnerability in E2Pdf WordPress Plugin (Versions up to 1.20.25) Arbitrary File Upload Vulnerability in Essential Real Estate Plugin for WordPress Stored Cross-Site Scripting Vulnerability in ARForms Form Builder Plugin for WordPress HTML Injection Vulnerability in Formidable Forms Plugin for WordPress (Versions up to 6.7) Path Traversal Vulnerability in mlflow/mlflow prior to 2.9.2 Business Logic Errors in GitHub Repository Microweber/Microweber Prior to 2.0: Exploiting Flawed Logic for Unauthorized Access and Manipulation CVE-2023-6833 Vulnerability: Server-side Input Validation Vulnerability in WSO2 Forum Feature XML External Entity (XXE) Vulnerability Identified in Multiple WSO2 Products User Impersonation Vulnerability in WSO2 Products through JIT Provisioning Reflected XSS Vulnerability in Authentication Endpoint Allows Request Parameter Tampering Improper Error Handling in REST API Exposes Internal WSO2 Package Name Vulnerability: Bypassing Security Policy for Protected Branch Name Change in GitLab EE Stored Cross-Site Scripting Vulnerability in Formidable Forms Plugin for WordPress Insecure AJAX Actions in easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress Plugin CSRF Vulnerability in CommentTweets WordPress Plugin Arbitrary File Upload Vulnerability in File Manager Pro WordPress Plugin GitHub Enterprise Server Improper Authentication Bypass in Private Mode Vulnerability Critical Command Injection Vulnerability in kalcaddle kodbox up to 1.48 (VDB-248209) Critical Server-Side Request Forgery Vulnerability in kalcaddle kodbox up to 1.48 (VDB-248210) Unrestricted Upload Vulnerability in kalcaddle KodExplorer up to 4.51.03 Critical Code Injection Vulnerability in kalcaddle KodExplorer up to 4.51.03 Critical Server-Side Request Forgery Vulnerability in kalcaddle KodExplorer up to 4.51.03 (VDB-248220) Critical Server-Side Request Forgery Vulnerability in kalcaddle KodExplorer up to 4.51.03 (VDB-248221) CVE-2023-6854 Vulnerability: Unauthorized Modification of Membership Levels in Paid Memberships Pro Plugin Heap Buffer Overflow in WebGL's DrawElementsInstanced Method with Mesa VM Driver Symlink Resolution Race Condition Vulnerability in Firefox ESR, Thunderbird, and Firefox Heap Buffer Overflow in nsTextFragment: Insufficient OOM Handling in Firefox ESR, Thunderbird, and Firefox Memory Pressure-Induced Use-After-Free Vulnerability in Firefox ESR, Thunderbird, and Firefox Remote Decoder Texture Abuse Vulnerability Heap Buffer Overflow in nsWindow::PickerOpen(void) Method Use-after-free vulnerability in nsDNSService::Init in Firefox ESR and Thunderbird before 115.6 Potential Undefined Behavior in ShutdownObserver() Critical Memory Safety Vulnerability in Firefox, Firefox ESR, and Thunderbird Uninitialized Data Exposure in EncryptingOutputStream: Implications for Private Browsing TypedArray Exception Handling Vulnerability in Firefox < 121 Timing-based Clickjacking Vulnerability in Firefox ESR and Firefox Unauthenticated Empty Message Sending Vulnerability in Firefox for Android Sandbox Escape Vulnerability in Firefox < 121 Vulnerability: Obscured Fullscreen Notifications in Android Firefox Firefox Protocol Handler Navigation Vulnerability Privacy Breach: GNOME Leaking Browser Tab Titles to System Logs Memory Corruption Vulnerability in Firefox < 121: Potential Arbitrary Code Execution Ember ZNet v7.4.0 Denial of Service Vulnerability through NWK Sequence Number Manipulation Vulnerability: Unauthorized Access and Data Modification in POST SMTP Mailer Plugin CVE-2023-6877 Vulnerability: Unauthorized Data Modification in Slick Social Share Buttons Plugin Heap Overflow Vulnerability in av1_loop_restoration_dealloc() CVE-2023-6880 CVE-2023-6881 Reflected Cross-Site Scripting Vulnerability in Simple Membership WordPress Plugin Unauthenticated Modification Vulnerability in Easy Social Feed WordPress Plugin Stored Cross-Site Scripting Vulnerability in WordPress Plugin Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.10 (VDB-248245) Critical Code Injection Vulnerability in xnx3 wangmarket 6.1 (VDB-248246) Unrestricted File Upload Vulnerability in saysky ForestBlog Critical Stack-Based Buffer Overflow Vulnerability in PHZ76 RtspServer 1.0.0 (CVE-2021-248248) Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.17 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.17 Uncontrolled Search Path Vulnerability in PeaZip 9.4.0 CVE-2023-6892 Path Traversal Vulnerability in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) Information Disclosure Vulnerability in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) Critical OS Command Injection Vulnerability in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) (VDB-248254) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Image Stack Website 1.0 (VDB-248255) CVE-2023-6897 Critical SQL Injection Vulnerability in SourceCodester Best Courier Management System 1.0 (VDB-248256) Code Injection Vulnerability in rmountjoy92 DashMachine 0.5-4 Critical Path Traversal Vulnerability in rmountjoy92 DashMachine 0.5-4 (VDB-248258) Critical OS Command Injection Vulnerability in codelyfe Stupid Simple CMS up to 1.2.3 (VDB-248259) Unrestricted File Upload Vulnerability in codelyfe Stupid Simple CMS (CVE-2021-248260) Critical SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway 6.3.1 Cross-Site Request Forgery Vulnerability in Jahastech NxFilter 4.3.2.5 Remote LDAP Injection Vulnerability in Jahastech NxFilter 4.3.2.5 Critical Buffer Overflow Vulnerability in Totolink A7100RU 7.4cu.2313_B20191024 Critical Authentication Bypass Vulnerability in codelyfe Stupid Simple CMS (CVE-2021-248269) Path Traversal Vulnerability in DFIRKuiper Kuiper 2.3.4 TAR Archive Handler GitHub Repository Path Traversal Vulnerability in mlflow/mlflow (prior to 2.9.2) Uncontrolled Resource Consumption Vulnerability in M-Files Server Stored Cross Site Scripting (XSS) Vulnerability in WSO2 Management Console's Registry Feature Unlimited Authentication Attempts Vulnerability in M-Files Server (before 23.12.13205.0) Session Hijacking Vulnerability in Imou Life Application (Version 6.7.0) Allows Account Hijacking via QR Code Scanning Null Pointer Dereference Vulnerability in ida_free Function in Linux Kernel CVE-2023-6916 CVE-2023-6917 Vulnerability in libssh Crypto Backend Implementation Absolute Path Traversal Vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard Blind SQL Injection Vulnerability in PrestaShow Google Integrator: Data Extraction and Modification via Cookie Command Insertion CVE-2023-6922 CVE-2023-6923 Stored Cross-Site Scripting Vulnerability in Photo Gallery by 10Web Plugin for WordPress Arbitrary File Upload Vulnerability in Unlimited Addons for WPBakery Page Builder Plugin OS Command Injection Vulnerability in Crestron AM-300 Firmware Version 1.4499.00018 Vulnerability: Authorization Code and Token Theft in Keycloak via JARM Response Mode Wildcard Unlimited Remote Password Guessing Vulnerability in EuroTel ETL3100 v01c01 and v01x37 Insecure Direct Object References in EuroTel ETL3100 v01c01 and v01x37 Unauthenticated Configuration and Log Download Vulnerability in EuroTel ETL3100 Heap Out-of-Bounds Write Vulnerability in Linux Kernel's Performance Events System Component Use-after-free vulnerability in Linux kernel's ipv4: igmp component allows local privilege escalation Vulnerability: PHP Object Injection in Better Search Replace WordPress Plugin Stored Cross-Site Scripting Vulnerability in Limit Login Attempts Reloaded Plugin for WordPress Vulnerability: Marvin Attack on wolfSSL SP Math All RSA Implementation Heap Buffer Over-read in wolfSSL Prior to 5.6.6 with Enabled Callback Functions Vulnerability: Message Spanning Key Boundaries in wolfSSL Stored Cross-Site Scripting Vulnerability in Oxygen Builder Plugin for WordPress Type Confusion Vulnerability in Honor Products: Potential Denial of Service Exploitation Critical Command Execution Vulnerability Exploitable via Malicious Config Download Stored Cross-Site Scripting Vulnerability in Keap Official Opt-in Forms WordPress Plugin Authentication Bypass Vulnerability in Mitsubishi Electric Corporation Products Remote Code Execution via Unsafe Reflection in Mitsubishi Electric Corporation Products GitLab Access Token Leakage in Red Hat Developer Hub (RHDH) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Student Management System 1.0 (CVE-2021-248377) CSRF Vulnerability in Autotitle for WordPress Plugin CVE-2023-6948 CVE-2023-6949 CVE-2023-6950 CVE-2023-6951 Stored Cross-Site Scripting Vulnerability in PDF Generator For Fluent Forms Plugin CVE-2023-6954 Improper Access Control in GitLab Remote Development Allows Workspace Manipulation Across Groups CVE-2023-6957 Stored Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin for WordPress Unauthenticated Modification of Data in Getwid – Gutenberg Blocks Plugin for WordPress CVE-2023-6960 CVE-2023-6961 CVE-2023-6962 CAPTCHA Bypass Vulnerability in Getwid – Gutenberg Blocks Plugin for WordPress CVE-2023-6964 CVE-2023-6965 CVE-2023-6967 CVE-2023-6969 Reflected Cross-Site Scripting Vulnerability in WP Recipe Maker Plugin Remote File Inclusion Vulnerability in Backup Migration Plugin for WordPress Path Traversal Vulnerability in Backup Migration Plugin for WordPress Allows Arbitrary File Deletion and Site Takeover Remote Code Execution Vulnerability in Internal HTTP(s) Servers Command Execution Vulnerability Allows Unauthorized Access to Data and Models Arbitrary File Write Vulnerability Server File Disclosure Vulnerability Arbitrary File Upload Vulnerability in Customer Reviews for WooCommerce Plugin Cross-Site Request Forgery (CSRF) Vulnerability in WP SMS Plugin SQL Injection Vulnerability in WP SMS Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Display Custom Fields Plugin for WordPress Insecure Direct Object Reference vulnerability in Display custom fields plugin for WordPress Cross-Site Request Forgery Vulnerability in PowerPack Addons for Elementor Plugin Unauthenticated Plugin Installation Vulnerability in 10Web AI Assistant Plugin for WordPress Stored Cross-Site Scripting Vulnerability in EmbedPress Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Colibri Page Builder Plugin for WordPress Local File Inclusion Vulnerability in Shield Security WordPress Plugin Stored Cross-Site Scripting Vulnerability in Weaver Xtreme WordPress Theme Unvalidated Parameter in JSM file_get_contents() Shortcode Plugin Allows SSRF Attacks Heap-based Buffer Overflow in Cloudflare's Zlib Library CVE-2023-6993 Stored Cross-Site Scripting Vulnerability in List Category Posts Plugin for WordPress Code Injection Vulnerability in Display Custom Fields Plugin for WordPress Application Lockscreen Bypass Vulnerability in eWeLink CVE-2023-6999 OS Command Injection Vulnerability in Backup Migration Plugin for WordPress CVE-2023-7003 CVE-2023-7004 CVE-2023-7006 CVE-2023-7007 DNSSEC Bypass Vulnerability in systemd-resolved CVE-2023-7009 Sensitive Information Exposure in Molongui WordPress Plugin (Versions up to 4.7.4) via 'ma_debu' Parameter CVE-2023-7015 CVE-2023-7016 CVE-2023-7017 Deserialization of Untrusted Data in huggingface/transformers GitHub Repository (CVE-2021-41118) Vulnerability: Unauthorized Modification of Data in LightStart WordPress Plugin Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (CVE-2021-248567) Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-248568) Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-248570) Heap Buffer Overflow in WebRTC in Google Chrome Critical Local Access Control Vulnerability in KylinSoft hedron-domain-hook (CVE-2021-248578) Unrestricted File Upload Vulnerability in Lightxun IPTV Gateway up to 20231208 Stored Cross-Site Scripting Vulnerability in POST SMTP Mailer Plugin for WordPress User Account Password Reset Email Delivery Vulnerability in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in WordPress Button Plugin MaxButtons CVE-2023-7030 Insecure Direct Object Reference Vulnerabilities in Avaya Aura Experience Portal Manager CWE-502: Privilege Escalation via Deserialization Vulnerability CVE-2023-7033 Cross-Site Scripting (XSS) Vulnerability in Automad up to 1.10.9 Unrestricted File Upload Vulnerability in Automad up to 1.10.9 Critical Server-Side Request Forgery Vulnerability in Automad (CVE-2021-248686) Cross-Site Request Forgery (CSRF) Vulnerability in Automad up to 1.10.9 Critical Remote SQL Injection Vulnerability in Beijing Baichuo S210 (VDB-248688) Path Traversal Vulnerability in codelyfe Stupid Simple CMS up to 1.2.4 Critical Path Traversal Vulnerability in codelyfe Stupid Simple CMS up to 1.2.4 (VDB-248690) Null Pointer Dereference Vulnerability in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in Linux Kernel Unquoted Service Path Vulnerability in ESET Products Stored Cross-Site Scripting Vulnerability in Essential Addons for Elementor Plugin CVE-2023-7046 Remote Tools and Macros Vulnerability in Devolutions Remote Desktop Manager Cross-Site Request Forgery (CSRF) vulnerability in My Sticky Bar WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Online Notes Sharing System 1.0 Cross-Site Request Forgery (CSRF) Vulnerability in PHPGurukul Online Notes Sharing System 1.0 Cross-Site Request Forgery (CSRF) Vulnerability in PHPGurukul Online Notes Sharing System 1.0 Weak Password Requirements Vulnerability in PHPGurukul Online Notes Sharing System 1.0 Unrestricted Upload Vulnerability in PHPGurukul Online Notes Sharing System 1.0 Improper Access Control in PHPGurukul Online Notes Sharing System 1.0 Cross-Site Scripting (XSS) Vulnerability in Faculty Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Faculty Management System 1.0 Critical Path Traversal Vulnerability in SourceCodester Simple Student Attendance System 1.0 (VDB-248749) Cross-Site Scripting (XSS) Vulnerability in SourceCodester School Visitor Log e-Book 1.0 CVE-2023-7060 Stored Cross-Site Scripting Vulnerability in WPForms Pro Plugin for WordPress CVE-2023-7064 CVE-2023-7065 CVE-2023-7067 Unauthenticated Access to Sensitive Data in WooCommerce PDF Invoices Plugin Stored Cross-Site Scripting Vulnerability in Advanced iFrame Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Email Encoder Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates Plugin for WordPress CVE-2023-7072 CSRF Vulnerability in WP SOCIAL BOOKMARK MENU WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Point of Sales and Inventory Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in slawkens MyAAC up to 0.8.13 Remote Code Execution Vulnerability in Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) Arbitrary HTTP and WebSocket Request Injection in Miniflare Server Local File Disclosure Vulnerability in Wrangler's Dev Server Vulnerability: Arbitrary Code Execution in V8 Inspector for Workers Sandbox SQL Injection Vulnerability in POSTAHS?L Online Payment System Arbitrary File Upload and Remote Code Execution in Import any XML or CSV File to WordPress Plugin Vulnerability: Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) in Voting Record WordPress Plugin Stored XSS Vulnerability in Voting Record WordPress Plugin CVE-2023-7085 Unsanitized SVG Upload Vulnerability in Easy SVG Allow WordPress Plugin Privilege Mismanagement Vulnerability in Sudo due to ipa_hostname Handling Flaw Unrestricted Upload Vulnerability in Dreamer CMS 4.1.3 (VDB-248938) Cross-Site Request Forgery Vulnerability in Uniway UW-302VP 2.0 Critical Command Injection Vulnerability in KylinSoft kylin-system-updater (CVE-2021-248940) Netentsec NS-ASG Application Security Gateway 6.3 Remote Information Disclosure Vulnerability Critical Buffer Overflow Vulnerability in Totolink A7100RU 7.4cu.2313_B20191024 (VDB-248942) Critical SQL Injection Vulnerability in Faculty Management System 1.0 Critical SQL Injection Vulnerability in Water Billing System 1.0 Path Traversal Vulnerability in icret EasyImages 2.8.3 (Unsupported) Critical SQL Injection Vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 Critical SQL Injection Vulnerability in PHPGurukul Restaurant Table Booking System 1.0 Arbitrary Code Execution Vulnerability in Spreadsheet::ParseExcel 0.65 Parameter Injection Vulnerability in Barracuda ESG Appliance CVE-2023-7103 Critical Heap-Based Buffer Overflow Vulnerability in SQLite SQLite3 up to 3.43.0 (VDB-248999) CVE-2023-7105 CVE-2023-7106 CVE-2023-7107 CVE-2023-7108 CVE-2023-7109 CVE-2023-7110 Critical SQL Injection Vulnerability in code-projects Library Management System 2.0 (VDB-249006) Unsanitized Channel Mention Data Injection in Mattermost 8.1.6 and Earlier CSRF Vulnerability in Mattermost Version 2.10.0 and Earlier CVE-2023-7115 Critical Remote Command Injection Vulnerability in WeiYe-Jing datax-web 2.1.2 (VDB-249086) Critical SQL Injection Vulnerability in SourceCodester Medicine Tracking System 1.0 (VDB-249095) Cross-Site Scripting (XSS) Vulnerability in E-Commerce Site 1.0 (VDB-249096) CSRF Vulnerability in PeepSo WordPress Plugin Allows Unauthorized User Post Creation Critical SQL Injection Vulnerability in Automated Voting System 1.0 Critical SQL Injection Vulnerability in Automated Voting System 1.0's Login Component (VDB-249130) Critical SQL Injection Vulnerability in Voting System 1.0's Admin Login Critical SQL Injection Vulnerability in Voting System 1.0 Critical SQL Injection Vulnerability in College Notes Gallery 2.0 (VDB-249133) Critical SQL Injection Vulnerability in Intern Membership Management System 2.0 Cross-Site Scripting (XSS) Vulnerability in Intern Membership Management System 2.0 Cross-Site Scripting (XSS) Vulnerability in y_project RuoYi 4.7.8 Critical Path Traversal Vulnerability in SourceCodester Medicine Tracking System 1.0 (VDB-249137) Cross-Site Scripting (XSS) Vulnerability in Record Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Record Management System 1.0 Critical SQL Injection Vulnerability in Client Details System 1.0 Critical SQL Injection Vulnerability in code-projects Client Details System 1.0 SQL Injection Vulnerability in code-projects Client Details System 1.0 SQL Injection Vulnerability in code-projects Client Details System 1.0 SQL Injection Vulnerability in code-projects Client Details System 1.0 SQL Injection Vulnerability in code-projects Client Details System 1.0 Cross Site Scripting (XSS) Vulnerability in code-projects Client Details System 1.0 Critical SQL Injection Vulnerability in gopeak MasterLab up to 3.3.10 Critical SQL Injection Vulnerability in gopeak MasterLab up to 3.3.10 (VDB-249148) Critical SQL Injection Vulnerability in gopeak MasterLab up to 3.3.10 (VDB-249149) Unrestricted Upload Vulnerability in gopeak MasterLab up to 3.3.10 (VDB-249150) Code Injection Vulnerability in ShifuML Shifu 0.12.0 Cross-Site Scripting (XSS) Vulnerability in QR Code Generator 1.0 Unrestricted Upload Vulnerability in Campcodes Chic Beauty Salon 20230703 Reflected Cross-Site Scripting in Product Enquiry for WooCommerce WordPress Plugin Critical Use After Free Vulnerability in MicroPython 1.21.0/1.22.0-preview (VDB-249158) Reflected XSS Vulnerability in Macro-Bel Software Stored Cross-Site Scripting Vulnerability in Hubbub Lite WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Free and Open Source Inventory Management System 1.0 (VDB-249177) Critical SQL Injection Vulnerability in Campcodes Online College Library System 1.0 (VDB-249178) Critical SQL Injection Vulnerability in SourceCodester Free and Open Source Inventory Management System 1.0 (VDB-249179) Critical Heap-Based Buffer Overflow Vulnerability in MicroPython up to 1.21.0 (VDB-249180) Unrestricted Upload Vulnerability in gopeak MasterLab up to 3.3.10 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Engineers Online Portal 1.0 (CVE-2021-249182) Critical SQL Injection Vulnerability in Netentsec NS-ASG Application Security Gateway 6.3.1 D-Link D-View 8 v2.0.2.89 and Prior Probe Inventory Manipulation Vulnerability CVE-2023-7164 CVE-2023-7165 Cross-Site Scripting (XSS) Vulnerability in Novel-Plus up to 4.2.0 CVE-2023-7167 Snow Software Snow Inventory Agent on Windows Authentication Bypass and Signature Spoof Vulnerability Reflected Cross-Site Scripting Vulnerability in EventON-RSVP WordPress Plugin Cross Site Scripting (XSS) Vulnerability in Novel-Plus up to 4.2.0 Critical SQL Injection Vulnerability in PHPGurukul Hospital Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Hospital Management System 1.0 SQL Injection Vulnerability in Campcodes Online College Library System 1.0 Critical SQL Injection Vulnerability in Campcodes Online College Library System 1.0 Critical SQL Injection Vulnerability in Campcodes Online College Library System 1.0 Critical SQL Injection Vulnerability in Campcodes Online College Library System 1.0 (VDB-249365) Critical SQL Injection Vulnerability in Campcodes Online College Library System 1.0 (VDB-249366) Critical SQL Injection Vulnerability in Tongda OA 2017 up to 11.9 (VDB-249367) Unrestricted Upload Vulnerability in Muyun DedeBIZ up to 6.2.12 Critical SQL Injection Vulnerability in 7-card Fakabao (up to 1.0_build20230805) via shop/alipay_notify.php Critical SQL Injection Vulnerability in 7-card Fakabao (up to 1.0_build20230805) via shop/notify.php Critical SQL Injection Vulnerability in 7-card Fakabao (up to 1.0_build20230805) via shop/wxpay_notify.php Critical SQL Injection Vulnerability in 7-card Fakabao (Version 1.0_build20230805) Critical Stack-Based Buffer Overflow Vulnerability in Totolink N350RT 9.3.5u.6139_B20201216 (VDB-249389) Critical SQL Injection Vulnerability in Shipping 100 Fahuo100 up to 1.1 (CVE-2021-249390) Critical SQL Injection Vulnerability in S-CMS up to 2.0_build20220529-20231006 Critical SQL Injection Vulnerability in S-CMS up to 2.0_build20220529-20231006 Critical SQL Injection Vulnerability in S-CMS up to 2.0_build20220529-20231006 (VDB-249393) Memory Leak Vulnerability in ctnetlink_create_conntrack in Linux Kernel Critical Access Control Vulnerability in MTab Bookmark up to 1.2.6 Reflected Cross-Site Scripting Vulnerability in Meris WordPress Theme CVE-2023-7198 Unauthenticated Access to Draft and Private Posts in Relevanssi WordPress Plugin Reflected Cross-Site Scripting Vulnerability in EventON WordPress Plugin CVE-2023-7201 CVE-2023-7202 CVE-2023-7203 unauthorized access to sensitive data during cloning process Arbitrary Code Execution Vulnerability in Horner Automation Cscape CVE-2023-7207 Critical Buffer Overflow Vulnerability in Totolink X2000R_V2 2.0.0-B20230727.10434 (VDB-249742) Critical Denial of Service Vulnerability in Uniway Router up to 2.0 (VDB-249758) Critical Remote Authentication Bypass Vulnerability in OneNav (CVE-2021-249765) Critical Remote Code Execution Vulnerability in Uniway Router 2.0 Critical Unrestricted Upload Vulnerability in DeDeCMS up to 5.7.112 Critical Stack-Based Buffer Overflow Vulnerability in Totolink N350RT 9.3.5u.6139_B20201216 (VDB-249769) Critical Stack-Based Buffer Overflow in Totolink N350RT 9.3.5u.6139_B20201216 (VDB-249770) Cross-Site Scripting (XSS) Vulnerability in Chanzhaoyu chatgpt-web 2.11.1 (VDB-249779) Path Traversal Vulnerability in CPIO Utility Allows Remote Code Execution Critical Remote Stack-Based Buffer Overflow in Totolink N350RT 9.3.5u.6139_B202012 (VDB-249852) Critical Remote Stack-Based Buffer Overflow Vulnerability in Totolink N350RT 9.3.5u.6139_B202012 (CVE-2021-249853) Stack-Based Buffer Overflow in Totolink NR1800X 9.1.0u.6279_B20210910's loginAuth Function (VDB-249854) Critical Remote Buffer Overflow Vulnerability in Totolink T6 4.1.9cu.5241_B20210923 Critical Remote Buffer Overflow Vulnerability in Totolink X2000R 1.0.0-B20221212.1452 Improper Access Controls in Totolink T6 4.1.9cu.5241_B20210923 Local Code Execution Vulnerability in OpenVPN Connect for macOS Stored Cross-Site Scripting Vulnerability in MapPress Maps for WordPress Plugin Improper Ownership Management Vulnerability in meetyoucrop big-whale 1.1 Command Injection Vulnerability in SystemK NVR 504/508/516 Versions 2.3.5SK.30084998 and Prior CVE-2023-7232 Stored Cross-Site Scripting Vulnerability in GigPress WordPress Plugin OPCUAServerToolkit Log Message Vulnerability Insecure Access Control in OpenVPN GUI Installer CVE-2023-7236 Vulnerability: Weakly Encoded Credentials in Lantronix XPort Web Request Headers DICOM Study XSS Vulnerability CVE-2023-7240 CVE-2023-7241 CVE-2023-7242 CVE-2023-7243 CVE-2023-7244 Arbitrary Code Execution Vulnerability in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) CVE-2023-7246 CVE-2023-7247 CVE-2023-7248 CVE-2023-7250 CVE-2023-7251 CVE-2023-7252 CVE-2023-7253