Vulnerability Index: Year 2023

Cortex XDR Agent Information Exposure Vulnerability: Cleartext Disclosure of Admin Password Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent on Windows Devices File Disclosure Vulnerability in Palo Alto Networks Cortex XSOAR Server Software Local File Deletion Vulnerability in Palo Alto Networks PAN-OS Software Vulnerability in Palo Alto Networks PAN-OS Software Exposes Plaintext Secrets and Encrypted API Keys Race condition vulnerability in Palo Alto Networks GlobalProtect app allows local file deletion with elevated privileges Cross-Site Scripting (XSS) Vulnerability in Palo Alto Networks PAN-OS Software on Panorama Appliances Race condition vulnerability in Palo Alto Networks PAN-OS software allows authenticated administrators to export local files through the web interface Local Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect App on Windows Reflected XSS Vulnerability in Palo Alto Networks PAN-OS Captive Portal Feature Arbitrary Command Execution via TOBY-L2 Serial Interface Privilege Escalation via SAP_LocalAdmin Membership in SAP Host Agent (Windows) Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Application Server ABAP Keyword Documentation Ambiguous Format Information Disclosure Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform XSS Vulnerability in SAP BusinessObjects Business Intelligence Platform SAP BPC MS 10.0 - Version 810 SQL Injection Vulnerability Unauthenticated Access Control Vulnerability in SAP NetWeaver AS for Java - Version 7.50 Stored XSS Vulnerability in SAP BusinessObjects Business Intelligence Platform CMC Application SAP GRC (Process Control) Remote-Enabled Function Module Data Exposure Vulnerability Unauthorized Access to Sensitive Information in SAP BusinessObjects Business Intelligence Platform Unauthenticated Code Injection Vulnerability in SAP NetWeaver Remote Code Execution Vulnerability in SAP BusinessObjects Business Intelligence Analysis Edition for OLAP Sensitive Data Exposure in SAP Bank Account Management Application Cross-Site Scripting Vulnerability in SAP Solution Manager (BSP Application) Version 720 SAP Solution Manager (BSP Application) - Version 720 Link Manipulation Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Modbus TCP Server AOI Unauthorized Information Disclosure Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in linagora/twake GitHub Repository (prior to 2023.Q1.1200+) Remote Denial of Service Vulnerability in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B Use-After-Free Vulnerability in Linux Kernel's Nouveau Driver Allows Privilege Escalation Stored Cross-Site Scripting Vulnerability in PDF Viewer WordPress Plugin Stored Cross-Site Scripting Vulnerability in JetWidgets For Elementor WordPress Plugin Authentication Bypass Vulnerability in softbus_client_stub in OpenHarmony-v3.0.5 and Prior Versions Authentication Bypass Vulnerability in OpenHarmony-v3.0.5 and Prior Versions: SA Relay Attack SQL Injection Vulnerability in 10Web Map Builder for Google Maps WordPress Plugin Stored Cross-Site Scripting Vulnerability in Survey Maker – Best WordPress Survey Plugin Plugin CRLF Injection Vulnerability in Async HTTP Client Insufficient Session Expiration in IBM Security Guardium 11.5 Allows User Takeover Arbitrary Protocol Redirection Vulnerability in GitLab Pages Reflected Cross-Site Scripting Vulnerability in Custom Add User WordPress Plugin Cross-Site Attack Vulnerability in Quarkus Form Authentication Delayed IBPB Vulnerability in prctl syscall GitHub Repository File and Resource Naming Vulnerability in lirantal/daloradius Code Injection Vulnerability in lirantal/daloradius GitHub Repository Critical Out-of-bounds Read Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Stored XSS Vulnerability in GitLab Allows Arbitrary Actions on Behalf of Victims Critical Heap-based Buffer Overflow in vim/vim Repository (CVE-XXXX-XXXX) Unauthenticated Command Execution in SAUTER Controls Nova 200–220 Series Clear-text Transmission of Sensitive Information in SAUTER Controls Nova 200–220 Series Critical Out-of-bounds Write Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Insecure Handling of Sensitive Cookies in pyload/pyload Repository Title: HAProxy Uncontrolled Resource Consumption Vulnerability Allows Remote Crash UI Layer or Frame Restriction Vulnerability in pyload/pyload (prior to 0.5.0b3.dev33) Vulnerability: Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) in Tiempo.com WordPress Plugin Stored Cross-Site Scripting Vulnerability in Youzify WordPress Plugin Stored Cross-Site Scripting Vulnerability in Responsive Gallery Grid WordPress Plugin Stored Cross-Site Scripting Vulnerability in Judge.me Product Reviews for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in EAN for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in WordPress Shortcodes Plugin Stored Cross-Site Scripting Vulnerability in eVision Responsive Column Layout Shortcodes WordPress Plugin Stored Cross-Site Scripting Vulnerability in i2 Pros & Cons WordPress Plugin Stored Cross-Site Scripting Vulnerability in Companion Sitemap Generator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Timed Content WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in WPaudio MP3 Player WordPress Plugin Stored Cross-Site Scripting Vulnerability in ResponsiveVoice Text To Speech WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Tabs WordPress Plugin Stored Cross-Site Scripting Vulnerability in WC Vendors Marketplace WordPress Plugin Stored Cross-Site Scripting Vulnerability in Client Logo Carousel WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Social Widget WordPress Plugin Stored Cross-Site Scripting Vulnerability in Amazon JS WordPress Plugin Stored Cross-Site Scripting Vulnerability in Download Attachments WordPress Plugin Integer Overflow Vulnerability in Synology Router Manager (SRM) CGI Component Stored XSS Vulnerability in Resume Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in Customer Reviews for WooCommerce WordPress Plugin Arbitrary File Inclusion and Remote Code Execution Vulnerability in Customer Reviews for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in MonsterInsights WordPress Plugin Stored Cross-Site Scripting Vulnerability in ExactMetrics WordPress Plugin ArKUI Framework Subsystem Improper Input Validation Vulnerability Stored Cross-Site Scripting Vulnerability in Metform Elementor Contact Form Builder Plugin for WordPress Vulnerability: reCaptcha Bypass in Metform Elementor Contact Form Builder Plugin Cross-Site Request Forgery Vulnerability in JetWidgets for Elementor Plugin Stored Cross-Site Scripting Vulnerability in Swifty Page Manager Plugin for WordPress Cross-Site Request Forgery Vulnerability in Swifty Page Manager Plugin for WordPress Remote Code Execution Vulnerability in Proofpoint Enterprise Protection (PPS/POD) Webutils Remote Code Execution Vulnerability in Proofpoint Enterprise Protection (PPS/POD) Webservices Keycloak Client Credential Flow Token Revocation Vulnerability Command Injection Vulnerability in Okta Advanced Server Access Client Stored Cross-Site Scripting Vulnerability in UpQode Google Maps WordPress Plugin Stored Cross-Site Scripting Vulnerability in Page View Count WordPress Plugin Stored Cross-Site Scripting Vulnerability in Happyforms WordPress Plugin Stored Cross-Site Scripting Vulnerability in The Post Grid, Post Carousel, & List Category Posts WordPress Plugin SQL Injection Vulnerability in Simple URLs WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Simple URLs WordPress Plugin HTTP Host Header Tampering Vulnerability in Eclipse BIRT Privilege Escalation Vulnerability in Nessus Versions 8.10.1 - 8.15.8 and 10.0.0 - 10.4.1 Missing Authentication in LS ELECTRIC XBC-DN32U OS 01.80 Allows Arbitrary File Deletion Denial-of-Service Vulnerability in LS ELECTRIC XBC-DN32U Operating System Version 01.80 ZipSlip Vulnerability in Weintek EasyBuilder Pro Email Trust Vulnerability in Keycloak: Impersonation and Lockout Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.10.0 Netis Netcore Router Backup Handler Information Disclosure Vulnerability Cleartext Storage Vulnerability in Netis Netcore Router Backup Handler (VDB-217592) Unauthenticated Broadcast Vulnerability in Reminder Module Insecure Application Identity Verification in hwKitAssistant: Implications for MeeTime Availability Foreman Arbitrary Code Execution Vulnerability Stored Cross-site Scripting Vulnerability in Foreman's Comment Section Improper Permission Validation Allows Unauthorized Editing of Label Descriptions in GitLab Denial of Service Vulnerability in GitLab CE/EE: Resource Consumption via Malicious Test Report Artifacts Pre-Auth Denial of Service (DoS) Vulnerability in Linux Kernel NVMe Functionality Stack-Based Buffer Overflow in Delta Electronics DOPSoft Versions 4.00.16.22 and Prior Out-of-Bounds Write Vulnerability in Delta Electronics DOPSoft Software Cross-Site Scripting (XSS) Vulnerability in Control iD Gerencia Web 1.30 SMA1000 Firmware Version 12.4.2 Pre-Authentication Path Traversal Vulnerability Firmware_update Command Injection Vulnerability in Restricted Telnet Interface Use After Free Vulnerability in Google Chrome's Overview Mode on Chrome OS Heap Buffer Overflow in Google Chrome Network Service Spoofing Omnibox Contents via Fullscreen API in Google Chrome on Android Bypassing File Download Restrictions via Inappropriate iFrame Sandbox Implementation in Google Chrome Remote Code Execution via Insecure Permission Prompts in Google Chrome on Windows Bypassing Main Origin Permission Delegation in Google Chrome on Android Use After Free Vulnerability in Google Chrome's Cart Use After Free Vulnerability in Google Chrome's Cart Incorrect Security UI Execution Vulnerability in Fullscreen API in Google Chrome on Android Heap Buffer Overflow in Google Chrome Platform Apps on Chrome OS Heap Buffer Overflow in libphonenumber in Google Chrome Bypassing Download Restrictions in Google Chrome on Windows File System API Bypass Vulnerability in Google Chrome on Windows Cross-Origin Data Leakage Vulnerability in Google Chrome Uncontrolled Search Path Element Vulnerability in Synology DiskStation Manager (DSM) Backup Management Functionality Stored Cross-Site Scripting Vulnerability in Send PDF for Contact Form 7 WordPress Plugin Stored Cross-Site Scripting Vulnerability in Event Manager and Tickets Selling Plugin for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in Saan World Clock WordPress Plugin Stored Cross-Site Scripting Vulnerability in Naver Map WordPress Plugin Stored Cross-Site Scripting Vulnerability in Flexible Captcha WordPress Plugin Stored Cross-Site Scripting Vulnerability in Gallery Factory Lite WordPress Plugin Stored Cross-Site Scripting Vulnerability in WordPrezi WordPress Plugin Stored Cross-Site Scripting Vulnerability in Cloak Front End Email WordPress Plugin Stored Cross-Site Scripting Vulnerability in uTubeVideo Gallery WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Multi Store Locator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Vimeo Video Autoplay Automute WordPress Plugin Stored Cross-Site Scripting Vulnerability in GamiPress WordPress Plugin Open Redirect Vulnerability in GitLab CE/EE Versions Before 15.8.5, 15.9.4, 15.10.1 Arbitrary File Disclosure Vulnerability in AIOS WordPress Plugin Unescaped Log File Content Execution Vulnerability in AIOS WordPress Plugin Krill Vulnerability: Remote Crash via Direct Directory Query Arbitrary File Read and Remote Code Execution in Extensive VC Addons for WPBakery Page Builder WordPress Plugin Linux Kernel BPF Subsystem Deadlock Vulnerability Stored Cross-Site Scripting Vulnerability in CPO Companion WordPress Plugin Arbitrary Command Execution Vulnerability in OrangeScrum v2.0.11 Stored Cross-Site Scripting Vulnerability in Cost Calculator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product Slider for WooCommerce Plugin Stored Cross-Site Scripting Vulnerability in GetResponse for WordPress Plugin Stored Cross-Site Scripting Vulnerability in Olevmedia Shortcodes WordPress Plugin Stored Cross-Site Scripting Vulnerability in Zoho Forms WordPress Plugin Stored Cross-Site Scripting Vulnerability in Html5 Audio Player WordPress Plugin Stored Cross-Site Scripting Vulnerability in jQuery T(-) Countdown Widget WordPress Plugin Stored Cross-Site Scripting Vulnerability in Juicer WordPress Plugin Stored Cross-Site Scripting Vulnerability in Drag & Drop Sales Funnel Builder for WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP VR WordPress Plugin Stored Cross-Site Scripting Vulnerability in Responsive Clients Logo Gallery Plugin for WordPress Stored Cross-Site Scripting Vulnerability in RafflePress WordPress Plugin Stored Cross-Site Scripting Vulnerability in Social Like Box and Page WordPress Plugin Stored Cross-Site Scripting Vulnerability in Annual Archive WordPress Plugin Netfilter Subsystem Buffer Overflow Vulnerability in Linux Kernel NVIDIA GPU Display Driver for Linux Kernel Mode Layer Handler Vulnerability Memory Permissions Vulnerability in NVIDIA GPU Display Driver for Windows and Linux Critical Vulnerability in NVIDIA GPU Display Driver for Windows: Out-of-Bounds Write Exploit Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Linux Critical Vulnerability in NVIDIA GPU Display Driver for Windows and Linux: Denial of Service, Privilege Escalation, Information Disclosure, and Data Tampering Unsigned to Signed Conversion Vulnerability in NVIDIA GPU Display Driver for Linux Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Windows Out-of-Bounds Read Vulnerability in NVIDIA GPU Display Driver for Windows and Linux Out-of-Bounds Read Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver for Linux Kernel Mode Layer Handler Vulnerability NVIDIA GPU Display Driver for Linux: Kernel Mode NULL Pointer Dereference Vulnerability Out-of-Bounds Access Vulnerability in NVIDIA GPU Display Driver for Windows and Linux Privilege Escalation and Information Disclosure Vulnerability in NVIDIA GPU Display Driver for Windows Vulnerability in NVIDIA CUDA Toolkit SDK's cuobjdump Allows Limited Denial of Service and Information Disclosure Denial of Service Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver for Windows Kernel Mode Layer Information Leak Vulnerability Null-pointer dereference vulnerability in NVIDIA CUDA Toolkit SDK's cuobjdump NVIDIA vGPU Software Vulnerability: Denial of Service via NULL-Pointer Dereference NVIDIA GPU Display Driver for Linux Kernel Mode Layer Memory Buffer Vulnerability Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Windows and Linux Vulnerability in NVIDIA DGX-2 OFBD Allows for Code Execution and Privilege Escalation Critical Vulnerability in NVIDIA DGX-2 SBIOS Allows Code Execution and Information Disclosure Vulnerability in NVIDIA DGX A100 SBIOS Allows Arbitrary Memory Modification and Privilege Escalation Insufficient Granularity of Access Control in NVIDIA ConnectX NIC Firmware: Denial of Service Vulnerability Vulnerability in NVIDIA ConnectX NIC Firmware Allows Denial of Service Attacks Insufficient Granularity of Access Control in NVIDIA ConnectX NIC Firmware: Denial of Service Vulnerability Vulnerability in NVIDIA DGX A100 SBIOS Allows Arbitrary Memory Modification and Privilege Escalation Vulnerability: NVIDIA DGX-2 SBIOS ServerSetup NVRAM Variable Modification Heap-based Buffer Overflow in NVIDIA DCGM HostEngine: Denial of Service and Data Tampering Vulnerability Vulnerability in NVIDIA DGX-1 SBIOS Uncore PEI Module: Arbitrary Code Execution and Privilege Escalation Critical Vulnerability: Linux Kernel's ksmbd NTLMv2 Authentication Crash Stored Cross-Site Scripting Vulnerability in Advanced Recent Posts WordPress Plugin Elevation of Privilege: DLL Hijacking in M-Files Installer Arbitrary Content Injection Vulnerability in Skyhigh SWG Use-after-free vulnerability in BIO_new_NDEF function Invalid Pointer Dereference Vulnerability in OpenSSL's PKCS7 Parsing Functions Invalid Pointer Dereference on Read in EVP_PKEY_public_check() Function Stored Cross-Site Scripting (XSS) Vulnerability in FluentSMTP WordPress Plugin SQL Injection Vulnerability in Pinpoint Booking System WordPress Plugin Local Privilege Escalation Vulnerability in ACC Prior to Version 8.3.4 Unauthorized Access to Release Descriptions in GitLab API SQL Injection Vulnerability in GiveWP WordPress Plugin (<=2.24.1) Incomplete Access Check on dnsHostName Attribute Allows Unauthorized Deletion in Samba Insufficient Session Expiration in pyload GitHub Repository Authentication Bypass Vulnerability in ABB Symphony Plus S+ Operations Privilege Escalation Vulnerability in OpenShift's apiserver-library-go Stored Cross-Site Scripting Vulnerability in VK All in One Expansion Unit WordPress Plugin Stored Cross-Site Scripting Vulnerability in ShopLentor WordPress Plugin Unserialization Vulnerability in ShopLentor WordPress Plugin Stored Cross-Site Scripting Vulnerability in ActiveCampaign WordPress Plugin Authenticated SQL Injection in SiteGround Security WordPress Plugin Reflected Cross-Site Scripting in Tutor LMS WordPress Plugin (<=2.0.10) Vulnerability in WARP Mobile Client (<=6.29) for Android Allows Malicious App to Manipulate Task Behavior Use-after-free Vulnerability in io_uring's io_prep_async_work Function Directory Traversal Vulnerability in pgAdmin 4: Unauthorized User Settings Modification and Database Alteration Privilege Escalation via Unchecked Write Permissions in Velociraptor Critical SQL Injection Vulnerability in TuziCMS 2.0.6 Critical SQL Injection Vulnerability in TuziCMS 2.0.6 (VDB-218152) Critical SQL Injection Vulnerability in SourceCodester Online Flight Booking Management System (VDB-218153) Cross-Site Scripting (XSS) Vulnerability in earclink ESPCMS P8.21120101 Content Handler Uncontrolled Search Path Element Vulnerability in bits-and-blooms/bloom prior to 3.3.1 Physical Access Vulnerability: Memory Recovery in Kantech Gen1 ioSmart Card Reader (Firmware < 1.07.02) Out-of-Bounds Write Vulnerability in Delta Electronics DIAScreen Versions 1.2.1.23 and Prior Stack-Based Buffer Overflow in Delta Electronics DIAScreen Versions 1.2.1.23 and Prior Buffer Overflow Vulnerability in Delta Electronics DIAScreen Versions 1.2.1.23 and Prior Stored Cross-Site Scripting Vulnerability in Contextual Related Posts WordPress Plugin Stored Cross-Site Scripting Vulnerability in Real Media Library WordPress Plugin SQL Injection Vulnerability in Simple Membership WP User Import Plugin Arbitrary File Upload Vulnerability in Enable Media Replace WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System 2.0 Unrestricted Upload Vulnerability in SourceCodester Online Food Ordering System 2.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Food Ordering System 2.0 SQL Injection Vulnerability in WP Google Review Slider WordPress Plugin SQL Injection Vulnerability in WP Review Slider WordPress Plugin SQL Injection Vulnerability in WP TripAdvisor Review Slider WordPress Plugin SQL Injection Vulnerability in WP Airbnb Review Slider WordPress Plugin SQL Injection Vulnerability in WP Yelp Review Slider WordPress Plugin OpenID Connect User Authentication Vulnerability in Keycloak: Impersonation and Session Token Generation Authenticated Remote Command Execution in Uvdesk Version 1.1.1 via Profile Picture Upload Use-after-free vulnerability in ALSA PCM package in Linux Kernel allows privilege escalation Stored Cross-Site Scripting Vulnerability in Ultimate Carousel for WPBakery Page Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in Mega Addons For WPBakery Page Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in YaMaps for WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Font Awesome WordPress Plugin Stored Cross-Site Scripting Vulnerability in NEX-Forms WordPress Plugin Stored Cross-Site Scripting Vulnerability in Custom Content Shortcode WordPress Plugin Stored Cross-Site Scripting Vulnerability in URL Params WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Accept Payments for PayPal WordPress Plugin Stored Cross-Site Scripting Vulnerability in Weaver Xtreme Theme Support WordPress Plugin SQL Injection Vulnerability in WC Fields Factory WordPress Plugin SQL Injection Vulnerability in GeoDirectory WordPress Plugin SQL Injection Vulnerability in Media Library Assistant WordPress Plugin Stored Cross-Site Scripting Vulnerability in Ultimate Carousel For Elementor WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Flight Booking Management System (VDB-218276) Cross-Site Scripting Vulnerability in YourChannel WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Flight Booking Management System LDAP User ID Manipulation Vulnerability in Tribe29 Checkmk Stored Cross-Site Scripting Vulnerability in Real Media Library WordPress Plugin Type Confusion Vulnerability in X.400 Address Processing in X.509 GeneralName Cross-Site Scripting (XSS) Vulnerability in ityouknow favorites-web's Comment Handler Heap-based Buffer Overflow in Vim Prior to 9.0.1189 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository craigk5n/webcalendar Directory Traversal Vulnerability in Rapid7 Velociraptor Authorization Bypass Vulnerability in Quiz And Survey Master for WordPress Allows Arbitrary Media File Deletion Cross-Site Request Forgery Vulnerability in Quiz And Survey Master WordPress Plugin (Versions up to 8.0.8) Authorization Bypass Vulnerability in Mediamatic – Media Library Folders WordPress Plugin Cross-Site Request Forgery Vulnerability in Mediamatic – Media Library Folders WordPress Plugin (Versions up to 2.8.1) Stored Cross-Site Scripting Vulnerability in Launchpad WordPress Plugin Vulnerability in etcd grpc-proxy Health Checks Port (CVE-2023-0296) Code Injection Vulnerability in pyload/pyload prior to 0.5.0b3.dev31 GitHub Repository Firefly-III/Firefly-III Prior to 5.8.0 Incorrect Authorization Vulnerability Unvalidated Input Vulnerability in GitHub Repository Publify/Publify (prior to 9.2.10) Reflected Cross-site Scripting (XSS) Vulnerability in alf.io prior to 2.0-M4-2301 Stored Cross-site Scripting (XSS) Vulnerability in alfio-event/alf.io prior to Alf.io 2.0-M4-2301 Special Element Injection Vulnerability in GitHub Repository radareorg/radare2 prior to 5.8.2 Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System (VDB-218384) Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Insecure Password Requirements in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Authentication Bypass in GitHub repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.10 Command Injection Vulnerability in froxlor/froxlor prior to 2.0.8 GitHub Repository Path Traversal Vulnerability in froxlor/froxlor prior to 2.0.0 Unprotected Alternate Channel Vulnerability in GateManager Debug Console: Exposing Sensitive Information Unauthorized Access to Restricted Environment Names in GitLab Stored Cross-Site Scripting Vulnerability in Izmir Katip Celebi University UBYS Vulnerability: Unauthorized Access to Configuration Files in Campbell Scientific Dataloggers Reflected XSS Vulnerability in Talent Software UNIS (CVE-2021-XXXX) Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.14 SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-218426) Unauthenticated Remote Stored XSS Vulnerability in Uvdesk Version 1.1.1 Authorization Header Leakage in GitLab DAST API Scanner Cross-Site Scripting (XSS) Vulnerability in saemorris TheRadSystem's users.php (VDB-218454) Inadequate Privilege Checks in WPCode WordPress Plugin Allow Unauthorized Access to Authentication Endpoints SQL Injection Vulnerability in Elementor Website Builder WordPress Plugin LSI53C895A Device Vulnerability in QEMU: DMA-MMIO Reentrancy Exploit Leading to Memory Corruption Arbitrary File Download Vulnerability in Correos Oficial WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Food Ordering System 2.0 (VDB-218472) Stored Cross-Site Scripting Vulnerability in TemplatesNext ToolKit WordPress Plugin Reflected Cross-Site Scripting in ShortPixel Adaptive Images WordPress Plugin CSRF and Broken Access Control Vulnerabilities in WP Shamsi WordPress Plugin Allow Unauthorized Attachment Deletion CSRF and Broken Access Control Vulnerabilities in OoohBoi Steroids for Elementor WordPress Plugin Reflected Cross-site Scripting (XSS) Vulnerability in lirantal/daloradius GitHub Repository Reflected Cross-site Scripting (XSS) Vulnerability in lirantal/daloradius GitHub Repository Authentication Bypass Vulnerability in ForgeRock Access Management Web Policy Agent Arbitrary File Inclusion and Remote Code Execution Vulnerability in Custom Content Shortcode WordPress Plugin Stack Buffer Overflow in ec_glob function of editorconfig-core-c before v0.12.6 Insecure Storage of PEM Key File Passwords in MongoDB Ops Manager Diagnostics Archive Static IV and Key in Akuvox E11 Encryption Function: Potential Message Decryption Vulnerability Insecure Option in Custom Dropbear SSH Server of Akuvox E11 Default SSH Server with Unchangeable Root Password Unencrypted HTTP Connection in Akuvox E11 Cloud Login Allows Unauthorized Access Akuvox E11 Device Identification Vulnerability Unrestricted Direct SIP Calling Vulnerability in Akuvox E11 Unauthenticated Access to Camera Capture in Akuvox E11 libvoice Library File Extension Bypass Vulnerability in Akuvox E11 Command Injection Vulnerability in Akuvox E11 Web Server Backend Library Akuvox E11 Password Recovery Webpage Vulnerability Weak Encryption and Hard-Coded Password Vulnerability in Akuvox E11 Unauthenticated Access to Akuvox E11 Web Server Allows Unauthorized Information Retrieval and Packet Capture Hard-coded Cryptographic Key Vulnerability in Akuvox E11 Weak Encryption of Credentials in SOCOMEC MODULYS GP Netvision Versions 7.20 and Earlier Unauthenticated Remote XSS Exploit in Helpy Version 2.8.0 Use After Free vulnerability in gpac/gpac prior to 2.3.0-DEV Null Pointer Dereference Vulnerability in handle_ra_input Stored Cross-Site Scripting Vulnerability in Location Weather WordPress Plugin Timing Side-Channel Vulnerability in GnuTLS Allows Key Recovery in RSA ClientKeyExchange Messages Stored Cross-Site Scripting Vulnerability in Themify Portfolio Post WordPress Plugin Stored Cross-Site Scripting Vulnerability in Scheduled Announcements Widget WordPress Plugin Stored Cross-Site Scripting Vulnerability in real.Kit WordPress Plugin Stored Cross-Site Scripting Vulnerability in React Webcam WordPress Plugin Stored Cross-Site Scripting Vulnerability in Loan Comparison WordPress Plugin Stored Cross-Site Scripting Vulnerability in Pricing Tables For WPBakery Page Builder Plugin Stored Cross-Site Scripting Vulnerability in Responsive Tabs For WPBakery Page Builder Plugin Stored Cross-Site Scripting Vulnerability in GoToWP WordPress Plugin Stored Cross-Site Scripting Vulnerability in WPB Advanced FAQ WordPress Plugin Stored Cross-Site Scripting Vulnerability in EmbedSocial WordPress Plugin Stored Cross-Site Scripting Vulnerability in EmbedStories WordPress Plugin Stored Cross-Site Scripting Vulnerability in Lightweight Accordion WordPress Plugin Stored Cross-Site Scripting Vulnerability in W4 Post List WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Affiliate Links WordPress Plugin Stored Cross-Site Scripting Vulnerability in Qubely WordPress Plugin Stored Cross-Site Scripting Vulnerability in Scriptless Social Sharing WordPress Plugin Stored Cross-Site Scripting Vulnerability in Greenshift WordPress Plugin Stored Cross-Site Scripting Vulnerability in Spotlight Social Feeds WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Digital Downloads WordPress Plugin SQL Injection Vulnerability in GigPress WordPress Plugin Denial of Service Vulnerability in M-Files Server before 23.4.12528.1 Uncontrolled Memory Consumption Vulnerability in M-Files Server (before 23.4.12528.1) Uncontrolled Memory Consumption in M-Files Server: A Potential Denial of Service Vulnerability Cross-Site Request Forgery Vulnerability in Custom 404 Pro Plugin for WordPress Privilege Escalation Vulnerability in Linux Kernel's OverlayFS Subsystem SQL Injection Vulnerability in Random Text WordPress Plugin Stored Cross-Site Scripting Vulnerability in Calculated Fields Form WordPress Plugin Static SSL Certificate Vulnerability in MGT-COMMERCE CloudPanel Unquoted Path Vulnerability in LDAP Agent Update Service NULL Pointer Dereference Vulnerability in rawv6_push_pending_frames in Linux Kernel Stored Cross-Site Scripting Vulnerability in Menu Shortcode WordPress Plugin Bluetooth Controller Vulnerability: Buffer Overreads in HCI Command Response Processing Bluetooth Controller Denial of Service Vulnerability in le_read_buffer_size_complete CSRF Vulnerability in modoboa/modoboa prior to 2.0.4 Stored Cross-Site Scripting Vulnerability in Image Over Image For WPBakery Page Builder WordPress Plugin Local User Bypasses DLP Controls in Windows 11.9.x Vulnerability: NULL Pointer Dereference in PKCS7 Signature Verification Authorization Bypass Vulnerability in Social Warfare WordPress Plugin Cross-Site Request Forgery Vulnerability in Social Warfare WordPress Plugin (Versions up to 4.4.0) Authorization Bypass Vulnerability in Events Made Easy WordPress Plugin Arbitrary Post Modification Vulnerability in GPT AI Power WordPress Plugin CSRF Vulnerability in modoboa/modoboa prior to 2.0.4 Cross-site Scripting (XSS) Vulnerability in GitHub Repository Builderio/qwik prior to 0.1.0-beta5 Denial of Service Vulnerability in Wireshark Dissectors TIPC Dissector Denial of Service Vulnerability Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10: Dissection Engine Bug EAP Dissector Crash Vulnerability in Wireshark 4.0.0 to 4.0.2 iSCSI Dissector Denial of Service Vulnerability GNW Dissector Denial of Service Vulnerability NFS Dissector Memory Leak Vulnerability in Wireshark Stored Cross-Site Scripting Vulnerability in Video Central for WordPress Plugin Stored Cross-Site Scripting Vulnerability in Font Awesome WordPress Plugin Stored Cross-Site Scripting via CSRF in Custom Post Type and Taxonomy GUI Manager WordPress Plugin Unsanitized Query Parameter in Cloud Manager WordPress Plugin Allows for XSS Attack Stored XSS Vulnerability in Article Directory WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WordPress Amazon S3 Plugin Stored Cross-Site Scripting Vulnerability in MS-Reviews WordPress Plugin Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F and AC 900F Stack-based Buffer Overflow Vulnerability in ABB Freelance Controllers AC 700F and AC 900F Reflected Cross-Site Scripting Vulnerability in Watu Quiz WordPress Plugin Stored Cross-Site Scripting Vulnerability in Watu Quiz WordPress Plugin Vulnerability: Failure to Check OCSP Revocation Status for S/Mime Signatures in Thunderbird Stored Cross-Site Scripting Vulnerability in File Away WordPress Plugin Authenticated Command Injection Vulnerability in Web Configuration Service Heap-based Buffer Overflow in Vim prior to 9.0.1225 Improper Input Validation in pyload/pyload: Prior to 0.5.0b3.dev40 Excessive Attack Surface in pyload/pyload: Prior to 0.5.0b3.dev41 Information Disclosure in MongoDB Atlas Kubernetes Operator Infinite Loop Vulnerability in MongoDB C Driver CSRF Vulnerability in modoboa/modoboa prior to 2.0.4 Stored Cross-Site Scripting Vulnerability in NEX-Forms WordPress Plugin Unpatched Vulnerability in GitHub Repository healthchecks/healthchecks (prior to v2.6) Arbitrary Option Update Vulnerability in Gallery Blocks with Lightbox WordPress Plugin Unvalidated Query Parameters in Loan Comparison WordPress Plugin Could Lead to JavaScript Injection Disclosure of Freemius Secret Key in AnyWhere Elementor WordPress Plugin Privilege Escalation Vulnerability in Delta Electronics InfraSuite Device Master 00.00.02a Stored Cross-Site Scripting Vulnerability in My YouTube Channel WordPress Plugin Authorization Bypass Vulnerability in My YouTube Channel WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP Helper Lite WordPress Plugin GitLab Vulnerability: Ambiguous Branch Name Social Engineering Lack of Password Requirement in Econolite EOS Versions Prior to 3.2.23 Allows Unauthorized Access to Sensitive Information Weak Hash Algorithm Used for Encrypting Privileged User Credentials in Econolite EOS Versions Prior to 3.2.23 Insecure Access Control in WP Private Message WordPress Plugin Arbitrary File Deletion Vulnerability in OrangeScrum v2.0.11 Unrestricted File Upload Vulnerability in GitHub Repository unilogies/bumsys prior to v1.0.3-beta APICast OIDC Module Mismatched Token Vulnerability Plaintext Password Storage Vulnerability in Mitsubishi Electric Corporation MELSEC Series Speculative Pointer Dereference Vulnerability in Linux Kernel's do_prlimit() Function Vulnerability: Bypassing access_ok Check in copy_from_user() on 64-bit Linux Kernel YouTube Embedded SDK Remote Code Execution Vulnerability Linux Kernel Use-After-Free Vulnerability Allows Local Privilege Escalation Arbitrary Code Execution Vulnerability in Foreman via YAML Payload Offline Mode Bypass Vulnerability in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 OpenSSL X.509 Certificate Chain Policy Constraints Denial-of-Service Vulnerability Vulnerability: Bypassing Certificate Policy Checks Vulnerability: Inconsistent Behavior of X509_VERIFY_PARAM_add0_policy() Function Local File Inclusion Vulnerability in WP Dark Mode WordPress Plugin Race Condition in io_uring/poll.c Leads to Use-After-Free Vulnerability in Linux Kernel Use-After-Free Vulnerability in Linux Kernel's io_uring Subcomponent Leads to Denial of Service Stored Cross-site Scripting (XSS) Vulnerability in modoboa/modoboa prior to 2.0.4 WebTransport Use After Free Vulnerability in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome Type Confusion Vulnerability in Google Chrome's ServiceWorker API Use After Free Vulnerability in GuestView in Google Chrome Vulnerability: Decompression Bomb Attack in HashiCorp Go-Getter LDAP Injection Vulnerability in Tenable.sc Allows Blind Injection Arbitrary File Upload Vulnerability in Auto Featured Image WordPress Plugin Reflected XSS Vulnerability in Print Invoice & Delivery Notes for WooCommerce WordPress Plugin CSRF Vulnerability in VitalPBX Version 3.2.3-8 Allows Unauthorized Access to Administrator Account Insecure File Permissions in RestEasy Reactive Implementation of Quarkus Insecure File Permissions in RESTEasy's Temp File Creation GitLab Vulnerability: Unauthorized Extraction of Datadog Integration API Key CSRF Vulnerability in Contact Form 7 Widget Plugin Allows Arbitrary Plugin Activation Privilege Escalation Vulnerability in GitLab Unauthenticated XSS Vulnerability in VitalPBX Version 3.2.3-8 Allows Administrator Account Takeover SQL Injection Vulnerability in My Sticky Elements WordPress Plugin Stored Cross-site Scripting (XSS) vulnerability in pyload/pyload prior to 0.5.0b3.dev42 Stored Cross-Site Scripting Vulnerability in SlideOnline WordPress Plugin Stored Cross-Site Scripting Vulnerability in f(x) TOC WordPress Plugin Stored Cross-Site Scripting Vulnerability in Schedulicity WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Products Slider for WooCommerce WordPress Plugin Improper Neutralization of Special Elements in GitHub Repository btcpayserver/btcpayserver prior to 1.7.5 Dangling Pointer Vulnerability in X.Org Allows for Local Privilege Elevation and Remote Code Execution CSRF Vulnerability in HT Slider For Elementor WordPress Plugin CSRF Vulnerability in HT Event WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in HT Portfolio WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in WP Education WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in QuickSwish WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in WP Film Studio WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in WP Insurance WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in WP News WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in Free WooCommerce Theme 99fy Extension WordPress Plugin CSRF Vulnerability in HT Politic WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in Ever Compare WordPress Plugin Allows Arbitrary Plugin Activation Privilege Escalation Vulnerability in ByDemes Group Airspace CCTV Web Service (2.616.BY00.11) Allows Unauthorized Administrator Access Stored XSS Vulnerability in Grafana GeoMap Plugin Open Redirection Vulnerability in GitLab CE/EE via NPM Package API Improper Certificate Validation in pyload/pyload: Version 0.5.0b3.dev44 and earlier Authentication Bypass Vulnerability in ForgeRock Access Management Java Policy Agent Critical Divide By Zero Vulnerability in vim/vim Repository (prior to 9.0.1247) Cross-Site Scripting (XSS) Vulnerability in isoftforce Dreamer CMS up to 4.0.1 (VDB-219334) Reflected Cross-Site Scripting Vulnerability in Membership Database WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 GitLab CE/EE DoS Vulnerability via Malicious Helm Chart Upload Stored Cross-site Scripting (XSS) Vulnerability in modoboa/modoboa prior to 2.0.4 Stored Cross-Site Scripting Vulnerability in RapidExpCart WordPress Plugin CSRF Vulnerability in Enable/Disable Auto Login when Register WordPress Plugin XSS Vulnerability via Malicious Email Address in GitLab Privilege Escalation through Environment Variable Modification in Tenable Plugin Weak Encoding for Password Vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27, GT25, GT23, GT21, GOT SIMPLE Series GS25, GS21, GT Designer3 Version1 (GOT2000), and GT SoftGOT2000 Versions 1.295H and Prior Stored Cross-Site Scripting Vulnerability in Post Shortcode WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Online Security Guards Hiring System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219597) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219603) Stored Cross-Site Scripting Vulnerability in Donation Block For PayPal WordPress Plugin Stored Cross-Site Scripting Vulnerability in Wp-D3 WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product Slider For WooCommerce Lite WordPress Plugin Stored Cross-Site Scripting Vulnerability in Campaign URL Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Insever Portfolio WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Filterable Portfolio WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Books Showcase WordPress Plugin Stored Cross-Site Scripting Vulnerability in Custom Post Type List Shortcode WordPress Plugin Stored Cross-Site Scripting Vulnerability in Arigato Autoresponder and Newsletter WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Login Box WordPress Plugin Stored Cross-Site Scripting Vulnerability in Hostel WordPress Plugin Arbitrary JavaScript Injection in Contact Form Plugin WordPress Plugin Unverified Revoked Certificate Acceptance in Thunderbird S/Mime Encryption Stored Cross-Site Scripting Vulnerability in Namaste! LMS WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in YAFNET up to 3.1.10 Insecure Direct Object Reference vulnerability in Quick Restaurant Menu plugin for WordPress Unauthenticated User Can Delete Arbitrary Attachments in REST API TO MiniProgram WordPress Plugin Open Redirect Vulnerability in Registration Forms WordPress Plugin Stored Cross-Site Scripting Vulnerability in Quick Restaurant Menu WordPress Plugin (Versions up to 2.0.2) Cross-Site Request Forgery Vulnerability in Quick Restaurant Menu WordPress Plugin Authorization Bypass Vulnerability in Quick Restaurant Menu Plugin for WordPress Authorization Bypass Vulnerability in ContentStudio WordPress Plugin Sensitive Information Exposure in ContentStudio WordPress Plugin (up to v1.2.5) Authorization Bypass Vulnerability in ContentStudio WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Portfolio for Envato WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219701) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219702) Critical SQL Injection Vulnerability in PHPGurukul Bank Locker Management System 1.0 (VDB-219716) Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Bank Locker Management System 1.0 Insecure Password Requirements in froxlor/froxlor Repository Business Logic Errors in Froxlor Repository: Exploiting Vulnerabilities in Versions Prior to 2.0.10 Cross-site Scripting Vulnerability in froxlor/froxlor prior to 2.0.10 Invalid Blowfish Hash Acceptance Vulnerability in PHP 8.0.X, 8.1.X, and 8.2.X Buffer Overflow Vulnerability in PHP Path Resolution Function Insecure Password Requirements in GitHub Repository Publify/Publify Prior to 9.2.10 Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-219729) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Canteen Management System 1.0 Unchecked Error Condition in Froxlor GitHub Repository Yugabyte Managed Server-Side Request Forgery (SSRF) and Authentication Abuse Vulnerability Code Injection and Privilege Abuse in Yugabyte DB Cross-Site Scripting (XSS) Vulnerability in ASOS Information Technologies SOBIAD Cross-Site Scripting (XSS) Vulnerability in ASOS Information Technologies Book Cites SQL Injection Vulnerability in YARPP WordPress Plugin Insecure Storage of Sensitive Information in ABB My Control System (on-premise) Vulnerability: Bypassing Login Restrictions in PrivateContent WordPress Plugin Path Traversal Vulnerability in ForgeRock Access Management Allows Authorization Bypass VK Blocks Plugin for WordPress: Improper Authorization Vulnerability VK Blocks Plugin for WordPress Improper Authorization Vulnerability Stored Cross-Site Scripting Vulnerability in All in One SEO Pack Plugin for WordPress Stored Cross-Site Scripting Vulnerability in All in One SEO Pack Plugin for WordPress Arbitrary File Upload Vulnerability in Trend Micro Apex One Server Build 11110 Reflected Cross-Site Scripting in Catalyst Connect Zoho CRM Client Portal WordPress Plugin Cross-Site Scripting Vulnerability in WP Image Carousel WordPress Plugin Race condition in qdisc_graft() in Linux Kernel leads to use-after-free vulnerability and denial of service Path Traversal Vulnerability in ubi-reader 0.8.5 Path Traversal Vulnerability in Jefferson's JFFS2 Filesystem Extractor Path Traversal Vulnerability in yaffshiv YAFFS Filesystem Extractor Stored XSS Vulnerability in Grafana Trace View Visualization Improper Output Neutralization for Logs in Geo SCADA Server Memory Leak Vulnerability in Linux Kernel's CPU Entry Area Mapping Code Injection Vulnerability in GE Digital Proficy iFIX Stored Cross Site Scripting Vulnerability in Rapid7 Metasploit Pro Versions 4.21.2 and Lower SQL Injection Vulnerability in WP Visitor Statistics Plugin Reflected XSS Vulnerability in Twittee Text Tweet WordPress Plugin CSRF Vulnerability in Sloth Logo Customizer WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Food Manager WordPress Plugin Stored Cross-Site Scripting Vulnerability in Auto Rename Media On Upload WordPress Plugin Reflected Cross-site Scripting (XSS) Vulnerability in Ampache Repository Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository ProjectSend/ProjectSend prior to r1606 Cross-site Scripting (XSS) Vulnerability in microweber/microweber prior to 1.3.2 GitHub Repository Wallabag/Wallabag Prior to 2.5.3 - Improper Authorization Vulnerability GitHub Repository Wallabag/Wallabag Prior to 2.5.3 - Improper Authorization Vulnerability Critical Command Injection Vulnerability in TRENDnet TEW-652BRP 3.04B01 Critical Buffer Overflow Vulnerability in TRENDnet TEW-811DRU 1.0.10.0 (VDB-219936) Critical Remote Memory Corruption Vulnerability in TRENDnet TEW-811DRU 1.0.10.0 Insufficient Fix for Confidential Attribute Disclosure via LDAP Filters in Samba AD DC Vulnerability in Linux Kernel V4L2 and Vivid Test Code: Memory Leak, Divide by Zero, and Integer Overflow Denial of Service (DoS) Vulnerability in Thunderbird < 102.8 Critical Buffer Overflow Vulnerability in TRENDNet TEW-811DRU 1.0.10.0 Critical Remote Code Execution Vulnerability in TRENDnet TEW-652BRP 3.04B01 (VDB-219958) Authorization Bypass Vulnerability in Kraken.io Image Optimizer Plugin for WordPress SQL Injection Vulnerability in HashiCorp Vault and Vault Enterprise Out-of-Bounds Read Vulnerability in Cscape Envision RV Version 4.60 Out-of-Bounds Write Vulnerability in Cscape Envision RV Version 4.60 Out-of-Bounds Write Vulnerability in Cscape Envision RV Version 4.60 Arbitrary User Account Retrieval Vulnerability in OrangeScrum 2.0.11 Remote Code Execution (RCE) in Docker Desktop before 4.12.0 via Crafted Extension Description or Changelog Remote Code Execution (RCE) via Query Parameters in Docker Desktop's Message-Box Route Docker Desktop 4.11.x IPC Response Spoofing Vulnerability Arbitrary Command Execution in Docker Desktop via Crafted docker-desktop:// URL Docker Desktop Enhanced Container Isolation Bypass SQL Injection Vulnerability in Slimstat Analytics WordPress Plugin SQL Injection Vulnerability in Paid Memberships Pro WordPress Plugin Regular Expression Denial of Service Vulnerability in GitLab's Harbor Registry Search Argument Injection Vulnerability in Docker Desktop Installer Privilege Escalation Vulnerability in ABB Ltd. ASPECT®-Enterprise, NEXUS Series, and MATRIX Series Command Injection Vulnerability in ABB Ltd. ASPECT®-Enterprise, NEXUS Series, and MATRIX Series Critical Remote Memory Corruption Vulnerability in TRENDnet TEW-811DRU 1.0.10.0 Critical Command Injection Vulnerability in TRENDnet TEW-811DRU 1.0.10.0 Web Interface (VDB-220018) Cross-Site Scripting (XSS) Vulnerability in TRENDnet TEW-652BRP 3.04b01 Critical Command Injection Vulnerability in TRENDnet TEW-652BRP 3.04b01 Web Interface (VDB-220020) Weak Password Requirements in PHPGurukul Employee Leaves Management System 1.0 (Vulnerability VDB-220021) CSRF Vulnerability in GitHub Repository squidex/squidex prior to 7.4.0 GitHub Repository Squidex/Squidex Prior to 7.4.0 - Improper Handling of Additional Special Element Vulnerability Reflected Cross-Site Scripting Vulnerability in PushAssist WordPress Plugin Out of Bounds Read Vulnerability in libjxl's Exif Handler Critical Command Injection Vulnerability in dst-admin 1.5.0 (VDB-220033) Critical Command Injection Vulnerability in dst-admin 1.5.0 (VDB-220034) Critical Command Injection Vulnerability in dst-admin 1.5.0 (VDB-220035) Critical Command Injection Vulnerability in dst-admin 1.5.0 (VDB-220036) YAFNET up to 3.1.11 Cross Site Scripting Vulnerability Unrestricted Upload Vulnerability in FastCMS 0.1.0 Privilege Escalation via Hardlink Vulnerability in Cloudflare WARP Client for Windows WARP Mobile Client for Android Tapjacking Vulnerability Sensitive Information Disclosure Vulnerability in SonicWall Email Security SonicOS Stack-based Buffer Overflow Vulnerability: Remote DoS Exploit Critical Information Disclosure Vulnerability in Multilaser RE057 and RE170 2.1/2.2 Backup File Handler Critical Information Disclosure Vulnerability in BDCOM 1704-WGL 2.0.6314 Stored Cross-Site Scripting Vulnerability in Smart Slider 3 WordPress Plugin Improper Access Control in Devolutions Server: Unauthorized Access to Sensitive Data Excessive HTTP Form Upload Vulnerability in PHP 8.x Critical SQL Injection Vulnerability in Calendar Event Management System 2.3.0 (VDB-220175) Privilege Escalation Vulnerability in QEMU Guest Agent for Windows Authorization Bypass in HashiCorp Vault's PKI Mount Issuer Endpoints Heap-based Buffer Overflow in Wireshark Version 4.0.5 and Prior Heap-based Buffer Overflow in Wireshark 4.0.5 and Prior: Code Execution Vulnerability Heap-based Buffer Overflow in Wireshark Version 4.0.5 and Prior Pre-Authentication Command Injection Vulnerability in Fortra GoAnywhere MFT License Response Servlet Remote Code Execution through Image Upload in Ulearn Version a5a7ca20de859051ea0470542844980a66dfc05d Code Injection Vulnerability in froxlor/froxlor prior to 2.0.10 Critical SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0 Cross-Site Request Forgery (CSRF) Vulnerability in XXL-JOB 2.3.1 Critical SQL Injection Vulnerability in Calendar Event Management System 2.3.0 (CVE-2021-220197) Reflected Cross-Site Scripting (XSS) Vulnerability in phpipam/phpipam prior to 1.5.1 Reflected Cross-site Scripting (XSS) Vulnerability in phpipam/phpipam prior to v1.5.1 Unauthenticated Access to phpipam/phpipam Repository Prior to v1.5.1 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (CVE-2020-220220) Open Redirect Vulnerability in Rapid7 InsightVM Versions 6.6.178 and Lower Privilege Escalation Vulnerability in XCC API Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Critical SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0 Critical Buffer Overflow Vulnerability in GNU C Library 2.38 (VDB-220246) Information Disclosure Vulnerability in Metform Elementor Contact Form Builder for WordPress Information Disclosure Vulnerability in Metform Elementor Contact Form Builder for WordPress Plaintext Storage of Credentials in HashiCorp Boundary PKI Worker Disk Information Disclosure Vulnerability in Metform Elementor Contact Form Builder for WordPress Metform Elementor Contact Form Builder for WordPress Information Disclosure Vulnerability Metform Elementor Contact Form Builder for WordPress Information Disclosure Vulnerability Metform Elementor Contact Form Builder for WordPress Information Disclosure Vulnerability Metform Elementor Contact Form Builder for WordPress Cross-Site Scripting Vulnerability Type Confusion Vulnerability in V8 Allows Remote Code Execution in Google Chrome Spoofing Vulnerability in Full Screen Mode on Google Chrome for Android Out of Bounds Read Vulnerability in WebRTC in Google Chrome GPU Use After Free Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Heap Buffer Overflow in Google Chrome WebUI Type Confusion Vulnerability in Google Chrome Data Transfer Type Confusion Vulnerability in Google Chrome DevTools Bypassing Same Origin Policy and Proxy Settings in Google Chrome DevTools Heap Corruption Vulnerability in Google Chrome Critical SQL Injection Vulnerability in SourceCodester Medical Certificate Generator App 1.0 (VDB-220340) SQL Injection Vulnerability in SourceCodester Medical Certificate Generator App 1.0 (Function.php - delete_record) [VDB-220346] Metform Elementor Contact Form Builder for WordPress Cross-Site Scripting Vulnerability Metform Elementor Contact Form Builder for WordPress Cross-Site Scripting Vulnerability Metform Elementor Contact Form Builder for WordPress Cross-Site Scripting Vulnerability Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin Authorization Bypass Vulnerability in Wicked Folders WordPress Plugin CSV Injection Vulnerability in Metform Elementor Contact Form Builder Plugin for WordPress Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Cross-Site Request Forgery Vulnerability in Wicked Folders WordPress Plugin (Versions up to 2.18.16) Stored Cross-Site Scripting Vulnerability in Interactive Geo Maps Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Eyewear Shop 1.0 Stored Cross-Site Scripting Vulnerability in Newsletter Popup WordPress Plugin GitHub Repository Wallabag/Wallabag Prior to 2.5.4 - Improper Authorization Vulnerability CSRF Vulnerability in wallabag/wallabag prior to 2.5.4 Stored Cross-site Scripting (XSS) Vulnerability in wallabag/wallabag prior to 2.5.4 Arbitrary User Account Retrieval Vulnerability in OrangeScrum 2.0.11 Race Condition Vulnerability in GitHub repository answerdev/answer prior to 1.0.4 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to version 1.0.4 DOM-based Cross-site Scripting (XSS) vulnerability in GitHub repository answerdev/answer prior to version 1.0.4 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to version 1.0.4 Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to 1.0.4 GitHub Repository answerdev/answer Prior to 1.0.4: Improper Access Control Vulnerability Path Traversal Vulnerability in Yugabyte Anywhere's High Availability Functionality Unauthenticated Reflected Cross-Site Scripting in GigaVUE-FM Help Page Stored Cross-site Scripting (XSS) Vulnerability in btcpayserver/btcpayserver prior to 1.7.6 Open Redirect Vulnerability in btcpayserver/btcpayserver prior to 1.7.6 Arbitrary Post Retrieval Vulnerability in Ocean Extra WordPress Plugin Authentication Bypass Vulnerability in Yellobrik PEC-1864 GELI Vulnerability: Silent Use of NULL Key File and Trivial Recovery of Master Key Integer Overflow Vulnerability Array Index Out of Bounds Vulnerability Arbitrary Code Execution via Specially Crafted Repository Names in GitLab Arbitrary Code Upload and Unauthorized Access Vulnerability in PHOENIX CONTACT MULTIPROG and ProConOS eCLR (SDK) Critical SQL Injection Vulnerability in glorylion JFinalOA 1.0.2 (VDB-220469) Privilege Chaining Vulnerability in GitHub Repository Cockpit-HQ/Cockpit Prior to 2.3.8 Heap-based Buffer Overflow in gpac/gpac prior to V2.1.0-DEV CSRF Vulnerability in Clock In Portal- Staff & Attendance Management WordPress Plugin CSRF Vulnerability in Clock In Portal- Staff & Attendance Management WordPress Plugin CSRF Vulnerability in Clock In Portal- Staff & Attendance Management WordPress Plugin Stored Cross-Site Scripting Vulnerability in The Gallery by BestWebSoft WordPress Plugin Blind SQL Injection Vulnerability in The Gallery by BestWebSoft WordPress Plugin CSRF Vulnerability in Newsletter Popup WordPress Plugin Arbitrary Memory Write Vulnerability in PKCS 12 Cert Bundle Handling SQL Injection Vulnerability in Avirato Hotels Online Booking Engine WordPress Plugin Reflected Cross-Site Scripting in hiWeb Migration Simple WordPress Plugin Stack-based Buffer Overflow in gpac/gpac prior to 2.2 Critical SQL Injection Vulnerability in Ampache GitHub Repository (prior to 5.5.7,develop) Arbitrary Post Retrieval Vulnerability in Popup Builder by OptinMonster WordPress Plugin Uniview IP Camera: Remote Control Vulnerability Critical SQL Injection Vulnerability in SourceCodester Medical Certificate Generator App 1.0 (VDB-220558) Bluetooth LE Stack Denial-of-Service Vulnerability Remote Shell Code Exploitation via HTTP Command Injections in Baicells LTE TDD eNodeB Devices Critical Authentication Bypass Vulnerability in modoboa/modoboa < 2.0.4 Podman Vulnerability: Time-of-check Time-of-use (TOCTOU) Flaw Allows Arbitrary File Access Invalid Pointer Exploitation: Crashing and Beyond UI Layer or Frame Restriction Vulnerability in GitHub Repository Cockpit-HQ/Cockpit (prior to version 2.3.9-dev) Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (CVE-2021-220624) Critical Out-of-Bounds Write Vulnerability in Tenda AC23 16.03.07.45 Critical Unrestricted Upload Vulnerability in EcShop 4.1.5 (VDB-220641) Critical SQL Injection Vulnerability in SourceCodester Best Online News Portal 1.0 Sensitive Information Exposure in SourceCodester Best Online News Portal 1.0 via check_availability.php Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Code Injection Vulnerability in phpMyFAQ Prior to Version 3.1.11 Command Injection Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Uncaught Exception Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Code Injection Vulnerability in phpMyFAQ Prior to Version 3.1.11 Insecure Password Requirements in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0 Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0 Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0 Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0's tiffcrop Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0's tiffcrop Persistent Access to Public Projects in GitLab EE Hard-coded Password Vulnerability in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471 Memory Allocation Vulnerability in Mosquitto 2.0.16 and Earlier Stored Cross-site Scripting (XSS) Vulnerability in btcpayserver/btcpayserver prior to 1.7.11 Improper Access Controls on UM Password Storage in Omron CJ1M Unit v4.0 and Prior Unauthenticated Data Disclosure in Active Directory Integration WordPress Plugin Authentication Bypass Vulnerability in OpenShift Console's Network Observability Plugin Sensitive Information Disclosure in Profile Builder Plugin for WordPress Sensitive Information Disclosure in OpenNMS Meridian and Horizon via Jetty Log Files IP Address Spoofing and Anti-Spam Bypass Vulnerability in Formidable Forms WordPress Plugin Buffer Over-read Vulnerability in GitHub Repository gpac/gpac prior to v2.3.0-DEV Off-by-one Error in gpac/gpac GitHub Repository Prior to v2.3.0-DEV Heap-based Buffer Overflow in GPAC GitHub Repository Prior to v2.3.0-DEV Arbitrary Privilege Escalation in User Role by BestWebSoft WordPress Plugin Excessive Disk Usage Vulnerability in HashiCorp Nomad Improper Authorization Vulnerability in DIAEnergie (versions prior to v1.9.03.001) Stored Cross-Site Scripting Vulnerability in Cookie Notice & Compliance Plugin Vulnerability: Stored XSS via CSRF Attack in User Registration & User Profile WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 1.5.17 Cross-Site Scripting (XSS) Vulnerability in Pandora FMS v767 and Prior Versions Plesk 17.0-18.0.31 Cross-Site Scripting Vulnerability Critical Remote Command Injection Vulnerability in EasyNAS 1.1.0 (VDB-220950) Cross-Site Request Forgery Vulnerability in Under Construction Plugin for WordPress Cross-Site Request Forgery Vulnerability in Under Construction Plugin for WordPress Information Disclosure Vulnerability in Red Hat AMQ-Streams via Illegal Header Value Privilege Escalation Vulnerability in HYPR Workforce Access on MacOS Arbitrary Local File Access in markdown-pdf version 11.0.0 Uninitialized Buffer Leak in HAProxy's FCGI_BEGIN_REQUEST Encoding TeamViewer Remote: Unauthorized Modification of Locked Local Device Settings Vulnerability Webhook URL Manipulation Vulnerability in GitLab Account Footprinting Vulnerability in ProMIS Process Co. InSCADA Cross-Site Scripting (XSS) Vulnerability in PHPCrazy 1.1.1 Critical Heap-Based Buffer Overflow Vulnerability in GPAC 2.3-DEV-rev40-g3602a5ded (VDB-221087) Prototype Pollution Vulnerability in xml2js version 0.4.23 Stored Cross-Site Scripting Vulnerability in Namaste! LMS WordPress Plugin Authenticated User Can Trigger Consul Server and Client Agent Crash Vulnerability Unauthenticated Stored XSS Vulnerability in OpenNMS Horizon and Meridian DASH 7 Alliance Protocol Sub-IoT Out-of-Bounds Write Vulnerability Remote Denial of Service Vulnerability in Netgear WNDR3700v2 1.0.1.14 Critical Command Injection Vulnerability in Netgear WNDR3700v2 1.0.1.14 Web Interface Remote Denial of Service Vulnerability in Netgear WNDR3700v2 1.0.1.14 Buffer Overflow Vulnerability in CPCA Resource Download Process of Office/Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability in Office/Small Office Multifunction Printers and Laser Printers Vulnerability: Buffer Overflow in mDNS NSEC Record Registering Process of Office/Small Office Multifunction Printers and Laser Printers Vulnerability: Buffer Overflow in NetBIOS QNAME Registering and Communication Process of Office/Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability in IPP Number-Up Attribute Processing of Office/Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability in Office/Small Office Multifunction Printers and Laser Printers Vulnerability: Unauthorized Access to Office/Small Office Multifunction Printers and Laser Printers RemoteUI Authentication Bypass Vulnerability in Office/Small Office Multifunction Printers and Laser Printers Arbitrary File Installation Vulnerability in Office/Small Office Multifunction Printers and Laser Printers Excessive Authentication Attempts Vulnerability in modoboa/modoboa-installer prior to 2.0.4 Command Injection Vulnerability in NetModule NSRW Web Administration Interface Path Traversal Vulnerability in NetModule NSRW Web Administration Interface Improper Authentication Vulnerability in ABB Terra AC Wallbox Series Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC Wallbox Series Insecure User Address Management in WooCommerce Multiple Customer Addresses & Shipping Plugin Heap-based Buffer Overflow in GPAC GitHub Repository Prior to Version 2.3.0-DEV Multiple Stored and Reflected Cross-Site Scripting Vulnerabilities in OpenNMS Meridian and Horizon: Confidential Session Information Exposure Reflected Cross-Site Scripting Vulnerability in OpenNMS Meridian and Horizon Allows Session Cookie Theft Cross-Site Scripting Vulnerability in OpenNMS Meridian and Horizon Allows Access to Confidential Session Information Cross-Site Request Forgery Vulnerability in OpenNMS Meridian and Horizon XXE Injection Vulnerability in OpenMNS Horizon 31.0.8 and Earlier Elevation of Privilege Vulnerability in Horizon REST API Stored Cross-Site Scripting Vulnerability in Kanban Boards for WordPress Plugin Stored Cross-Site Scripting Vulnerability in Klaviyo WordPress Plugin Blind SQL Injection Vulnerability in WP Meta SEO WordPress Plugin Arbitrary Redirect Vulnerability in WP Meta SEO WordPress Plugin Code Injection Vulnerability in froxlor/froxlor prior to 2.0.11 Cross-site Scripting (XSS) Vulnerability in GitHub Repository nuxt/framework prior to 3.2.1 Stored Cross-site Scripting (XSS) Vulnerability in btcpayserver/btcpayserver prior to 1.7.12 Input Misinterpretation in GitHub Repository thorsten/phpmyfaq prior to 3.1.11 Authorization Bypass and Privilege Abuse Vulnerability in Kron Tech Single Connect 2.16 Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-221350) Unquoted Search Path Vulnerability in phjounin TFTPD64-SE 4.64 (VDB-221351) WiFi Battery Embedded Web Server Vulnerability: Unauthorized Administrative Access Arbitrary Blog Options Update Vulnerability in Themeflection Numbers WordPress Plugin WordPress Shortcodes Plugin - Unauthorized Access to Draft, Private, and Password Protected Posts Stored Cross-Site Scripting Vulnerability in StagTools WordPress Plugin Stored Cross-Site Scripting Vulnerability in BizLibrary WordPress Plugin Stored Cross-Site Scripting Vulnerability in Time Sheets WordPress Plugin Stored Cross-Site Scripting Vulnerability in Pickup | Delivery | Dine-in Date Time WordPress Plugin Time-Based SQL Injection Vulnerability in WP Coder Plugin for WordPress Default Password Vulnerability in Lenovo Smart Clock Essential with Alexa Built In Session Hijack Vulnerability in Sielco PolyEco1000 Code Execution Vulnerability in General Electric MiCOM S1 Agile Stored Cross-Site Scripting Vulnerability in Steveas WP Live Chat Shoutbox WordPress Plugin SQL Injection Vulnerability in Pricing Table Builder WordPress Plugin Unauthorized Access to Sensitive Information in GitHub Repository pixelfed/pixelfed prior to 0.11.4 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Food Ordering System 1.0 (CVE-2021-221451) Critical SQL Injection Vulnerability in SourceCodester Employee Task Management System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Employee Task Management System 1.0 (VDB-221453) Critical Remote Code Execution Vulnerability in SourceCodester Employee Task Management System 1.0 Critical Authentication Bypass Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Denial of Service Vulnerability in Filseclab Twister Antivirus 8.17 (VDB-221456) Denial of Service Vulnerability in Xoslab Easy File Locker 2.2.0.184 Local Denial of Service Vulnerability in cxasm notepad-- 1.22 Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-221476) Arbitrary User Meta Retrieval Vulnerability in Shortcodes Ultimate WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Auto Dealer Management System 1.0 (VDB-221481) Critical SQL Injection Vulnerability in SourceCodester Auto Dealer Management System 1.0 (VDB-221482) GitHub Repository Pixelfed/Pixelfed Prior to 0.11.4: Improper Authorization Vulnerability Critical SQL Injection Vulnerability in SourceCodester Auto Dealer Management System 1.0 (VDB-221490) Improper Access Controls in SourceCodester Auto Dealer Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Simple Customer Relationship Management System 1.0 (VDB-221493) Critical Unrestricted Upload Vulnerability in Pharmacy Management System 1.0 Missing Authentication for Critical Function in GitHub Repository GitLab CE/EE CPU Saturation Vulnerability via Large Issue Description in GraphQL Default Password Transmission Vulnerability in Samba AD DC Administration Tool Insecure Access Control in Kubernetes Service for Notebooks in RHODS Arbitrary File Upload Vulnerability in ZYREX POPUP WordPress Plugin Remote Code Execution via Deserialization in webMethods OneData Use After Free Vulnerability in Web Payments API in Google Chrome on Android Use After Free Vulnerability in SwiftShader in Google Chrome Vulnerability Title: Use After Free Heap Corruption in Vulkan in Google Chrome Heap Buffer Overflow in Video in Google Chrome Use After Free Vulnerability in Video Element in Google Chrome Use after free vulnerability in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 Integer Overflow Vulnerability in PDF Parsing in Google Chrome Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to 1.0.5 Critical Remote OS Command Injection Vulnerability in DolphinPHP up to 1.5.1 (CVE-2021-46097) Denial of Service Vulnerability in TP-Link Archer C50 V2_160801 Reflected Cross-Site Scripting Vulnerability in VK All in One Expansion Unit WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (CVE-2021-XXXX) SQL Injection vulnerability in NTN Information Technologies Online Services Software (before 1.17) Unauthenticated Password Reset Vulnerability in ProfileGrid WordPress Plugin Critical Use After Free Vulnerability in Google Chrome Prompts Reflected Cross-Site Scripting Vulnerability in Japanized For WooCommerce Plugin for WordPress Unrestricted File Upload Vulnerability in SourceCodester Best POS Management System 1.0 Arbitrary User Session Data Modification via IDOR in Bhima v1.27.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Best POS Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Best POS Management System 1.0 (VDB-221593) GitHub Repository Path Traversal Vulnerability in FlatPress Blog (prior to 1.3) Reflected Cross-Site Scripting in Japanized For WooCommerce WordPress Plugin Reflected Cross-site Scripting (XSS) Vulnerability in modoboa/modoboa prior to 2.0.5 Array Index Underflow Vulnerability in LibreOffice Spreadsheet Component Privilege Escalation Vulnerability in Devolutions Server 2022.3.12 and Earlier Improper Access Controls in Devolutions Server 2022.3.12 and Earlier SQL Injection Vulnerability in Devolutions Server 2022.3.12 and Earlier Credential Compromise Vulnerability in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ Cameras SQL Injection Vulnerability in WP Statistics WordPress Plugin Path Traversal Vulnerability in TEL-STER TelWin SCADA WebInterface Cross-Site WebSocket Hijacking (CSWSH) Vulnerability in Gitpod Unauthenticated Installation of Inisev WordPress Plugins CSRF Vulnerability in Bhima Version 1.27.0 Allows Privilege Escalation via Malicious Link Remote Code Execution Vulnerability in SeaCMS 11.6 Picture Management Component Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (VDB-221632) Critical Remote Code Execution Vulnerability in SourceCodester Music Gallery Site 1.0 Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 Buffer Clearing Vulnerability in Silicon Labs Gecko Platform SDK v4.2.1 and Earlier Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Eyewear Shop 1.0 IDOR Vulnerability in Bhima Version 1.27.0 Allows Unauthorized Access to Sensitive User Data Reflected Cross-Site Scripting Vulnerability in Watu Quiz Plugin for WordPress Z/IP Gateway 7.18.01 and Earlier: Authenticated Attacker Can Manipulate Array Pointer to Disclose Global Memory Contents Buffer Overflow Vulnerabilities in SiLabs Z/IP Gateway SDK: Exploiting Invasive Physical Access to Z-Wave Controller Device Authentication Bypass and Remote Administration Vulnerability in SiLabs Z/IP Gateway SDK Stack Buffer Overflow Vulnerability in SiLabs Z/IP Gateway 7.18.01 and Earlier Null Pointer Dereference Vulnerability in STEPTools v18SP1 ifcmesh Library (v18.1) Trellix Agent for Windows Local Privilege Escalation Vulnerability Command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 Heap-based Overflow Vulnerability in Trellix Agent (Windows and Linux) Version 5.7.8 and Earlier Command Injection Vulnerability in Trellix Intelligent Sandbox CLI SQL Injection Vulnerability in MedData MedDataPACS SQL Injection Vulnerability in SourceCodester Yoga Class Registration System 1.0 SQL Injection Vulnerability in SourceCodester Yoga Class Registration System 1.0 Critical SQL Injection Vulnerability in SourceCodester Yoga Class Registration System 1.0 (VDB-221677) Stored Cross-Site Scripting in stylish-cost-calculator-premium WordPress Plugin Account Takeover Vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24, and Helmholz' myREX24 and myREX24.virtual (<= 2.13.3) Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Cross-Site Request Forgery Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-221681) Information Disclosure Vulnerability in GitLab CE/EE: Unauthorized Extraction of CI/CD Variables Stored Cross-Site Scripting Vulnerability in Shield Security Plugin for WordPress (up to version 17.0.17) via 'User-Agent' Header Vulnerability: Missing Authorization and Cross-Site Scripting in Shield Security Plugin for WordPress Unauthorized Access to Sensitive Information in GitHub Repository francoisjacquet/rosariosis prior to 10.8.2 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository unilogies/bumsys prior to v2.0.1 Buffer Overflow Vulnerability in Emscripten Wrapper for libheif's Strided Image Data Parsing Code Critical SQL Injection Vulnerability in SourceCodester Moosikay E-Commerce System 1.0 Critical Access Control Vulnerability in SourceCodester Alphaware Simple E-Commerce System 1.0 Cross-Site Request Forgery (CSRF) Vulnerability in SourceCodester Sales Tracker Management System 1.0 Critical Command Injection Vulnerability in cyanomiko dcnnt-py up to 0.9.0 (VDB-262230) Cross-Site Scripting (XSS) Vulnerability in xuliangzhan vxe-table up to 3.7.9 Path Traversal Vulnerability in MuYuCMS 2.2 (VDB-221735) Code Injection Vulnerability in Typora up to 1.5.5 on Windows Critical Code Injection Vulnerability in MarkText up to 0.17.1 on Windows (VDB-221737) Critical Code Injection Vulnerability in JP1016 Markdown-Electron Cross-Site Scripting (XSS) Vulnerability in SourceCodester Medical Certificate Generator App 1.0 Critical Local Access Control Vulnerability in Twister Antivirus 8.17 (VDB-221740) Denial of Service Vulnerability in Twister Antivirus 8.17 (VDB-221741) Path Traversal Vulnerability in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 (Unsupported) Critical Heap-Based Buffer Overflow Vulnerability in vox2png 1.0 (VDB-221743) Unescaped Output and CSRF Vulnerability in AI ChatBot WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Virames Vira-Investing Account Footprinting Vulnerability in Virames Vira-Investing SQL Injection Vulnerability in Intuitive Custom Post Order Plugin for WordPress (Versions up to 3.1.3) TPM2.0 Module Library Out-of-Bounds Write Vulnerability TPM2.0 Module Library Out-of-Bounds Read Vulnerability Cross-Site Scripting Vulnerability in Help Desk WP WordPress Plugin SQL Injection in Steveas WP Live Chat Shoutbox WordPress Plugin Stored Cross-Site Scripting Vulnerability in amr ical events lists WordPress Plugin Unauthorized Options Update Vulnerability in WP Meta SEO Plugin Unauthenticated Plugin Settings Update Vulnerability in WP Meta SEO Plugin Unauthorized Sitemap Generation Vulnerability in WP Meta SEO Plugin Stored Cross-Site Scripting Vulnerability in Simple File List WordPress Plugin Unauthenticated Access to Post Listings by Category in WP Meta SEO Plugin Unauthenticated Sitemap Generation Vulnerability in WP Meta SEO Plugin Cross-Site Request Forgery (CSRF) Vulnerability in WP Meta SEO Plugin Cross-Site Request Forgery vulnerability in WP Meta SEO plugin allows unauthorized Sitemap regeneration Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Boat Reservation System 1.0 Remote Code Execution Vulnerability in MonicaHQ 4.0.0 via CSTI in `settings` Endpoint Double Free Vulnerability in Linux Kernel's io_uring IORING_OP_SOCKET Operation CSRF Vulnerability in froxlor/froxlor Repository (Version < 2.0.11) GitHub Repository Path Traversal Vulnerability in salesagility/suitecrm prior to 7.12.9 Critical SQL Injection Vulnerability in SourceCodester Clinics Patient Management System 1.0 (VDB-221784) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Dental Clinic Appointment Reservation System 1.0 Critical SQL Injection Vulnerability in SourceCodester Dental Clinic Appointment Reservation System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Reviewer Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Class and Exam Timetabling System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (CVE-2021-XXXX) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Responsive Tourism Website 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Pet Shop We App 1.0 Relative Path Traversal Vulnerability in MuYuCMS 2.2 (VDB-221802) Relative Path Traversal Vulnerability in MuYuCMS 2.2 Relative Path Traversal Vulnerability in MuYuCMS 2.2 Critical Server-Side Request Forgery Vulnerability in MuYuCMS 2.2 (VDB-221805) Critical Vulnerability in TechPowerUp RealTemp 3.7.0.0: Improper Initialization in WinRing0x64.sys Library (VDB-221806) Critical Vulnerability in TechPowerUp Ryzen DRAM Calculator 1.2.0.5: Improper Initialization in WinRing0x64.sys Library Code Injection Vulnerability in HMI Project File Loading SQL Injection Vulnerability in As Koc Energy Web Report System Reflected XSS Vulnerability in As Koc Energy Web Report System Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (VDB-221819) Critical SQL Injection Vulnerability in SourceCodester Music Gallery Site 1.0 (VDB-221820) Vulnerability: LDAP UserPassword Decoding Flaw in RHDS 11 and RHDS 12 Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 (CVE-2021-XXXX) SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 (CVE-2021-XXXX) Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 Reflected XSS Vulnerability in YKM CRM (before 23.03.30) Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 (VDB-221825) Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 Critical SQL Injection Vulnerability in SourceCodester Doctors Appointment System 1.0 SQL Injection vulnerability in Uzay Baskul Weighbridge Automation Software before 1.1 Data Obfuscation Vulnerability in Snyk Kubernetes Monitor Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.18 Cross-Site Request Forgery Vulnerability in Download Read More Excerpt Link Plugin for WordPress (up to 1.6.0) Stored Cross-Site Scripting Vulnerability in Complianz WordPress Plugin Arbitrary File Path Manipulation in GitHub Repository nilsteampassnet/teampass prior to 3.0.0.22 Improper Permissions Check Allows Unauthorized Removal of Issue from Epic in GitLab GitLab Vulnerability: Resource Depletion Attack via Improper Filtering Linux Kernel HID Subsystem Memory Corruption Vulnerability Memory Leak Vulnerability in Linux Kernel's Stream Control Transmission Protocol (SCTP) Allows Denial of Service Vulnerability: Type Confusion in tls_is_tx_ready() Function Hardcoded UID in Linux Kernel's tun/tap sockets can bypass network filters Type Confusion Vulnerability in pick_next_rt_entity() Function of Linux Kernel Linux Kernel RDS Protocol Type Confusion Vulnerability Use-after-free vulnerability in asus_kbd_backlight_set in Linux kernel Reflected Cross-Site Scripting Vulnerability in GN Publisher Plugin for WordPress Stored Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3.3 Command Injection Vulnerability with Privilege Escalation Potential MQTT Topic Name Exposure Allows Unauthorized Access and Control Privilege Escalation via Crafted Project Access Token in GitLab CE/EE CSRF Vulnerability in Preview Link Generator WordPress Plugin CSRF Vulnerability in WC Sales Notification WordPress Plugin CSRF Vulnerability in WP Plugin Manager WordPress Plugin Allows Arbitrary Plugin Activation CSRF Vulnerability in Coupon Zen WordPress Plugin Allows Arbitrary Plugin Activation Stored Cross-Site Scripting Vulnerability in SMTP Mailing Queue WordPress Plugin SQL Injection Vulnerability in Alpata Licensed Warehousing Automation System CSRF Vulnerability in OAuth Single Sign On WordPress Plugins CSRF Vulnerability in OAuth Single Sign On WordPress Plugin Remote Code Execution Vulnerability in MonicaHQ 4.0.0 via CSTI in `people:id/food` Endpoint NULL pointer dereference vulnerability in nf_tables_updtable SnapCenter Vulnerability: Remote Unauthenticated Access as Admin User Baicells EG7035-M11 Firmware BCE-ODU-1.0.8 - HTTP GET Command Injection Vulnerability GitLab EE/CE Vulnerability: Password Leakage in Repository Mirror Configuration Critical SQL Injection Vulnerability in SourceCodester Online Student Management System 1.0 (CVE-2022-222002) Critical SQL Injection Vulnerability in SourceCodester Online Catering Reservation System 1.0 Excessive MFA Attempts Vulnerability in SonicOS SSLVPN Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 Arbitrary File Path Manipulation in flatpressblog/flatpress prior to 1.3 Reflected Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to 1.3 Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 Undertow Denial of Service Vulnerability: Endless Loop in SslConduit Unrestricted File System Access in Phoenix Contacts ENERGY AXC PU Web Service Stored Cross-Site Scripting Vulnerability in Yellow Yard Searchbar WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in FastCMS up to 0.1.5 Critical Path Traversal Vulnerability in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress (VDB-222072) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Payroll System 1.0 Eskom e-Belediye Missing Authorization Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.18 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.18 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.18 Linux Kernel Infrared Receiver/Transceiver Driver Use After Free Vulnerability Cross-Site Scripting (XSS) Vulnerability in WP-Optimize and SrbTransLatin WordPress Plugins Stored Cross-Site Scripting Vulnerability in Simple Giveaways WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Giveaways WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Giveaways WordPress Plugin LFI Vulnerability in Shopping Cart & eCommerce Store WordPress Plugin Insecure Ticket Ownership Verification in Ruby Help Desk WordPress Plugin Cross-Site Scripting Vulnerability in WP FEvents Book WordPress Plugin Critical Divide By Zero Vulnerability in vim/vim Repository (prior to 9.0.1367) User Impersonation Vulnerability in WP FEvents Book WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 (VDB-222105) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 (customer.php) - VDB-222106 Buffer Clearing Vulnerability in sli_se_driver_key_agreement Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Path Traversal Vulnerability in Delta Electronics InfraSuite Device Master Local Privilege Escalation in Delta Electronics InfraSuite Device Master versions prior to 1.0.5 Authentication Bypass Vulnerability in Delta Electronics InfraSuite Device Master Privilege Escalation Vulnerability in Delta Electronics InfraSuite Device Master Improper Access Control Vulnerability in Delta Electronics InfraSuite Device Master Deserialization Vulnerability in Delta Electronics InfraSuite Device Master Unauthenticated Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Command Injection Vulnerability in Delta Electronics InfraSuite Device Master URL Decoding Vulnerability in Delta Electronics InfraSuite Device Master Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Versions Prior to 1.0.5 Improper Access Control Vulnerability in Delta Electronics InfraSuite Device Master Deserialization Vulnerability in Delta Electronics InfraSuite Device Master Cross-site Scripting (XSS) Vulnerability in FlatPress Blog Software Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 GitHub Repository btcpayserver/btcpayserver Prior to Version 1.8.0: Improper Neutralization of Equivalent Special Elements Vulnerability Uncontrolled Resource Consumption Vulnerability in Series WAGO 750-3x/-8x Products Critical SQL Injection Vulnerability in SourceCodester Electronic Medical Records System 1.0 SQL Injection Vulnerability in Utarit Information Technologies Persolus: Version 2.03.93 and earlier SQL Injection Vulnerability in Pacsrapor: Before 1.22 Reflected XSS Vulnerability in Pacsrapor v1.22 and Earlier Stored Cross-Site Scripting Vulnerability in Cost Calculator Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in SourceCodester Health Center Patient Record Management System 1.0 Denial of Service Vulnerability in finixbit elf-parser (CVE-2022-222222) Unauthorized Access to Dashboard Prompts in Hitachi Vantara Pentaho Business Analytics Server Stored Cross-Site Scripting Vulnerability in Bookly Plugin for WordPress Platform-Dependent Third Party Component Vulnerability in cockpit-hq/cockpit prior to 2.4.0 Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 via ISO 15765 and ISO 10681 Dissector Crash Command Injection Vulnerability in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 (Unsupported) Critical Path Traversal Vulnerability in Unsupported DrayTek Vigor 2960 1.5.1.4/1.5.1.5 Critical Authorization Vulnerability in KylinSoft kylin-activation on KylinOS (VDB-222260) Critical SQL Injection Vulnerability in Zhong Bang CRMEB Java 1.3.4 (VDB-222261) Stored Cross-Site Scripting Vulnerability in USM-Premium WordPress Plugin Unauthorized Access to Security Reports in Merge Requests in Gitlab EE Authenticated Remote Code Execution in AOS-CX Network Analytics Engine Missing Authorization Vulnerability in OoohBoi Steroids for Elementor WordPress Plugin (Versions up to 2.1.4) Critical Heap-based Buffer Overflow in vim/vim Repository (CVE-XXXX-XXXX) Stored Cross-Site Scripting Vulnerability in Bookly WordPress Plugin (Versions up to 21.5) Remote Access Vulnerability in minikube on macOS with Docker Driver Buffer Overflow Vulnerability in vim/vim prior to 9.0.1378 Absolute Path Traversal Vulnerability in mlflow/mlflow (prior to 2.2.2) Path Traversal Vulnerability in mlflow/mlflow prior to 2.2.1 Vulnerability: File Integrity Compromise in GitLab CE/EE Cross-Site Scripting (XSS) Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Health Center Patient Record Management System 1.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository icret/easyimages2.0 prior to 2.6.7 Libreoffice Package Vulnerability: Arbitrary File Write via Crafted ODB Unrestricted Upload Vulnerability in ECshop up to 4.1.8 Unrestricted Upload Vulnerability in ECshop up to 4.1.8 Null Pointer Dereference Vulnerability in FabulaTech Webcam for Remote Desktop 2.8.42 (VDB-222358) Denial of Service Vulnerability in FabulaTech Webcam for Remote Desktop 2.8.42 Denial of Service Vulnerability in FabulaTech Webcam for Remote Desktop 2.8.42 (VDB-222360) Denial of Service Vulnerability in WiseCleaner Wise Folder Hider 4.4.3.202 Buffer Overflow Vulnerability in xiaozhuai imageinfo up to 3.0.3 (VDB-222362) Remote Path Traversal Vulnerability in fastcms Use-After-Free Vulnerability in CIFS in Linux Kernel Use-After-Free Vulnerability in KSMBD Implementation of Linux Kernel Samba Server and CIFS Out-of-Bounds Memory Read Vulnerability in KSMBD Implementation of Samba Server and CIFS in Linux Kernel Use-after-free vulnerability in reconn_set_ipaddr_from_hostname in Linux kernel PHP Object Injection Vulnerability in Advanced Custom Fields (ACF) WordPress Plugins Stored Cross-site Scripting (XSS) Vulnerability in uvdesk/community-skeleton prior to 1.1.0 SQL Injection Vulnerability in Starcities: through 1.3 Cross Site Scripting (XSS) Vulnerability in ehuacui bbs Insecure Access Control in Devolutions Server 2022.3.12 and Below: Unauthorized Access to Secure Messages Permission Bypass via ID Collision in User Vault Import/Synchronization Sensitive Data Exposure in Hub Business Submodule of Devolutions Remote Desktop Manager PowerShell Module Unverified Email Exposure Vulnerability in GitLab CE/EE Cross-Site Request Forgery Vulnerability in NETGEAR Nighthawk WiFi6 Router IPv6 Connection Lookup Table Hash Collision Vulnerability Arbitrary SQL Execution via Import Functionality in HTTP Headers WordPress Plugin Arbitrary File Write Vulnerability in HTTP Headers WordPress Plugin ServiceNow Cross-Site Scripting (XSS) Vulnerability User Email Leakage Vulnerability in GitLab SQL Injection Vulnerability in phpipam/phpipam prior to v1.5.2 Stored Cross-site Scripting (XSS) Vulnerability in phpipam/phpipam prior to v1.5.2 Use After Free Vulnerability in Swiftshader in Google Chrome Type Confusion Vulnerability in V8 Engine Allows Remote Heap Corruption Type Confusion Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome DevTools Stack Buffer Overflow in Crash Reporting in Google Chrome on Windows WebRTC Use After Free Vulnerability in Google Chrome Heap Buffer Overflow in Metrics in Google Chrome Heap Buffer Overflow in UMA in Google Chrome: Remote Code Execution Vulnerability Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome Heap Buffer Overflow in Web Audio API in Google Chrome Cross-Origin Data Leakage in Autofill in Google Chrome on Android Bypassing Navigation Restrictions in Web Payments API in Google Chrome Bypassing Same Origin Policy in Navigation in Google Chrome on iOS Bypassing Content Security Policy in Web Payments API in Google Chrome Use After Free Vulnerability in Google Chrome on Lacros prior to 111.0.5563.64 Bypassing Navigation Restrictions in Google Chrome on Android Bypassing Navigation Restrictions in Google Chrome via Crafted HTML Page Spoofing Vulnerability in Google Chrome Android WebApp Installer Autofill Spoofing Vulnerability in Google Chrome on Android Insufficient Policy Enforcement in Resource Timing in Google Chrome: Information Disclosure Vulnerability Insufficient Policy Enforcement in Resource Timing Allows Information Disclosure via Malicious Chrome Extension Domain Spoofing Vulnerability in Google Chrome on Android Type Confusion Vulnerability in Google Chrome DevTools Origin Spoofing Vulnerability in Google Chrome Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.6 External Parties Can Access Sensitive Data in Starcities: through 1.3 Cross-Site Scripting (XSS) Vulnerability in OTRS Ticket Actions Modules Use-After-Free Vulnerability in Linux Kernel's Core Dump Subsystem Code Injection via ACL Manipulation in OTRS and ((OTRS)) Community Edition SQL Injection Vulnerability in Akinsoft Wolvox (before 8.02.03) Use-after-free vulnerability in Linux kernel's Ext4 File System with overlay FS usage Critical SQL Injection Vulnerability in SourceCodester Health Center Patient Record Management System 1.0 (VDB-222483) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Health Center Patient Record Management System 1.0 (birthing_print.php) Vulnerability Title: Crash Vulnerability in AES-XTS Cipher Decryption on 64-bit ARM Platform Unauthenticated Remote Data Read and Tampering Vulnerability in AVEVA Plant SCADA and AVEVA Telemetry Server Physical Access Vulnerability: Unauthorized BIOS Access and System Compromise Flow-X Firmware Vulnerability: Unauthorized Access to Sensitive Information Stored Cross-Site Scripting Vulnerability in Hotjar Plugin for WordPress Kube-apiserver Authentication Bypass Vulnerability Allows Evasion of SCC Admission Restrictions Silicon Labs Wi-SUN SDK v1.5.0 and Earlier Vulnerability: Exploitable MAC Layer Security Gap Allows Malicious Node to Route Malicious Messages Silicon Labs Wi-SUN Linux Border Router Vulnerability: Exploitable MAC Layer Security Gap Information Exposure Vulnerability in CMP – Coming Soon & Maintenance Plugin for WordPress NULL Pointer Dereference Vulnerability in vim/vim Session Token Leakage Vulnerability in GitLab SQL Injection Vulnerability in Ulkem Company PtteM Kart (Version 2.1 and earlier) Hard-coded Credentials Vulnerability in GitHub Repository alextselegidis/easyappointments prior to 1.5.0 Cross-site Scripting Vulnerability in btcpayserver/btcpayserver prior to 1.8.3 LFI Vulnerability in ND Shortcodes WordPress Plugin Vulnerability: Local File Inclusion (LFI) in Pricing Tables For WPBakery Page Builder Plugin Cross-Site Scripting (XSS) Vulnerability in SourceCodester Phone Shop Sales Managements System 1.0 Critical SQL Injection Vulnerability in SUL1SS_shop's Order.php Controller Critical Command Injection Vulnerability in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin (VDB-222600) Cross-Site Scripting (XSS) Vulnerability in IBOS up to 4.5.5 via mobil/index.php GitLab URL Redirection Vulnerability Use After Free Vulnerability in Linux Kernel Traffic Control Index Filter (tcindex) Allows Privilege Escalation Reflected Cross-Site Scripting Vulnerability in Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard and Remote Storage Integrations WordPress Plugins Code Injection Vulnerability in GitHub Repository Builderio/qwik (prior to 0.21.0) Signal Handler Race Condition Vulnerability in Mitsubishi Electric India GC-ENET-COM Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 XSL Template Remote Code Execution Vulnerability in ENOVIA Live Collaboration V6R2013xE XML External Entity Injection (XXE) Vulnerability in ENOVIA Live Collaboration V6R2013xE Allows Server File Read Access ImageMagick SVG File Denial of Service Vulnerability Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 (VDB-222645) Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 (CVE-2021-222646) Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (CVE-2021-222647) Critical SQL Injection Vulnerability in SourceCodester File Tracker Manager System 1.0 (VDB-222648) Privilege Escalation Vulnerability in Linux Kernel's io_uring IORING_OP_CLOSE Operation Variable Denial of Service Vulnerability in HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 Cluster Peering Vulnerability in Consul and Consul Enterprise Allows Denial of Service ServiceNow Polaris Layout Reflected XSS Vulnerability Privilege Escalation via Workload Identity and Task API in HashiCorp Nomad 1.5.0 Critical SQL Injection Vulnerability in SourceCodester COVID 19 Testing Management System 1.0 (CVE-2021-222661) Critical SQL Injection Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 (VDB-222662) Cross-Site Scripting (XSS) Vulnerability in SourceCodester File Tracker Manager System 1.0 Unrestricted File Upload Vulnerability in UCMS 1.6 Jinja Template Injection Vulnerability in getattr() Method Arbitrary File Read/Write Vulnerability via Exposed Box Object Exposed resource.db() Accessor Method Allows Code Execution via Jinja Template Smuggling GitHub Repository Authentication Bypass Vulnerability in froxlor/froxlor (prior to 2.0.13) Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (CVE-2021-222697) Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (VDB-222698) Critical SQL Injection Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 (VDB-222699) Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 Unrestricted File Upload Vulnerability in GitHub Repository Cockpit-HQ/Cockpit Prior to 2.4.1 Privilege Escalation Vulnerability in Cloudflared Installer for Windows 32-bit Devices Reflected Cross-Site Scripting (XSS) Vulnerability in osticket/osticket prior to v1.16.6 Stored Cross-site Scripting (XSS) Vulnerability in osTicket GitHub Repository (prior to v1.16.6) Reflected Cross-Site Scripting (XSS) Vulnerability in osticket/osticket prior to v1.16.6 Cross-site Scripting (XSS) Vulnerability in osticket/osticket prior to v1.16.6 Stored Cross-site Scripting (XSS) Vulnerability in osTicket GitHub Repository (prior to v1.16.6) Stored Cross-site Scripting (XSS) Vulnerability in osTicket GitHub Repository (prior to v1.16.6) Critical SQL Injection Vulnerability in lmxcms 1.41 (CVE-2021-222727) Critical SQL Injection Vulnerability in lmxcms 1.41 (VDB-222728) Stored Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Privilege Escalation Vulnerability in apport-cli 2.26.0 and Earlier Authentication Bypass Vulnerability in Netgear RAX30 (AX2400) Unrestricted Upload Vulnerability in Guizhou 115cms 4.2 (VDB-222738) HP Multifunction Printers (MFPs) Vulnerability: Buffer Overflow and Remote Code Execution Risk with HP Workpath Solutions CSRF Vulnerability in Redirection WordPress Plugin CSRF Vulnerability in Redirection WordPress Plugin Allows Unauthorized Deletion of Redirections Unauthenticated Data Loss Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Cache Modification Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Plugin Settings Update Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Attackers Can Disable Caching in RapidLoad Power-Up for Autoptimize Plugin Vulnerability: Unauthorized Data Loss in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Cache Modification Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Unauthenticated Access Control Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin (Versions up to 1.7.1) Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin (Versions up to 1.7.1) Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin Customizer Export/Import WordPress Plugin Unserialized PHP Object Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in Hsycms 3.1 Add Category Module (CVE-2021-222842) Critical OS Command Injection Vulnerability in liferea (VDB-222848) Critical SQL Injection Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 (CVE-2021-222849) Critical SQL Injection Vulnerability in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 (CVE-2021-222853) NULL Pointer Dereference Vulnerability in vim/vim Reflected Cross-Site Scripting Vulnerability in IDAttend's IDWeb Application 3.1.052 and Earlier Critical SQL Injection Vulnerability in SourceCodester Simple Bakery Shop Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Gadget Works Online Ordering System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Gadget Works Online Ordering System 1.0 Critical SQL Injection Vulnerability in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 Critical SQL Injection Vulnerability in unilogies/bumsys (prior to v2.0.2) UI Layer or Frame Rendering Vulnerability in GitHub Repository unilogies/bumsys (prior to v2.0.2) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Computer Parts Sales and Inventory System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-222871) Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-222872) Critical SQL Injection Vulnerability in SourceCodester Yoga Class Registration System 1.0 (VDB-222873) Code Injection Vulnerability in easyappointments prior to 1.5.0 Critical SQL Injection Vulnerability in XHCMS 1.0 (VDB-222874) Denial of Service Vulnerability in TG Soft Vir.IT eXplorer 9.4.86.0 Stack Overflow Vulnerability in Json-smart Unprotected Password-Protected Posts Vulnerability in W4 Post List WordPress Plugin Stored Cross-Site Scripting Vulnerability in WH Testimonials Plugin for WordPress Reflected Cross-Site Scripting in W4 Post List WordPress Plugin Stored Cross-Site Scripting Vulnerability in Solidres WordPress Plugin (Versions up to 0.9.4) Vulnerability: Unauthorized Cache Deletion in WP Fastest Cache Plugin Reflected Cross-Site Scripting Vulnerability in Solidres WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 (VDB-222904) Critical SQL Injection Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 (VDB-223127) Denial of Service Vulnerability in brcmf_get_assoc_ies in Linux Kernel WP Meta SEO Plugin PHAR Deserialization and Remote Code Execution Vulnerability Data Race Vulnerability in Linux Kernel: NULL Pointer Dereference in TIPC Protocol Local Service Registration Vulnerability Arbitrary Code Execution Vulnerability in amzn.thin.pl's setMediaSource Function Offline PIN Brute-Forcing Vulnerability in Amazon Fire TV Stick and Insignia TV with FireOS Privilege Escalation Vulnerability in QEMU's 9pfs Implementation Potential JWT Leakage in Grafana via URL Query Parameter Heap-based Overflow Vulnerability in TA Prior to Version 5.7.9: Remote Alteration of Page Heap in macmnsvc Process Memory Block Command Injection Vulnerability in TP-Link Archer AX21 (AX1800) Firmware Linux Kernel TIPC Module Remote Denial of Service Vulnerability Unrestricted Upload Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (VDB-222978) Critical Unrestricted Upload Vulnerability in SourceCodester Online Pizza Ordering System 1.0 (VDB-222979) Use-After-Free Vulnerability in X.Org Server Overlay Window Critical SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (VDB-222981) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Yoga Class Registration System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Student Management System 1.0 (profile.php) Critical Path Traversal Vulnerability in XiaoBingBy TeaCMS 2.0 (VDB-222985) Untrusted Data Deserialization Vulnerability in N6854A Geolocation Server versions 2.4.2 Stored Cross-Site Scripting Vulnerability in Modern Events Calendar Lite WordPress Plugin GitLab DAST Scanner Authorization Cookie Leakage Vulnerability Role-Based Access Control Vulnerability in Course Participation Report Stored Cross-Site Scripting Vulnerability in Weaver Xtreme Theme for WordPress Stored Cross-Site Scripting Vulnerability in Weaver Show Posts Plugin for WordPress (Versions up to 1.6) Unserialized PHP Object Injection in Formidable Forms WordPress Plugin Remote Code Execution Vulnerability in JetEngine WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 SQL Injection Vulnerability in Video List Manager WordPress Plugin Insecure Client Certificate Validation in MongoDB Server on Windows and macOS Stored XSS Vulnerability in Grafana's Graphite FunctionDescription Tooltip Privilege Escalation via Improper Access Control in Cloudflare WARP Client for Windows Reflected Cross-Site Scripting Vulnerability in WP VR WordPress Plugin Arbitrary Tour Update Vulnerability in WP VR WordPress Plugin Critical Unrestricted Upload Vulnerability in Simple Art Gallery 1.0 (VDB-223126) Critical SQL Injection Vulnerability in Simple Art Gallery 1.0 (VDB-223128) Unauthorized User Exploits Vulnerability to Add Child Epics in Unrelated GitLab Groups Cross-Site Scripting (XSS) Vulnerability in SourceCodester Friendly Island Pizza Website and Ordering System 1.0 Reflected Cross-Site Scripting in Ajax Search Lite and Ajax Search Pro WordPress Plugins Reflected Cross-Site Scripting Vulnerability in Mattermost OAuth Flow Completion Endpoints Buffer Overflow Vulnerability in Mitsubishi Electric MELSEC iQ-F and iQ-R Series CPU Modules SQL Injection Vulnerability in Groundhogg WordPress Plugin (Versions before 2.7.9.4) Title: WP Tiles WordPress Plugin 1.1.2 Allows Unauthorized Access to Draft and Private Post Titles Path Traversal Vulnerability in The Photo Gallery by 10Web WordPress Plugin Vulnerability: gRPC C++ Implementation Aborts on Certain HTTP2 Headers Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 Unauthenticated Attackers Can Manipulate Subscriptions in FluentCRM WordPress Plugin (Versions up to 2.7.40) Sensitive Information Exposure in WP Simple Shopping Cart Plugin Improper Access Controls in SourceCodester Online Food Ordering System 2.0 Unrestricted File Upload Vulnerability in SourceCodester Gadget Works Online Ordering System 1.0 Reflected Cross-Site Scripting Vulnerability in Ajax Search Pro WordPress Plugin Jettison JSONArray Construction Vulnerability Untrusted Pointer Vulnerability in Advantech WebAccess/SCADA Critical SQL Injection Vulnerability in SourceCodester Medicine Tracker System 1.0 (VDB-223283) Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 (CVE-2021-223285) Unrestricted Upload Vulnerability in Meizhou Qingyunke QYKCMS 4.3.0 Remote Denial of Service Vulnerability in Filseclab Twister Antivirus 8 Critical Denial of Service Vulnerability in Filseclab Twister Antivirus 8 (VDB-223289) Denial of Service Vulnerability in Filseclab Twister Antivirus 8 (VDB-223290) Denial of Service Vulnerability in Watchdog Anti-Virus 1.4.214.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Medicine Tracker System 1.0 Heap-based Buffer Overflow in GPAC 2.3-DEV-rev35-gbbca86917-master (VDB-223293) Double Free Vulnerability in GPAC 2.3-DEV-rev35-gbbca86917-master Local Denial of Service Vulnerability in MP4v2 2.1.2 (CVE-2021-223295) Denial of Service Vulnerability in MP4v2 2.1.2 (CVE-2021-223296) Critical Buffer Overflow Vulnerability in GPAC 2.3-DEV-rev35-gbbca86917-master (VDB-223297) Critical Local Access Control Vulnerability in Watchdog Anti-Virus 1.4.214.0 (VDB-223298) Critical SQL Injection Vulnerability in jeecg-boot 3.5.0 (VDB-223299) Critical SQL Injection Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (CVE-2021-223304) Critical Remote Authentication Bypass Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (VDB-223306) User-Controlled Key Authorization Bypass Vulnerability in DigiKent: Pre-23.03.20 User-Controlled Key Authorization Bypass in Teampass prior to 3.0.0.23 Critical Remote Code Execution Vulnerability in SourceCodester Medicine Tracker System 1.0 Reflected Cross-Site Scripting Vulnerability in WP EasyPay WordPress Plugin SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (CVE-2021-223325) Critical Path Traversal Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (VDB-223326) Critical SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 Stored Cross-Site Scripting Vulnerability in WP Express Checkout Plugin Stored Cross-Site Scripting Vulnerability in eCommerce Product Catalog Plugin for WordPress SQL Injection Vulnerability in WP Popup Banners Plugin (Versions up to 1.2.5) Cross-Site Request Forgery Vulnerability in RapidLoad Power-Up for Autoptimize WordPress Plugin (Versions up to 1.7.1) Reflected Cross-Site Scripting Vulnerability in MetaSlider WordPress Plugin 3.29.0 Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (VDB-223337) Race Condition in Linux Kernel's mm/mremap Memory Address Space Accounting Source Code Authentication Abuse Vulnerability in HYPR Keycloak Authenticator Extension Path Traversal Vulnerability in Hummingbird WordPress Plugin Unrestricted File Upload Vulnerability in SourceCodester Simple Music Player 1.0 (VDB-223362) Critical SQL Injection Vulnerability in SourceCodester Monitoring of Students Cyber Accounts System 1.0 (VDB-223363) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Monitoring of Students Cyber Accounts System 1.0 Remote Code Injection Vulnerability in HkCms 2.2.4.230206 Critical SQL Injection Vulnerability in XiaoBingBy TeaCMS up to 2.0.2 (VDB-223366) Unrestricted File Upload Vulnerability in xzjie CMS (CVE-2021-223367) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 Improper Access Controls in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54 Denial of Service Vulnerability in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 Denial of Service Vulnerability in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 Critical Local Access Control Vulnerability in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 Critical Local Access Control Vulnerability in Max Secure Anti Virus Plus 19.0.2.1 (VDB-223376) Critical Local Access Control Vulnerability in Max Secure Anti Virus Plus 19.0.2.1 (VDB-223377) Denial of Service Vulnerability in Max Secure Anti Virus Plus 19.0.2.1 (VDB-223378) Denial of Service Vulnerability in Max Secure Anti Virus Plus 19.0.2.1 Critical SQL Injection Vulnerability in IBOS 4.5.5 (VDB-223380) Critical SQL Injection Vulnerability in Rebuild (up to version 3.2.3) - Remote Code Execution Possible Reflected Cross-site Scripting (XSS) Vulnerability in imgproxy/imgproxy prior to 3.14.0 Unrestricted File Upload Vulnerability in SourceCodester Simple and Nice Shopping Cart Script 1.0 (VDB-223397) Critical SQL Injection Vulnerability in Responsive Hotel Site 1.0 Component Newsletter Log Handler Critical SQL Injection Vulnerability in Simple Art Gallery 1.0 (VDB-223399) Cross-Site Scripting (XSS) Vulnerability in Simple Art Gallery 1.0 (adminHome.php) Unrestricted Upload Vulnerability in RockOA 2.3.2 (CVE-2021-223401) SQL Injection Vulnerability in SourceCodester Alphaware Simple E-Commerce System 1.0 (CVE-2021-223406) Critical SQL Injection Vulnerability in SourceCodester Alphaware Simple E-Commerce System 1.0 Critical SQL Injection Vulnerability in SourceCodester Alphaware Simple E-Commerce System 1.0 (VDB-223408) Critical SQL Injection Vulnerability in SourceCodester E-Commerce System 1.0 (CVE-2021-223409) Critical SQL Injection Vulnerability in SourceCodester E-Commerce System 1.0 (CVE-2021-223410) Cross-Site Scripting (XSS) Vulnerability in SourceCodester E-Commerce System 1.0 SQL Injection Vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software GMAce WordPress Plugin Cross-Site Request Forgery Vulnerability Uninitialized Memory Leak in KVM_GET_DEBUGREGS ioctl on 32-bit Systems Certificate Validation Vulnerability in RTU500 Scripting Interface Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 Insecure Permission Assignment Vulnerability in RoboDK Versions 5.5.3 and Prior DOM-based Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.19 Sensitive Credentials Leakage in CP Plus KVMS Pro Versions 2.01.0.T.190521 and Prior Critical SQL Injection Vulnerability in Security Center 5.11.2 Hardware Inventory Report TIOCLINUX ioctl Vulnerability: Command Injection in Snaps on Virtual Consoles Insecure Password Validation in Download Manager WordPress Plugin Stored Cross-Site Scripting Vulnerability in Site Reviews WordPress Plugin Information Disclosure Vulnerability in DesignJet and PageWide XL TAA Compliant Models Cross-site Scripting (XSS) Vulnerability in tsolucio/corebos GitHub Repository Use After Free Vulnerability in Google Chrome Allows Remote Code Execution Heap Corruption via Malicious HID Device in WebHID in Google Chrome Heap Corruption Vulnerability in Google Chrome PDF Rendering Use After Free Vulnerability in ANGLE in Google Chrome Heap Corruption Vulnerability in GPU Video Processing in Google Chrome Use After Free Vulnerability in WebProtect in Google Chrome Heap Corruption Vulnerability in ANGLE in Google Chrome Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository answerdev/answer prior to 1.0.7 Stored Cross-site Scripting (XSS) Vulnerability in GitHub repository answerdev/answer prior to version 1.0.7 GitHub Repository answerdev/answer Prior to 1.0.6 Authentication Bypass Vulnerability Timing Discrepancy Vulnerability in GitHub repository answerdev/answer prior to 1.0.6 GitHub Repository answerdev/answer Prior to 1.0.6: Excessive Authentication Attempts Vulnerability GitHub Repository AnswerDev/Answer Prior to Version 1.0.6: Observable Response Discrepancy Vulnerability Critical Business Logic Errors in GitHub Repository answerdev/answer (prior to 1.0.6) Critical Business Logic Errors in GitHub Repository answerdev/answer (prior to 1.0.6) GitHub Repository answerdev/answer Prior to 1.0.6: Insufficient Session Expiration Vulnerability QEMU Vulnerability: Out-of-Bounds Read and Crash via Paravirtual RDMA Device SQL Injection Vulnerability in Teampass GitHub Repository (nilsteampassnet/teampass) Prior to Version 3.0.0.23 Reflected Cross-Site Scripting in MyCryptoCheckout WordPress Plugin SQL Injection Vulnerability in Elra Parkmatik Improper Privilege Management Vulnerability in EcoStruxure Control Expert (V15.1 and above) PHP Object Injection Vulnerability in Ad Inserter WordPress Plugin Sensitive Information Exposure in NGINX Agent Log Files Deserialization Vulnerability in ToolboxST Prior to Version 7.10 Stored Cross-Site Scripting Vulnerability in Quick Paypal Payments WordPress Plugin Vulnerability: Unauthorized API Access by Banned User in GitLab Critical SQL Injection Vulnerability in SourceCodester Judging Management System 1.0 (VDB-223549) Improper Access Controls in SourceCodester E-Commerce System 1.0 Critical Unrestricted File Upload Vulnerability in Simple and Beautiful Shopping Cart System 1.0 (VDB-223551) Unrestricted Upload Vulnerability in SourceCodester Storage Unit Rental Management System 1.0 Buffer Overflow Vulnerability in TinyTIFF 3.0.0.0 Unrestricted Upload Vulnerability in Simple Online Hotel Reservation System 1.0 Information Disclosure Vulnerability in Mattermost's /plugins/focalboard/api/v2/users API Call Critical SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (CVE-2021-223555) Critical SQL Injection Vulnerability in SourceCodester Air Cargo Management System 1.0 (VDB-223556) Cross-Site Scripting (XSS) Vulnerability in FeiFeiCMS 2.7.130201 Critical SQL Injection Vulnerability in SourceCodester Medical Certificate Generator App 1.0 (VDB-223558) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester E-Commerce System 1.0 Heap-based Buffer Overflow in syoyo tinydng (VDB-223562) Critical SQL Injection Vulnerability in DataGear up to 4.5.0 (VDB-223563) Cross-Site Scripting (XSS) Vulnerability in DataGear up to 1.11.1 (VDB-223564) Cross-Site Scripting Vulnerability in DataGear up to 1.11.1 (VDB-223565) Sensitive Information Disclosure in User Creation Feature of Devolutions Remote Desktop Manager Stored Cross-Site Scripting Vulnerability in Mega Main Menu Plugin for WordPress Critical SQL Injection Vulnerability in pimcore/pimcore GitHub Repository (prior to 10.5.19) Heap-Based Buffer Overflow in bfd_getl64 Function Denial of Service Vulnerability in Devolutions Gateway 2023.1.1 and Earlier Race Condition Vulnerability in Linux Kernel's Memory Management Sub-component NULL Pointer Dereference Vulnerability in io_file_bitmap_get in Linux Kernel Quarkus OIDC Vulnerability: Leakage of ID and Access Tokens in Authorization Code Flow TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File/Directory Deletion TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File Creation NULL Pointer Dereference Vulnerability in Avast and AVG Antivirus for Windows (Fixed in Version 22.11) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-223654) Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-223655) Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 Critical SQL Injection Vulnerability in novel-plus 3.6.2 (VDB-223662) Critical SQL Injection Vulnerability in novel-plus 3.6.2 (VDB-223663) Reflected Cross-Site Scripting Vulnerability in tagDiv Composer WordPress Plugin Unauthenticated Privilege Escalation in tagDiv Cloud Library WordPress Plugin Stored Cross-Site Scripting Vulnerability in Short URL Plugin for WordPress Entry Permission Bypass via ID Collision in Devolutions Server 2022.3.13 and Prior Versions Critical Denial of Service Vulnerability in GitHub Repository radareorg/radare2 (prior to 5.8.6) Critical SQL Injection Vulnerability in DictController.java (novel-plus 3.6.2) - VDB-223736 Critical SQL Injection Vulnerability in novel-plus 3.6.2 (VDB-223737) Critical SQL Injection Vulnerability in Zhong Bang CRMEB Java up to 1.3.4 (VDB-223738) Cross-Site Scripting (XSS) Vulnerability in Zhong Bang CRMEB Java up to 1.3.4 Critical SQL Injection Vulnerability in Rebuild up to 3.2.3 (VDB-223742) Use-After-Free Vulnerability in btrfs_search_slot in Linux Kernel Critical SQL Injection Vulnerability in Rebuild up to 3.2.3 (VDB-223743) Cross Site Scripting (XSS) Vulnerability in Rebuild up to 3.2.3 Stored Cross-Site Scripting Vulnerability in WP Custom Author URL WordPress Plugin SQL Injection Vulnerability in Ultimate Addons for Contact Form 7 Plugin for WordPress (Versions up to 3.1.23) Cross-Site Scripting (XSS) Vulnerability in XiaoBingBy TeaCMS up to 2.0.2 Authentication Bypass Vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server Modules) Mitsubishi Electric MELSEC WS Series WS0-GETH00200 Telnet Authentication Bypass Vulnerability WAGO Devices Multiple Versions Remote DoS Vulnerability Denial of Service Vulnerability in WAGO Devices with CODESYS V2 Runtime GitLab EE Vulnerability: Unauthorized Commit Access from Restricted IP Address CSRF Vulnerability in Custom Post Type UI WordPress Plugin Arbitrary Log File Deletion Vulnerability in WPCode WordPress Plugin OpenStack Heat Information Leak Vulnerability Critical Memory Corruption Vulnerability in Jianming Antivirus 16.2.2022.418 (VDB-224008) Denial of Service Vulnerability in Jianming Antivirus 16.2.2022.418 Null Pointer Dereference Vulnerability in Jianming Antivirus 16.2.2022.418 Critical Memory Corruption Vulnerability in JiangMin Antivirus 16.2.2022.418 (VDB-224011) Denial of Service Vulnerability in JiangMin Antivirus 16.2.2022.418 Null Pointer Dereference Vulnerability in JiangMin Antivirus 16.2.2022.418 (VDB-224013) OpenStack Barbican Local Authenticated Credentials Leak Vulnerability Critical Server-Side Request Forgery Vulnerability in OTCMS 6.72 Cross-Site Scripting (XSS) Vulnerability in OTCMS 6.72's AutoRun Function (CVE-2021-224017) Container Namespace Vulnerability in OpenStack Barbican: Data Exposure Risk in All-in-One Deployments Vulnerability in Linux Kernel X86 CPU Power Management Options Allows Unauthorized Memory Access via Speculative Execution Behavior Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224018) Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (CVE-2021-224019) Local Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224020) Local Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224022) Vulnerability in IObit Malware Fighter 9.4.0.776: Local Denial of Service in ImfHpRegFilter.sys Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224024) Local Denial of Service Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224025) Critical Stack-Based Buffer Overflow Vulnerability in IObit Malware Fighter 9.4.0.776 (VDB-224026) Improper Access Control in calcom/cal.com GitHub Repository (prior to version 2.7) Stored Cross-Site Scripting Vulnerability in AI ChatBot WordPress Plugin Unauthenticated PHP Object Injection in AI ChatBot WordPress Plugin Unauthenticated Access and Cross-Site Scripting (XSS) Vulnerability in AI ChatBot WordPress Plugin Use-after-free vulnerability in nfsd4_ssc_setup_dul in Linux Kernel NFS Filesystem Critical Denial of Service Vulnerability in GitHub Repository gpac/gpac prior to 2.4.0 Heap-based Buffer Overflow in GPAC GitHub Repository Prior to Version 2.4.0 Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector Unauthenticated Stored XSS Vulnerability in AI ChatBot WordPress Plugin Stored Cross-Site Scripting Vulnerability in Display Post Meta, Term Meta, Comment Meta, and User Meta Plugin for WordPress Vulnerability: Forced Browsing Exposes Authenticated Resources in Coverity Versions Prior to 2023.3.2 Vulnerability: Certificate Validation Bypass in Keycloak Excessive Authentication Attempts Vulnerability in GitHub Repository linagora/twake prior to 0.0.0 Critical SQL Injection Vulnerability in SourceCodester Automatic Question Paper Generator System 1.0 NULL Pointer Dereference Vulnerability in libssh during Re-keying with Algorithm Guessing Openvswitch IP Protocol 0 Handling Vulnerability SEOPress WordPress Plugin Unauthenticated PHP Object Injection Vulnerability Use After Free Vulnerability in Linux Kernel Xircom 16-bit PCMCIA Ethernet Driver Pre-Auth Command Injection Vulnerability in Sophos Web Appliance (<=4.3.10.4): Arbitrary Code Execution Race Condition Vulnerability in Tang Server Key Generation and Rotation Critical SQL Injection Vulnerability in SourceCodester School Registration and Fee System 1.0 (VDB-224231) Critical SQL Injection Vulnerability in SourceCodester School Registration and Fee System 1.0 Critical Memory Corruption Vulnerability in DriverGenius 9.70.0.346 (VDB-224233) Vulnerability in DriverGenius 9.70.0.346: Local Denial of Service in IOCTL Handler (VDB-224234) Critical Memory Corruption Vulnerability in DriverGenius 9.70.0.346 (VDB-224235) Critical Memory Corruption Vulnerability in DriverGenius 9.70.0.346 (VDB-224236) Xunrui CMS 4.61 Information Disclosure Vulnerability Xunrui CMS 4.61 Information Disclosure Vulnerability (VDB-224238) Remote Code Execution Vulnerability in Xunrui CMS 4.61 Remote Information Disclosure Vulnerability in Xunrui CMS 4.61 Unrestricted File Upload Vulnerability in HadSky 7.7.16 (VDB-224241) Critical Command Injection Vulnerability in HadSky up to 7.11.8 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Task Allocation System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 Exception Handling Vulnerability in Communication Framework: Impact on Feature Performance Unauthenticated Access to Window Management Module Allows for Confidentiality Breach File Privilege Escalation Vulnerability in Settings Module: Confidentiality Impact File Privilege Escalation Vulnerability in Settings Module: Confidentiality Impact Exception Handling Vulnerability in Communication Framework: Impact on Feature Performance Critical Vulnerability in Multimedia Video Module: Threat to Availability Improper Handling of Missing Values in Juniper Networks Junos OS Packet Forwarding Engine (PFE) Leads to Denial of Service (DoS) WAGO Multiple Products: Unauthenticated Remote Attackers Can Compromise Systems and Cause Denial of Service Forced Browsing Vulnerability in Rapid7 Nexpose Versions 6.6.186 and Below Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.20 Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.20 Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.20 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.20 Privilege Escalation and Functionality Bypass in Forcepoint F|One SmartEdge Agent on Windows Information Disclosure Vulnerability in HP Enterprise LaserJet and HP LaserJet Managed Printers with FutureSmart version 5.6 and IPsec Enabled Clipboard Command Execution Vulnerability Stack-based Buffer Overflow in Datalogics Library APDFL v18.0.4PlusP1e and Prior Sensitive Information Disclosure in GitLab: Unauthorized Access to Internal Notes Count Remote Authentication Vulnerability in FOXMAN-UN and UNEM Logging Component Hard-coded Security-relevant Constants Vulnerability in deepset-ai/haystack prior to 0.1.30 Arbitrary Code Execution via Insecure Temporary File Creation in Bitrix24 22.0.300 Arbitrary Code Execution via Unsafe Variable Extraction in Bitrix24 22.0.300 Bypassing XSS Sanitization in Bitrix24 22.0.300 via Logic Error in mb_strpos() Bitrix24 22.0.300 Invoice Edit Page Cross-Site Scripting (XSS) Vulnerability Prototype Pollution in Bitrix24 22.0.300: Remote Code Execution via Left Vertical Menu Script Denial-of-Service Vulnerability in Bitrix24 22.0.300 via Improper File Stream Access Unauthenticated Remote Code Execution and File Enumeration in Bitrix24 22.0.300 Arbitrary Code Execution via Lack of Mime Type Response Header in Bitrix24 22.0.300 Arbitrary Command Execution in Yoga Class Registration System v1.0 Arbitrary Command Execution in Yoga Class Registration System v1.0 SQL Injection Vulnerability in Veragroup Mobile Assistant Stored XSS Vulnerability in Faveo Helpdesk Enterprise version 6.0.1 Allows Privilege Escalation Infoline Project Management System: SSRF Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in Proliz OBS Allows Authenticated User to Execute Arbitrary Code Unrestricted File Upload Vulnerability in Fernus Informatics LMS Allows OS Command Injection and SSI Injection Heap-buffer-overflow Vulnerability in LibRaw's raw2image_ex() Function SQL Injection Vulnerability in SupportCandy WordPress Plugin Arbitrary Command Execution in Meinbergs LTOS Versions Prior to V7.06.013 Weakness in Randomness Sampling for Shared Secrets in Kyber and FrodoKEM Denial of Service Vulnerability in Prometheus Server bundled with GitLab Unrestricted Upload Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 (VDB-224622) Critical SQL Injection Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 Critical SQL Injection Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 (VDB-224624) Critical SQL Injection Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 (VDB-224625) Critical SQL Injection Vulnerability in SourceCodester Young Entrepreneur E-Negosyo System 1.0 (VDB-224626) Unrestricted File Upload Vulnerability in SourceCodester Simple and Beautiful Shopping Cart System 1.0 (VDB-224627) Critical SQL Injection Vulnerability in SourceCodester Air Cargo Management System 1.0 (VDB-224628) Remote SQL Injection Vulnerability in jeecg-boot 3.5.0 Critical SQL Injection Vulnerability in IBOS 4.5.5 Component: Report Search Cross-Site Scripting (XSS) Vulnerability in SourceCodester Grade Point Average GPA Calculator 1.0 Critical Unrestricted Upload Vulnerability in IBOS 4.5.5 Uncontrolled Search Path Vulnerability in KMPlayer 4.2.2.73 Cross-Site Scripting Vulnerability in Dreamer CMS up to 3.5.0 Critical SQL Injection Vulnerability in IBOS up to 4.5.4 (VDB-224635) Hard-coded Credentials in Nexx Smart Home Devices: Remote Access and Control Vulnerability Nexx Smart Home Devices: Lack of Access Control in API Execution Nexx Smart Home Devices: Lack of Access Control Allows Unauthorized Actions Insecure WebSocket Server Allows Unauthorized Access to Nexx Smart Home Devices Nexx Smart Home Devices Vulnerability: Unauthorized Registration via MAC Address Insecure Password Requirements in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Cross-Site Scripting (XSS) Vulnerability in GitHub repository thorsten/phpmyfaq prior to 3.1.12 Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Special Element Injection Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Cross-site Scripting Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Privilege Escalation in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13), IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) Wi-Fi Connection Setup Information Disclosure Vulnerability Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13), IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) Wi-Fi Connection Setup Information Disclosure Vulnerability SQL Injection Vulnerability in Akbim Computer Panon Reflected XSS Vulnerability in Akbim Computer Panon Version 1.0.2 and Earlier Stored XSS Vulnerability in Snyk Advisor's Package Health Page Insecure Symmetric Encryption in Tribe29 Checkmk Versions Information Disclosure Vulnerability in SourceCodester Grade Point Average GPA Calculator 1.0 Critical SQL Injection Vulnerability in SourceCodester Grade Point Average GPA Calculator 1.0 (CVE-2021-224671) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Grade Point Average GPA Calculator 1.0 Cross-Site Scripting (XSS) Vulnerability in DataGear up to 4.5.1 Critical Code Injection Vulnerability in Rockoa 2.3.2 Unvalidated Inviter Permission Vulnerability in Mattermost High Availability Configuration Vulnerability: Information Disclosure via User_Updated and Post_Deleted Events SVG Image File Upload Vulnerability in Mattermost Boards Mattermost API Vulnerability: Information Disclosure via createPost API Call Insecure Default Credentials in GajShield Data Security Firewall Firmware Sensitive Information Exposure Vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24, and Helmholz' myREX24 and myREX24.virtual (<=2.13.3) Reflected Cross-Site Scripting Vulnerability in Companion Sitemap Generator WordPress Plugin Unauthenticated Bypass of ACL Authorizations in HashiCorp Nomad and Nomad Enterprise Versions 1.5.0 - 1.5.2 Remote Code Execution in OrangeScrum version 2.0.11 via Unvalidated HTML Content Conversion Critical Remote Authentication Bypass Vulnerability in jeecg-boot 3.5.0 (VDB-224699) Critical SQL Injection Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 (VDB-224700) Cloud-init Log Exposure Vulnerability HTML Payload Triggering Search Timeout in GitLab Insufficient Session Expiration in GitHub Repository Firefly-III/Firefly-III Prior to 6 Improper Input Validation in Firefly III GitHub Repository Information Disclosure Vulnerability in SourceCodester Simple Task Allocation System 1.0 (VDB-224724) SQL Injection Vulnerability in SourceCodester Simple Task Allocation System 1.0 (CVE-2021-224743) Critical SQL Injection Vulnerability in SourceCodester Simple Mobile Comparison Website 1.0 Critical SQL Injection Vulnerability in SourceCodester Police Crime Record Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Police Crime Record Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Gadget Works Online Ordering System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Employee Payslip Generator 1.0 Unrestricted Upload Vulnerability in OTCMS 6.0.1 (VDB-224749) Cross-Site Scripting (XSS) Vulnerability in EyouCMS up to 1.5.4 (CVE-2021-224750) Cross-Site Scripting (XSS) Vulnerability in EyouCMS up to 1.5.4 (CVE-2021-224751) Critical Path Traversal Vulnerability in sjqzhang go-fastdfs up to 1.4.3 Out-of-Bounds Write Vulnerability in tcpdump 4.99.3 SMB Protocol Decoder Vulnerability: Insecure Fallback to HTTP in Docker Desktop Artifactory Integration Redline Router Firmware Authentication Bypass Vulnerability Reflected Cross-Site Scripting in Product Catalog Feed by PixelYourSite WordPress Plugin Reflected Cross-Site Scripting in Product Catalog Feed by PixelYourSite WordPress Plugin Reflected Cross-Site Scripting in WP Inventory Manager WordPress Plugin Cross-Site Request Forgery Vulnerability in Elementor Addons, Widgets and Enhancements – Stax Plugin for WordPress (up to version 1.4.3) Download Manager WordPress Plugin Information Leakage Vulnerability Heap Buffer Overflow in Visuals in Google Chrome Use After Free Vulnerability in Google Chrome Frames Out of Bounds Memory Access in DOM Bindings in Google Chrome File Access Bypass Vulnerability in Google Chrome Extensions Bypassing Download Checking in Safe Browsing in Google Chrome Use After Free Vulnerability in Google Chrome Networking APIs Navigation Spoofing Vulnerability in Google Chrome's Picture In Picture Feature Bypassing Navigation Restrictions in Google Chrome on Android Vulnerability: Use After Free in Vulkan in Google Chrome Out of Bounds Read Vulnerability in Google Chrome Accessibility Heap Buffer Overflow in Google Chrome Browser History Omnibox Content Hiding Vulnerability in Google Chrome Domain Spoofing Vulnerability in Google Chrome Bypassing Navigation Restrictions in FedCM in Google Chrome Unauthorized Disclosure of Issue Notes in GitLab EE Unrestricted Upload Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Centralized Covid Vaccination Records System 1.0 Use-After-Free Vulnerability in Linux Kernel Traffic Control Index Filter (tcindex) Allows Local Privilege Escalation Audit Logging in Mattermost Exposes User Passwords and Hashes Improper Access Control Flaw in Candlepin: Confidentiality and Availability Loss Authentication Bypass Vulnerability in DTS Electronics Redline Router Firmware (Version < 7.17) Vulnerability in Kinetix 5500 Drives: Unauthorized Access via Open Telnet and FTP Ports Reflected Cross-Site Scripting Vulnerability in Ninja Forms Contact Form WordPress Plugin Cross-Site Scripting Vulnerability in GitLab Allows HTML Rendering of XML Files in 'Raw' Mode Authentication Bypass Vulnerability in HYPR Server Legacy APIs Double fget vulnerability in vhost_net_set_backend in Linux kernel Stored Cross-Site Scripting Vulnerability in Product Addons & Fields for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in Sp*tify Play Button for WordPress Plugin Cross-site Scripting (XSS) vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters Unauthenticated Permalink Structure Update Vulnerability in Metform Elementor Contact Form Builder Plugin Unauthenticated Email Functionality Access in Subscribe2 WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (CVE-2021-224985) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224986) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224987) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224988) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224989) Critical SQL Injection Vulnerability in SourceCodester Online Payroll System 1.0 (VDB-224990) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Payroll System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Payroll System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Payroll System 1.0 Remote Session Expiration Vulnerability in SourceCodester Online Graduate Tracer System 1.0 (VDB-224994) Use-After-Free Vulnerability in xgene-hwmon Driver Allows for System Crash and Kernel Information Leak Critical SQL Injection Vulnerability in SourceCodester Air Cargo Management System 1.0 (VDB-224995) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Remote Information Disclosure Vulnerability in SourceCodester Earnings and Expense Tracker App 1.0 (VDB-224997) Use-After-Free Vulnerability in Xen Transport for 9pfs in Linux Kernel Cross-Site Scripting (XSS) Vulnerability in Keysight IXIA Hawkeye 3.3.16.28 Stored Cross-Site Scripting Vulnerability in Limit Login Attempts WordPress Plugin Remote Access Vulnerability in Cloudflare WARP Client for Windows (up to v2023.3.381.0) SQL Injection Vulnerability in Eskom Water Metering Software Path Traversal Vulnerability in FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and Prior Unauthenticated Deletion of YouTube Channels in YourChannel WordPress Plugin Cross-Site Request Forgery Vulnerability in YourChannel WordPress Plugin (up to 1.2.3) Cross-Site Request Forgery Vulnerability in YourChannel WordPress Plugin (up to 1.2.3) Unauthenticated Attackers Can Clear YourChannel Plugin Cache in WordPress Stored Cross-Site Scripting Vulnerability in YourChannel WordPress Plugin Cross-Site Request Forgery Vulnerability in YourChannel WordPress Plugin (up to version 1.2.3) Cross-Site Request Forgery Vulnerability in YourChannel WordPress Plugin (up to 1.2.3) Use-After-Free Vulnerability in Linux Kernel io_uring System SQL Injection Vulnerability in Faturamatik Bircard (before 23.04.05) Privilege Escalation Vulnerability in WP Data Access Plugin for WordPress Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Command Injection Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.3.3 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3.3 Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Improper Access Control in GitHub Repository: thorsten/phpmyfaq (prior to 3.1.12) Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.12 GitHub Repository Authentication Bypass Vulnerability in thorsten/phpmyfaq prior to 3.1.12 Critical Business Logic Errors in phpMyFAQ GitHub Repository (prior to 3.1.12) Arbitrary User Password Reset Vulnerability in Directorist Plugin for WordPress Insecure Direct Object Reference vulnerability in Directorist WordPress Plugin (up to version 7.5.4) allows arbitrary post deletion Reflected Cross-Site Scripting in Tablesome WordPress Plugin Reflected Cross-Site Scripting in Accordion & FAQ WordPress Plugin before 1.9.9 Reflected Cross-site Scripting (XSS) Vulnerability in Sidekiq GitHub Repository Reflected Cross-Site Scripting Vulnerability in Login Configurator WordPress Plugin Puppet Server 7.9.2 Certificate Validation ReDoS Vulnerability Server Side Request Forgery (SSRF) Vulnerability in Getwid – Gutenberg Blocks Plugin for WordPress Insecure Storage of Login Credentials in Atlas Copco Power Focus 6000 Web Server Session ID Number Exposure in Atlas Copco Power Focus 6000 Web Server Insecure Default Connection in Atlas Copco Power Focus 6000 Web Server Avira Network Protection Overflow Vulnerability Bluetooth HCI Host Layer Logic Vulnerability Bluetooth HCI Host Layer Logic Vulnerability: Dangling Reference and Potential RCE Unauthorized Access to Restricted Header Data in SAP HCM Fiori App My Forms (Fiori 2.0) - version 605 Clear Text Logging of OpenID Client Secret in Octopus Server Configuration Stored Cross-Site Scripting Vulnerability in WP Popups WordPress Plugin Heap-based Buffer Overflow in ImageMagick's ImportMultiSpectralQuantum() Function Critical SQL Injection Vulnerability in SourceCodester Simple Mobile Comparison Website 1.0 (VDB-225150) Critical SQL Injection Vulnerability in PHPGurukul BP Monitoring Management System 1.0 Insufficient Capability Check in Getwid – Gutenberg Blocks Plugin for WordPress Allows Unauthorized Data Modification Unrestricted Access to Draft Posts via Blocksy Companion WordPress Plugin Stored Cross-Site Scripting Vulnerability in Limit Login Attempts WordPress Plugin (Versions up to 1.7.1) Stored Cross-Site Scripting Vulnerability in Maps Widget for Google Maps for WordPress Reflected Cross-Site Scripting Vulnerability in Thumbnail Carousel Slider WordPress Plugin Out-of-Bounds Read Vulnerability in tiffcrop Stored Cross-Site Scripting Vulnerability in PowerPress WordPress Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Cross-Site Request Forgery in WP Fastest Cache Plugin Vulnerability: Unauthorized Data Modification in WP Fastest Cache Plugin Vulnerability: Unauthorized Data Modification in WP Fastest Cache Plugin Vulnerability: Unauthorized Data Deletion in WP Fastest Cache Plugin Vulnerability: Unauthorized Data Loss in WP Fastest Cache Plugin Critical Unauthenticated PostgreSQL Injection Vulnerability in PnPSCADA System Authentication Bypass Vulnerability in ROC800-Series RTU Devices: Unauthorized Access and Denial-of-Service Risk Email Address Leakage in GitLab Service Desk Issue Creation Cross-Site Request Forgery (CSRF) Vulnerability in zhenfeng13 My-Blog Blind SSRF Vulnerability in WP Fastest Cache WordPress Plugin Insecure Access Control for OTP Keys in Devolutions Remote Desktop Manager Critical SQL Injection Vulnerability in SourceCodester Simple and Beautiful Shopping Cart System 1.0 Critical SQL Injection Vulnerability in SourceCodester Simple and Beautiful Shopping Cart System 1.0 (VDB-225317) Unrestricted Upload Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical Privilege Escalation Vulnerability in kOps GCE/GCP Provider in Gossip Mode Default Password Vulnerability in Minikube Container Allows Unauthorized SSH Access Memory Corruption and Exploitable Crash Vulnerability in Thunderbird and Firefox ESR Cross-Site Scripting (XSS) Vulnerability in SourceCodester Survey Application System 1.0 Critical Code Injection Vulnerability in taoCMS 3.0.2 (VDB-225330) Cross-Site Scripting (XSS) Vulnerability in PHPGurukul BP Monitoring Management System 1.0 Critical SQL Injection Vulnerability in PHPGurukul BP Monitoring Management System 1.0 Critical SQL Injection Vulnerability in PHPGurukul BP Monitoring Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (CVE-2021-225338) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225341) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225342) Critical Path Traversal Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225345) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225346) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Critical SQL Injection Vulnerability in SourceCodester Best Online News Portal 1.0 Critical SQL Injection Vulnerability in PHPGurukul Bank Locker Management System 1.0 (VDB-225359) Critical SQL Injection Vulnerability in PHPGurukul Bank Locker Management System 1.0 Vulnerability: Unauthorized Access Tokens in GitLab EE Group SAML SSO Remote Code Execution Vulnerability in Illumina Universal Copy Service Deserialization Vulnerability in Keysight N8844A Data Analytics Web Service Vulnerability: Unrestricted IP Address Binding in Illumina Universal Copy Service v2.x Critical SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0 Unrestricted Upload Vulnerability in yuan1994 tpAdmin 1.3.12 (Unsupported) Server-side Request Forgery (SSRF) Vulnerability in yuan1994 tpAdmin 1.3.12 (Unsupported) Heap-based Buffer Overflow in _bfd_elf_slurp_version_tables() in bfd/elf.c Metadata Exposure in GitHub Repository answerdev/answer prior to 1.0.8 GitHub Repository answerdev/answer Prior to 1.0.8 Allows Insertion of Sensitive Information into Sent Data GitHub Repository Vulnerability: Password Aging with Long Expiration in answerdev/answer (prior to 1.0.6) Unvalidated URL Input in Booking Manager WordPress Plugin Allows SSRF Attacks Reflected Cross-Site Scripting Vulnerability in ShiftController Employee Shift Scheduling Plugin for WordPress Vulnerability: Bypassing Password Protection in Web Stories for WordPress Plugin Two-Factor Authentication Bypass in Devolutions Remote Desktop Manager 2022.3.35 and Earlier Avahi Library Vulnerability: Unprivileged User Can Crash Daemon via DBus Call Stored Cross-Site Scripting Vulnerability in Front Editor WordPress Plugin Critical SQL Injection Vulnerability in SourceCodester Sales Tracker Management System 1.0 (VDB-225530) Critical SQL Injection Vulnerability in SourceCodester Complaint Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (CVE-2021-225533) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-225534) Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 Use-after-free vulnerability in btsdio_remove function in Linux Kernel Use-After-Free Vulnerability in ndlc_remove Function of Linux Kernel Denial of Service Vulnerability in Wireshark RPCoRDMA Dissector (Versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12) LISP Dissector Denial of Service Vulnerability GQUIC Dissector Denial of Service Vulnerability in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Additional Function, and HiRDB Structured Data Access Facility Reflected Cross-site Scripting (XSS) Vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x OS Command Injection Vulnerability in SIMULIA 3DOrchestrate Vulnerability: Incomplete Spectre-BTI Mitigation in Linux Kernel Use After Free/Double Free Vulnerability in libwebp Mattermost Desktop App Server Redirection Vulnerability SSRF Vulnerability in Cisco TelePresence CE and RoomOS Software Allows Bypass of Access Controls Social Login Bypass Vulnerability in Cisco Business Wireless Access Points Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Hardware-based SSL/TLS Cryptography Vulnerability in Cisco ASA and FTD Software Title: Arbitrary Code Execution and DoS Vulnerability in Cisco Small Business RV340, RV340W, RV345, and RV345P Routers Local File Overwrite Vulnerability in Cisco TelePresence CE and RoomOS Software Privilege Escalation Vulnerability in Cisco Secure Email Gateway and Secure Email and Web Manager Vulnerability: Spoofing of Protected Tags in GitLab CE/EE SQL Injection Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cross-Site Request Forgery Vulnerability in Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller Cisco Nexus 9300-FX3 Series Fabric Extender CLI Console Login Bypass Vulnerability Arbitrary Command Execution Vulnerabilities in Cisco Intersight Private Virtual Appliance Cisco Nexus Dashboard Software DNS Denial of Service Vulnerability Command Injection Vulnerability in Cisco Firepower and UCS Series Decryption Vulnerability in Cisco UCS Manager and FXOS Software Backup Configuration Arbitrary Command Execution Vulnerabilities in Cisco Intersight Private Virtual Appliance Authentication Bypass Vulnerability in Cisco IP Phone 7800 and 8800 Series Phones Cross-Site Scripting (XSS) Vulnerability in Cisco BroadWorks Web Management Interface Unauthenticated Execution of Management Commands in Linux Kernel Bluetooth HCI Sockets Implementation Improper Input Validation in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform: Denial of Service Vulnerability Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Authentication Bypass Vulnerability in Cisco Small Business RV042 Series Routers Arbitrary Command Injection Vulnerability in Cisco Small Business Routers RV042 Series Cisco IOS XE Software IPv4 Virtual Fragmentation Reassembly Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco AsyncOS Software for Secure Email and Web Manager Root Privilege Escalation Vulnerability in Cisco IOS XE Software's Meraki Onboarding Feature Base64-encoded malicious code vulnerability in Vision1210 OS v4.3 Build 5, allowing remote code execution via PCOM protocol. Cisco Identity Services Engine (ISE) Web Management Interface XXE Vulnerability SSL/TLS Certificate Handling Vulnerability in Snort 3 Integration with Cisco Firepower Threat Defense Software Heap Buffer Overflow Vulnerability in ClamAV's HFS+ Partition File Parser Cisco Catalyst Switches Denial of Service Vulnerability Elasticsearch Database Access Vulnerability in Cisco SD-WAN vManage Software Arbitrary Command Execution Vulnerability in Cisco IOS XE SD-WAN Software Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Industrial Network Director Static Secret Key Vulnerability in Cisco Industrial Network Director Vulnerability in NETCONF Service of Cisco Network Services Orchestrator (NSO) Allows Remote DoS Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco AnyConnect SSL VPN Feature Privilege Escalation Vulnerability in Cisco CX Cloud Agent Privilege Escalation Vulnerability in Cisco CX Cloud Agent Arbitrary Command Execution Vulnerability in Cisco Small Business RV160 and RV260 Series VPN Routers Privilege Escalation via Key-based SSH Authentication in Cisco StarOS Software Denial of Service Vulnerability in Cisco Webex Room Phone and Cisco Webex Share Devices Unauthorized Configuration Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Software Cisco IOS XR Software BFD Hardware Offload DoS Vulnerability Privilege Escalation Vulnerability in Tenable Tenable.Io, Nessus, and Security Center Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Denial of Service (DoS) Vulnerability in Cisco Packet Data Network Gateway (PGW) ClamAV DMG File Parser XML External Entity Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Nexus Dashboard Web Interface Privilege Escalation Vulnerability in Cisco DNA Center Management API Cisco Access Point Management CLI Denial of Service Vulnerability Bypassing URL Reputation Filters in Cisco Email Security Appliance Cisco Unified Intelligence Center Web-Based Management Interface Reflected XSS Vulnerability Cisco DNA Center PnP Agent Vulnerability: Unauthorized Access to Sensitive Information Race Condition Vulnerability in Linux Kernel's RxRPC Network Protocol Cisco Unified Intelligence Center: Multiple Vulnerabilities Allowing Information Disclosure and SSRF Attacks Cisco Unified Intelligence Center: Multiple Vulnerabilities Allow Information Disclosure and SSRF Attack Vulnerability: Command Execution with Root Privileges in Cisco Firepower Inter-Device Communication Unauthenticated Access to Sensitive Files via GRUB Bootloader in Cisco IOS XR Software Privilege Escalation Vulnerability in Cisco IOx Application Hosting Subsystem Directory Traversal Vulnerability in Cisco IOS XE Software Web UI Denial of Service Vulnerability in Cisco IOS XE Software for Wireless LAN Controllers Cisco Prime Infrastructure Software Reflected XSS Vulnerability Stored XSS Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Web Interface Privilege Escalation and Arbitrary Code Execution in DPT I2O Controller Driver Cisco Firepower Threat Defense (FTD) Software TLS 1.3 Logic Error Denial of Service Vulnerability Vulnerability: Bypassing FTP Inspection in Cisco Products Fragmentation Handling Code Vulnerability in Cisco IOS XE Software Arbitrary File Upload Vulnerability in Cisco RV340, RV340W, RV345, and RV345P Routers Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary Command Execution Vulnerability in Cisco Secure Email Gateway CLI Arbitrary Command Execution Vulnerability in Cisco IOx Application Hosting Environment Arbitrary File Download Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Arbitrary Code Execution and DoS Vulnerabilities in Cisco IP Phone Web Interface Arbitrary Code Execution and DoS Vulnerabilities in Cisco IP Phone Web Interface Linux Kernel udmabuf Device Driver Memory Access Vulnerability Cisco IOS and IOS XE Software: Denial of Service Vulnerability in IPv6 DHCPv6 Relay and Server Features IPv6 DHCPv6 Client Module Denial of Service Vulnerability Vulnerability in Cisco Catalyst 9300 Series Switches: Persistent Code Execution at Boot Time ICMPv6 Inspection Denial of Service Vulnerability Timing Issue Exploit in Cisco Secure Endpoint for Windows with Windows Folder Redirection Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Cisco ASA and FTD Software Denial of Service Vulnerability in ICMPv6 Processing Arbitrary File Download Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Denial of Service Vulnerability in Cisco Finesse VPN-less Reverse Proxy Cisco Nexus 9000 Series Fabric Switches LLDP Memory Leak Vulnerability Stored Cross-Site Scripting Vulnerability in Pretty Url WordPress Plugin Denial of Service Vulnerability in Cisco ASA and FTD Software Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Contact Center Express (Unified CCX) Web Interface Arbitrary Command Injection Vulnerability in Cisco Access Points Software Arbitrary File Deletion Vulnerability in Cisco SDWAN vManage Software Race Condition Vulnerability in Forminator WordPress Plugin Allows Multiple Votes on Polls CAPWAP AP Joining Process Denial of Service Vulnerability Root Account Default Credentials Vulnerability in Cisco Emergency Responder Arbitrary Code Execution Vulnerability in Cisco Secure Network Analytics Arbitrary Code Execution Vulnerability in Cisco Secure Network Analytics Cross-Site Scripting (XSS) Vulnerability in Cisco Webex App for Web File Upload Functionality Privilege Escalation Vulnerability in Cisco Expressway Series and Cisco TelePresence VCS Arbitrary File Deletion and Reading Vulnerabilities in Cisco Identity Services Engine (ISE) Vulnerability: Insufficient Entropy in DRBG for Cisco ASA and FTD Firewalls Denial of Service Vulnerability in Cisco Unified Communications Manager IM & Presence Service GET VPN Vulnerability: Remote Code Execution and Denial of Service SQL Injection Vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) Web Interface Cisco Identity Services Engine (ISE) Web Management Interface Information Disclosure Vulnerability Title: Cisco Access Point Software Vulnerability Allows for Denial of Service Attack Title: Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability Arbitrary File Download Vulnerability in Cisco Firepower Management Center (FMC) Software Vulnerability in Cisco Nexus 3000 and 9000 Series Switches: Unauthorized File Access Insufficient Validation of User-Supplied Input in Cisco Unified Communications Manager: Denial of Service Vulnerability Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Arbitrary Command Execution Vulnerability in Cisco Small Business Routers Cross-Site Scripting (XSS) Vulnerability in Cisco Secure Email and Web Manager Cross-Site Scripting (XSS) Vulnerabilities in Cisco AsyncOS Software for Secure Email and Web Manager Privilege Escalation Vulnerabilities in Cisco EPNM, ISE, and Prime Infrastructure Restricted Shell Privilege Escalation Vulnerabilities in Cisco EPNM, ISE, and Prime Infrastructure Restricted Shell Replay Attack Vulnerability in Cisco Duo Two-Factor Authentication for macOS and Windows Arbitrary Command Execution Vulnerability in Cisco Small Business Routers Unauthenticated Remote Code Execution Vulnerability in Cisco SPA112 2-Port Phone Adapters Multiple Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Web-Based Management Interface Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV320 and RV325 Routers Multiple Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Web-Based Management Interface GitLab CE/EE Vulnerability: Social Engineering Exploit for Cloning Non-Trusted Code Multiple Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Web-Based Management Interface Multiple Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Web-Based Management Interface Stored Cross-Site Scripting (XSS) and Arbitrary File Upload Vulnerabilities in Cisco Webex Meetings Stored XSS Vulnerability in Cisco Webex Meetings Web Interface Stored Cross-Site Scripting (XSS) and Arbitrary File Upload Vulnerabilities in Cisco Webex Meetings Cisco IOS XR Software Image Verification TOCTOU Race Condition Vulnerability Improper Role-Based Access Control in Cisco Secure Workload OpenAPI Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-site Scripting (XSS) Vulnerability in Microweber GitHub Repository Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Reflected XSS Vulnerability in GitLab CE/EE Versions 15.8 - 16.0.2 Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Identity Services Engine (ISE) CLI Command Injection Vulnerabilities Cisco Firepower Management Center (FMC) Software API Rate-Limiting Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Command Injection and Privilege Escalation Vulnerabilities in Cisco Identity Services Engine (ISE) Command Injection and Privilege Escalation Vulnerabilities in Cisco Identity Services Engine (ISE) Path Traversal Vulnerabilities in Cisco Identity Services Engine (ISE) Path Traversal Vulnerabilities in Cisco Identity Services Engine (ISE) Denial of Service Vulnerability in TACACS+ and RADIUS Remote Authentication for Cisco NX-OS Software IS-IS Protocol Denial of Service Vulnerability Server-side Template Injection (SSTI) in Shopware 6 allows Remote Code Execution Cisco ISE CLI Command Injection Vulnerability Arbitrary File Deletion and Reading Vulnerabilities in Cisco Identity Services Engine (ISE) Arbitrary File Deletion and Reading Vulnerabilities in Cisco Identity Services Engine (ISE) Cisco Identity Services Engine (ISE) Web Management Interface File Read and SSRF Vulnerabilities Cisco Identity Services Engine (ISE) Web Management Interface File Read and SSRF Vulnerabilities Cisco ISE CLI Command Injection Vulnerability Cisco Access Point Software Denial of Service Vulnerability Vulnerability in SSL File Policy Implementation of Cisco Firepower Threat Defense Software Allowing Snort 3 Detection Engine Restart Privilege Escalation Vulnerability in Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows HTML Injection Vulnerability in Cisco Catalyst SD-WAN Manager Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Webex Meetings Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business SPA500 Series IP Phones Vulnerabilities in Cisco DNA Center API: Unauthorized Access and Command Execution Vulnerabilities in Cisco DNA Center API: Unauthorized Access and Command Execution Vulnerabilities in Cisco DNA Center API: Unauthorized Access and Command Execution Unauthenticated Remote Attack on Cisco ACI Multi-Site CloudSec Encryption SCP Command Authorization Bypass Vulnerability Cisco ASR 1000 Series Aggregation Services Routers Multicast Leaf Recycle Elimination (mLRE) Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business Switches Cisco Small Business Series Switches Web Interface Remote Code Execution Vulnerability Improper Reference Count Management in Linux Kernel's netdevsim Device Driver Leads to Denial of Service Vulnerability Vulnerability in Cisco IOS XR Software ACL Compression Feature ACL Bypass Vulnerability in Cisco IOS XR Software on MPLS Interfaces Privilege Escalation Vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) Privilege Escalation Vulnerability in Cisco ISE ESR Console Privilege Escalation Vulnerability in Cisco ISE ERS API Arbitrary File Upload Vulnerabilities in Cisco ISE Arbitrary File Upload Vulnerabilities in Cisco ISE HFS+ Filesystem Image Parser Denial of Service Vulnerability Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Cisco Duo Two-Factor Authentication for macOS Vulnerability: Bypassing Secondary Authentication Unauthorized Users Can Schedule Downtimes for Any Host in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) Cisco SNMP Service Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Cisco IOS XE Software for Wireless LAN Controllers: Denial of Service Vulnerability in wncd Stored Cross-Site Scripting Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Cross-Site Scripting (XSS) Vulnerability in Cisco BroadWorks CommPilot Application Software Stored Cross-Site Scripting Vulnerabilities in Cisco Prime Infrastructure and Cisco EPNM Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Clear Text Credential Exposure in Cisco Duo Authentication Proxy Logging Cisco ISE Web Management Interface XSS Vulnerability Command Injection Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.3 Privilege Escalation Vulnerability in Cisco BroadWorks SQL Injection Vulnerability in Cisco Unified Communications Manager and Session Management Edition AutoIt Module Denial of Service Vulnerability in ClamAV Cisco ISE CDP Processing Denial of Service Vulnerability Title: Cisco SD-WAN vManage REST API Authentication Validation Vulnerability Bypassing Rule-Based Traffic Blocking in Cisco Secure Web Appliance Privilege Escalation Vulnerability in Cisco BroadWorks Server Privilege Escalation Vulnerability in Cisco ThousandEyes Enterprise Agent CLI Cisco SPA500 Series ATA Web Management Interface Cross-Site Scripting Vulnerability Arbitrary Command Execution Vulnerabilities in Cisco Firepower Management Center (FMC) Software Vulnerability: Unauthorized Creation of Pipeline Schedules on Protected Branches Arbitrary Command Execution Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Request Forgery Vulnerability in Cisco IP Phone Series with Multiplatform Firmware Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure and Cisco EPNM Web Interface Insufficient Access Control Enforcement in Cisco DNA Center API Requests Privilege Escalation Vulnerability in Cisco ThousandEyes Enterprise Agent Denial of Service (DoS) Vulnerability in Cisco IOS XE Software Denial of Service Vulnerability in Cisco IOS XE Software's L2TP Feature Cisco IMC Web Interface Cross-Site Scripting Vulnerability Directory Traversal Vulnerability in Cisco Duo Device Health Application for Windows Reflected Cross-Site Scripting in Custom 404 Pro WordPress Plugin Vulnerability: Unauthorized Access to Non-Tenant Policies in Cisco APIC Injection Attack Vulnerability in Cisco IOS XE Software Web UI Tomcat Implementation Web Cache Poisoning Vulnerability in Cisco Unified CCX Cisco IOS XR Software Connectivity Fault Management (CFM) Denial of Service Vulnerability Vulnerability: Unvalidated Parameters in Cisco FXOS CLI Allows File Manipulation Privileged Docker Container Access Vulnerability in Cisco IOx Application Hosting Infrastructure Unverified Software Image Installation Vulnerability in Cisco IOS XR Software Unauthenticated Access to Internal HTTP Services in Cisco Intersight Virtual Appliance Forged Credential Vulnerability in Cisco BroadWorks SSO Implementation SQL Injection Vulnerability in Cisco Firepower Management Center (FMC) Software Unauthenticated Access Vulnerability in OpenBlue Enterprise Manager Data Collector Denial of Service Vulnerabilities in Cisco Secure Client Software Denial of Service Vulnerabilities in Cisco Secure Client Software Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager Vulnerability in RADIUS Message Processing Feature of Cisco Identity Services Engine (ISE) Denial of Service Vulnerability in Cisco Firepower Threat Defense Software for Firepower 2100 Series Firewalls Bypassing Access Control Lists in Cisco ASA and FTD Software Cisco Products Vulnerable to Snort Access Control Bypass Vulnerability Bypassing Multiple Certificate Authentication Policy in Cisco ASA and FTD Software Cross-Site Scripting (XSS) Vulnerability in Cisco TelePresence Management Suite (TMS) Software Cross-Site Scripting (XSS) Vulnerability in Cisco TelePresence Management Suite (TMS) Software Sensitive Information Exposure in OpenBlue Enterprise Manager Data Collector Arbitrary Code Execution Vulnerability in Cisco Small Business RV Routers Memory Leak Vulnerability in Cisco Wireless LAN Controller (WLC) AireOS Software Leading to Device Reboot Cisco Catalyst SD-WAN Manager Software SAML API Authentication Bypass Vulnerability Authorization Bypass Vulnerability in Cisco SD-WAN vManage CLI Management Interface Session Management Vulnerability in Cisco Catalyst SD-WAN Manager Multi-Tenant Feature Insufficient Validation of HTTP Requests in Cisco Meeting Server Web Bridge API: Denial of Service Vulnerability Bypassing Access Control Lists in Cisco ASA and FTD Software Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure Web Interface Arbitrary Command Execution Vulnerability in Cisco Prime Infrastructure High CPU Utilization Vulnerability in Cisco Unified Communications Products Stored Cross-Site Scripting (XSS) Vulnerability in Image Protector WordPress Plugin Privilege Escalation Vulnerability in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager CLI Arbitrary File Retrieval Vulnerability in Cisco Catalyst SD-WAN Manager Title: Cisco Catalyst SD-WAN Manager SSH Service DoS Vulnerability Cisco HyperFlex HX Data Platform Web Interface Open Redirect Vulnerability SAML 2.0 Single Sign-On Vulnerability in Cisco ASA and FTD Software Cisco IP Phones Web Management Interface XSS Vulnerability Privilege Escalation Vulnerability in Cisco Unified Communications Software IP Geolocation Rules Bypass Vulnerability in Snort 3 Resource Exhaustion Vulnerability in Cisco Access Point Software Vulnerability in Cisco ASA and FTD Software Allows Brute Force Attacks and Unauthorized SSL VPN Sessions Authentication Bypass Vulnerability in ZM Ajax Login & Register WordPress Plugin (Versions up to 2.0.2) SMB Protocol Preprocessor Bypass and DoS Vulnerability in Cisco Firepower Threat Defense Software SQL Injection Vulnerability in Cisco Prime Infrastructure and Cisco EPNM Web Management Interface Cisco Identity Services Engine Web Interface File Upload Vulnerability Command Injection Vulnerability in Cisco IOS XE Software Privilege Escalation Vulnerability in Cisco AppDynamics PHP Agent Installer Impersonation Vulnerability in Cisco AnyConnect SSL VPN Feature Stored Cross-Site Scripting (XSS) Vulnerability in Call Now Accessibility Button WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in PrePost SEO WordPress Plugin Vulnerability: Metadata Modification in Signed Commits in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in Locatoraid Store Locator Plugin for WordPress Multiple SQL Injection Vulnerabilities in Custom 404 Pro WordPress Plugin Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit Unrestricted File Upload Vulnerability in froxlor/froxlor prior to 2.0.14 Critical SQL Injection Vulnerability in Campcodes Video Sharing Website 1.0 (VDB-225913) Critical SQL Injection Vulnerability in Campcodes Video Sharing Website 1.0 (VDB-225914) Critical SQL Injection Vulnerability in Campcodes Video Sharing Website 1.0 (VDB-225915) Critical SQL Injection Vulnerability in Campcodes Video Sharing Website 1.0 (VDB-225916) Critical SQL Injection Vulnerability in novel-plus 3.6.2 (VDB-225917) Critical SQL Injection Vulnerability in novel-plus 3.6.2 Critical SQL Injection Vulnerability in novel-plus 3.6.2 Remote Code Execution Vulnerability in DataGear up to 4.5.1 SQL Injection Vulnerability in Control iD RHiD 23.3.19.0 Edit Handler Cross-Site Scripting (XSS) Vulnerability in Control iD iDSecure 4.7.29.1 SQL Injection Vulnerability in Ipekyolu Software Auto Damage Tracking Software SQL Injection Vulnerability in Yontem Informatics Vehicle Tracking System (Version < 8) Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (VDB-225932) Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (VDB-225933) Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (VDB-225934) Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 Use-After-Free Vulnerability in SNP Guest Context Page Management Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 Improper Access Control in ASP Bootloader: Stack-Based Buffer Overrun Vulnerability TOCTOU Vulnerability in ASP Bootloader: Tampering with SPI ROM Records Insufficient Input Validation in ASP Allows for Denial of Service via Malicious BIOS ASP TOCTOU Vulnerability: Buffer Bounds Write and Integrity Loss ASP Out of Bounds Write Vulnerability ASP Bootloader: Insufficient Syscall Input Validation Vulnerability ASP Bootloader Vulnerability: Insufficient Input Validation Exposes Memory Contents Out-of-Bounds Memory Read Vulnerability in ASP Bootloader SMU Memory Exfiltration Vulnerability SMU Vulnerability: Insufficient Bound Checks Leading to Denial of Service Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (CVE-2021-225938) BIOS Mailbox Message Input Validation Vulnerability SMU Vulnerability: Insufficient Bound Checks Leading to Denial of Service SMU Input Validation Vulnerability: Resource Locking Denial of Service DRAM Address Validation Vulnerability in SMU Critical SQL Injection Vulnerability in Campcodes Advanced Online Voting System 1.0 (VDB-225939) Cross-Site Scripting (XSS) Vulnerability in Campcodes Advanced Online Voting System 1.0 Arbitrary Code Execution Vulnerability in CpmDisplayFeatureSmm Insufficient Validation of IOCTL Input Buffer in AMD μProf: Windows Denial of Service Vulnerability Privilege Escalation Vulnerability in AmdCpmOemSmm Privilege Escalation through Insufficient Control Flow Management in AmdCpmGpioInitSmm Critical Code Injection Vulnerability in DedeCMS up to 5.7.87 (CVE-2021-225941) Insufficient Validation of IOCTL Input Buffer in AMD Ryzen™ Master: Windows Crash and Denial of Service Vulnerability Insufficient Validation of IOCTL Input Buffer in AMD μProf: Windows Denial of Service Vulnerability Insufficient Validation in AMD uProf IOCTL Input Buffer Allows Arbitrary Kernel Execution SMM Code Vulnerability: Local Privilege Escalation Insufficient Validation in AMD Ryzen™ Master IOCTL Input Buffer: Confidentiality Loss and Arbitrary Kernel Execution Vulnerability SMM Code Vulnerability: Local Privilege Escalation Address Validation Vulnerability in ASP with SNP Enabled Improper Signature Verification in RadeonTM RX Vega M Graphics Driver for Windows Improper Signature Verification in RadeonTM RX Vega M Graphics Driver for Windows AMD CPU Side Channel Vulnerability: Exploiting Return Address Prediction for Information Disclosure Cross-Site Scripting (XSS) Vulnerability in EyouCms 1.5.4 Configuration State Machine Vulnerability Race Condition Vulnerability in SMM Code: CVE-2018-8897 Debug Exception Delivery Vulnerability in SEV-SNP Guests Power Side-Channel Vulnerability in AMD Processors: Potential Leak of Sensitive Information AMD SPI Protection Feature Vulnerability Cross-Site Scripting (XSS) Vulnerability in EyouCms up to 1.6.2 Power Side-Channel Vulnerability in AMD Processors: Potential Leak of Sensitive Information Escalation of Privilege Vulnerability in Radeon™ Software Crimson ReLive Edition SMM Access Control Vulnerability: Potential Arbitrary Code Execution via SPI Flash Access Speculative Data Leakage Vulnerability on AMD Processors Voltage Fault Injection Attack on ASP Secure Boot: Exploiting Device Vulnerability for Arbitrary Code Execution Path Traversal Vulnerability in DedeCMS 5.7.87 (VDB-225944) INVD Instruction Vulnerability in AMD CPUs: Potential Memory Integrity Loss in Guest Virtual Machines Zen 2 CPU Vulnerability: Potential Information Disclosure under Microarchitectural Circumstances DXE Driver Variable Initialization Vulnerability SMM Supervisor Vulnerability: Exploitable Input Validation Issue DXE Driver Vulnerability: Improper Variable Initialization Allows Local Information Leakage Improper Privilege Management in AMD Radeon™ Graphics Driver Allows for Arbitrary Code Execution FTP Weak Password Requirements Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R and iQ-F EtherNet/IP Modules Integer Overflow Vulnerability in ged: Local Privilege Escalation without User Interaction (Patch ID: ALPS07494107; Issue ID: ALPS07494107) Potential Out of Bounds Write Vulnerability in ged (Patch ID: ALPS07494067; Issue ID: ALPS07494067) Out of Bounds Read Vulnerability in keyinstall Possible Out of Bounds Read Vulnerability in apusys Race condition vulnerability in ccu allows for local privilege escalation Race condition vulnerability in display drm allows for local privilege escalation Possible Out of Bounds Read Vulnerability in CCU Hard-coded Password Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R and iQ-F EtherNet/IP Modules Race condition vulnerability in display drm allows for local privilege escalation Race Condition Vulnerability in GPU: Local Privilege Escalation without User Interaction Out of Bounds Write Vulnerability in RIL Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Type Confusion Vulnerability in ion: Local Privilege Escalation without User Interaction (Patch ID: ALPS07560720; Issue ID: ALPS07560720) Possible Memory Corruption Vulnerability in VCU with Local Privilege Escalation Possible Memory Corruption Vulnerability in VCU with Local Privilege Escalation Password Exposure Vulnerability in Mitsubishi Electric EtherNet/IP Configuration Tools Possible Escalation of Privilege Vulnerability in adsp Out of Bounds Write Vulnerability in tinysys Improper Locking Vulnerability in ion: Local Escalation of Privilege without User Interaction Out of Bounds Write Vulnerability in Vow (Patch ID: ALPS07628530; Issue ID: ALPS07628530) Race condition vulnerability in adsp allows for local privilege escalation Possible Out of Bounds Write Vulnerability in msdc Out of Bounds Write Vulnerability in pqframework Uncaught Exception in Thermal Leads to Local Privilege Escalation Unrestricted File Upload Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R and iQ-F EtherNet/IP Modules USB Out of Bounds Write Vulnerability USB Out of Bounds Write Vulnerability USB Out of Bounds Write Vulnerability Widevine Vulnerability: Out of Bounds Write Exploit for Local Privilege Escalation Integer Overflow Vulnerability in keyinstall Out of Bounds Write Vulnerability in Display DRM Out of Bounds Write Vulnerability in RIL Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Out of Bounds Write Vulnerability in RIL SQL Injection Vulnerability in Minova Technology eTrace (before 23.05.20) Out of Bounds Write Vulnerability in RIL Out of Bounds Write Vulnerability in RIL with Local Privilege Escalation Out of Bounds Write Vulnerability in RIL Out of Bounds Write Vulnerability in RIL Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Possible Out of Bounds Read Vulnerability in RIL Out of Bounds Read Vulnerability in RIL with Local Information Disclosure User-Controlled Key Authorization Bypass Vulnerability in Armoli Technology Cargo Tracking System Possible Out of Bounds Write Vulnerability in apu Possible Out of Bounds Read Vulnerability in apu Out of Bounds Write Vulnerability in keyinstall Out of Bounds Write Vulnerability in keyinstall Out of Bounds Write Vulnerability in keyinstall Parcel Format Mismatch Vulnerability in mmsdk Allows for Local Code Execution Possible Out of Bounds Write Vulnerability in GenieZone Out of Bounds Write Vulnerability in mtee ISP Out of Bounds Write Vulnerability Allows Local Privilege Escalation Critical Out of Bounds Write Vulnerability in WLAN Vulnerability: Unauthorized Access and Data Modification in Announcement & Notification Banner – Bulletin Plugin for WordPress Integer Overflow Vulnerability in WLAN Allows for Local Information Disclosure Integer Overflow Vulnerability in WLAN Allows for Local Privilege Escalation Integer Overflow Vulnerability in WLAN Allows for Local Privilege Escalation Integer Overflow Vulnerability in WLAN Allows for Local Privilege Escalation Double Free Vulnerability in gz Library Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Out of Bounds Write Vulnerability in Display DRM Vulnerability: Cross-Site Request Forgery in Announcement & Notification Banner – Bulletin Plugin for WordPress Audio Out of Bounds Write Vulnerability Allows Local Privilege Escalation Possible Memory Corruption Vulnerability in VCU: Local Privilege Escalation without User Interaction WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure Potential Out of Bounds Read Vulnerability in WLAN Unauthenticated Remote Code Execution (RCE) via File Upload in File Manager Advanced Shortcode WordPress Plugin Possible Out of Bounds Write Vulnerability in adsp Possible Out of Bounds Write Vulnerability in adsp Integer Overflow Vulnerability in WLAN Allows for Local Privilege Escalation Race condition vulnerability in vdec leads to local privilege escalation Race condition vulnerability in vdec leads to local privilege escalation Race condition vulnerability in display drm allows for local privilege escalation Race condition vulnerability in display drm allows for local privilege escalation Critical Vulnerability: Out of Bounds Read Allows Local Information Disclosure Integer Overflow Vulnerability in WLAN Firmware: Remote Denial of Service Exploit GitLab Vulnerability: Unauthorized Access to CI/CD Variables via Import Project Feature Integer Overflow Vulnerability in WLAN Firmware: Remote Denial of Service Exploit Integer Overflow Vulnerability in WLAN Firmware: Remote Denial of Service Exploit Uncaught Exception in WLAN Firmware: Remote Denial of Service Vulnerability Uncaught Exception in WLAN Firmware: Remote Denial of Service Vulnerability Out of Bounds Write Vulnerability in Preloader Out of Bounds Write Vulnerability in Preloader Out of Bounds Write Vulnerability in Preloader Out of Bounds Read Vulnerability in keyinstall Out of Bounds Read Vulnerability in keyinstall Out of Bounds Write Vulnerability in adsp Widevine Vulnerability: Logic Error Leading to Out of Bounds Write and Local Privilege Escalation Widevine Vulnerability: Logic Error Leading to Out of Bounds Write and Local Privilege Escalation Remote Denial of Service Vulnerability in 5G NRLC due to Invalid Memory Access Possible Out of Bounds Read Vulnerability in apu Possible Out of Bounds Read Vulnerability in apu Possible Out of Bounds Read Vulnerability in apu Possible Out of Bounds Read Vulnerability in apu Out of Bounds Write Vulnerability in RIL Out of Bounds Read Vulnerability in keyinstall Out of Bounds Read Vulnerability in keyinstall Remote Code Execution Vulnerability in Rockwell Automation FactoryTalk View Machine Edition on PanelView Plus Out of Bounds Read Vulnerability in keyinstall Out of Bounds Read Vulnerability in keyinstall Critical Out of Bounds Write Vulnerability in WLAN Critical Out of Bounds Write Vulnerability in WLAN Critical Out of Bounds Write Vulnerability in WLAN Possible DMA Buffer Leak Vulnerability in VCU: Local Information Disclosure without User Interaction Possible Out of Bounds Write Vulnerability in VCU Out of Bounds Read Vulnerability in pqframework Stored Cross-Site Scripting Vulnerabilities in Rockwell Automation PowerMonitor 1000 Out of Bounds Read Vulnerability in pqframework Critical Vulnerability in ISP Allows Local Privilege Escalation without User Interaction Possible Out of Bounds Write Vulnerability in m4u with Local Privilege Escalation Bluetooth Out of Bounds Read Vulnerability Bluetooth Out of Bounds Read Vulnerability Out of Bounds Write Vulnerability in Preloader GPS Location Leak Vulnerability in mnld WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure Critical SQL Injection Vulnerability in Campcodes Online Traffic Offense Management System 1.0 WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure WLAN Out of Bounds Read Vulnerability: Local Information Disclosure Possible Use After Free Vulnerability in VCU with Improper Locking Possible Out of Bounds Write Vulnerability in VCU Possible Out of Bounds Write Vulnerability in VCU Race Condition Vulnerability in VCU Allows Local Privilege Escalation Possible Use After Free Vulnerability in VCU with Improper Locking Possible Out of Bounds Write Vulnerability in VCU Possible Memory Corruption Vulnerability in VCU with Local Privilege Escalation SQL Injection Vulnerability in Campcodes Online Traffic Offense Management System 1.0 Possible Memory Corruption Vulnerability in VCU with Local Privilege Escalation Possible Out of Bounds Read Vulnerability in RIL Out of Bounds Read Vulnerability in RIL with Local Information Disclosure Possible Out of Bounds Write Vulnerability in VCU Possible Use After Free Vulnerability in VCU with Local Privilege Escalation Possible Out of Bounds Write Vulnerability in VCU Possible Out of Bounds Write Vulnerability in VCU Possible Memory Corruption Vulnerability in VCU: Local Denial of Service with System Execution Privileges Out of Bounds Read Vulnerability in Display Module Potential Out of Bounds Write Vulnerability in swpm Critical SQL Injection Vulnerability in Campcodes Online Traffic Offense Management System 1.0 Race condition vulnerability in swpm allows for out-of-bounds write and local information disclosure Out of Bounds Write Vulnerability in Keymange Out of Bounds Write Vulnerability in Keymange Out of Bounds Write Vulnerability in rpmb (Patch ID: ALPS07460390; Issue ID: ALPS07588667) Integer Overflow Vulnerability in keyinstall Allows for Local Privilege Escalation Integer Overflow Vulnerability in keyinstall Allows for Local Privilege Escalation Integer Overflow Vulnerability in keyinstall Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in cmdq Memory Corruption Vulnerability in cmdq Memory Corruption Vulnerability in cmdq Cross-Site Scripting (XSS) Vulnerability in Campcodes Online Traffic Offense Management System 1.0 Possible Out of Bounds Write Vulnerability in apu Out of Bounds Write Vulnerability in RIL GPS Out of Bounds Write Vulnerability Out of Bounds Write Vulnerability in pqframework Type Confusion Vulnerability in ion: Local Privilege Escalation without User Interaction Cross-Site Scripting (XSS) Vulnerability in Campcodes Online Traffic Offense Management System 1.0 Race condition vulnerability in display leading to local privilege escalation Missing Permission Check Vulnerability in Vow: Local Privilege Escalation without User Interaction Missing Permission Check Vulnerability in Vow: Local Privilege Escalation without User Interaction Out of Bounds Read Vulnerability in Display Module Out of Bounds Write Vulnerability in Display Vulnerability: Unauthorized Modification of Data in Buy Me a Coffee – Button and Widget Plugin for WordPress Potential Information Disclosure in keyinstall Memory Corruption Vulnerability in keyinstall Potential Local Information Disclosure Vulnerability in keyinstall Out of Bounds Write Vulnerability in keyinstall Out of Bounds Write Vulnerability in keyinstall Audio Out of Bounds Write Vulnerability Allows Local Privilege Escalation GPS Out of Bounds Write Vulnerability Race Condition Vulnerability in Thermal Module Allows for Local Privilege Escalation Race Condition Vulnerability in Thermal Module Allows for Local Privilege Escalation JPEG Information Disclosure Vulnerability Vulnerability: Cross-Site Request Forgery in Buy Me a Coffee – Button and Widget Plugin for WordPress Out of Bounds Write Vulnerability in NVRAM Possible Memory Corruption Vulnerability in apu with Missing Bounds Check Out of Bounds Write Vulnerability in RIL Memory Corruption Vulnerability with Incorrect Bounds Check in Power Out of Bounds Write Vulnerability in Camera Middleware Possible Out of Bounds Read Vulnerability in PDA Blind SQL Injection Vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal Local Privilege Escalation Vulnerability in imgsys Race Condition Vulnerability in imgsys: Local Privilege Escalation without User Interaction Possible Memory Corruption Vulnerability in imgsys with Local Privilege Escalation Possible Memory Corruption Vulnerability in imgsys with Local Privilege Escalation Out of Bounds Write Vulnerability in imgsys Out of Bounds Write Vulnerability in imgsys Possible Out of Bounds Write Vulnerability in hcp Possible Out of Bounds Write Vulnerability in dpe Out of Bounds Write Vulnerability in OPTEE with Local Privilege Escalation Out of Bounds Write Vulnerability in vdec IOMMU Information Disclosure Vulnerability IOMMU Out of Bounds Write Vulnerability Possible Out of Bounds Write Vulnerability in WLAN Driver Possible Out of Bounds Read Vulnerability in WLAN Service Possible Out of Bounds Write Vulnerability in WLAN Service Possible Out of Bounds Write Vulnerability in WLAN Service Possible Out of Bounds Write Vulnerability in WLAN Service Possible Out of Bounds Write Vulnerability in WLAN Service Possible Out of Bounds Read Vulnerability in WLAN Service CDMA PPP Protocol Out of Bounds Write Vulnerability Cross-Site Scripting Vulnerability in Buy Me a Coffee – Button and Widget Plugin for WordPress Command Injection Vulnerability in WLAN Service Out of Bounds Write Vulnerability in NVRAM Out of Bounds Write Vulnerability in netdagent Out of Bounds Read Vulnerability in cmdq Possible Information Disclosure Vulnerability in Duraspeed Possible Information Disclosure Vulnerability in Duraspeed Possible Local Information Disclosure Vulnerability in CTA Race Condition Vulnerability in IMS Service Allows for Local Privilege Escalation GPS Out of Bounds Write Vulnerability GPS Out of Bounds Write Vulnerability Unauthenticated Users Can Exploit Missing Capability Check in Essential Blocks WordPress Plugin GPS Out of Bounds Write Vulnerability GPS Out of Bounds Write Vulnerability GPS Out of Bounds Write Vulnerability Potential Local Information Disclosure Vulnerability in keyinstall Race Condition Vulnerability in PDA Allows for Local Privilege Escalation Race Condition Vulnerability in Camsys Allows for Local Privilege Escalation Possible Out of Bounds Read Vulnerability in Camsys Out of Bounds Write Vulnerability in Seninf Race condition vulnerability in imgsys leads to local information disclosure with system execution privileges (Patch ID: ALPS07326455; Issue ID: ALPS07326418) Possible Out of Bounds Read Vulnerability in imgsys Unauthenticated Access to Essential Blocks Plugin Settings in WordPress Missing Valid Range Checking Vulnerability in imgsys Out of Bounds Write Vulnerability in imgsys Out of Bounds Write Vulnerability in imgsys_cmdq Out of Bounds Read Vulnerability in imgsys_cmdq Out of Bounds Read Vulnerability in imgsys_cmdq Possible Out of Bounds Read Vulnerability in imgsys Out of Bounds Read Vulnerability in imgsys_cmdq Out of Bounds Read Vulnerability in imgsys_cmdq Out of Bounds Read Vulnerability in imgsys_cmdq Use-after-free vulnerability in imgsys_cmdq allows for local privilege escalation Unauthenticated Access to Essential Blocks Plugin Templates in WordPress Out of Bounds Write Vulnerability in imgsys_cmdq Race condition vulnerability in stc allows for local privilege escalation Vulnerability: Deserialization of Untrusted Data in aEnrich Technology a+HRD MSMQ Interpreter Deserialization of Untrusted Data Vulnerability in aEnrich Technology a+HRD MSMQ Arbitrary File Deletion Vulnerability in VMware Workstation XML External Entity (XXE) Vulnerability in VMware vRealize Orchestrator: Bypassing XML Parsing Restrictions for Information Disclosure and Privilege Escalation CSRF Bypass Vulnerability in VMware vRealize Operations (vROps) Allows Unauthorized Actions Passcode Bypass Vulnerability in VMware Workspace ONE Content Injection Vulnerability in VMware Carbon Black App Control Sensitive Information Leakage via Log File in Spring Vault Unauthenticated Access to Essential Blocks Plugin Template Information Pattern Mismatch Vulnerability in Spring Security with mvcRequestMatcher SpEL Expression DoS Vulnerability in Spring Framework Improper Logout Handling in Spring Security Denial-of-Service (DoS) Vulnerability in Spring Framework Deserialization Vulnerability in VMware Aria Operations for Logs Allows Remote Code Execution as Root Command Injection Vulnerability in VMware Aria Operations for Logs Session ID Logging Vulnerability in Spring Session 3.0.0 ESXi Host Vulnerability: Compromised Host-to-Guest Authentication with VMware Tools Reflected Cross-Site Scripting Vulnerability in NSX-T Stack-based Buffer-Overflow Vulnerability in VMware Workstation and Fusion Bluetooth Device Sharing Cross-Site Request Forgery Vulnerability in Essential Blocks Plugin for WordPress Out-of-Bounds Read Vulnerability in VMware Workstation and Fusion's Bluetooth Device Sharing Functionality Local Privilege Escalation Vulnerability in VMware Fusion Critical Out-of-Bounds Read/Write Vulnerability in VMware Workstation and Fusion SCSI CD/DVD Device Emulation Cloud Foundry Security Bypass Vulnerability in Spring Boot Privilege Escalation Vulnerability in VMware Aria Operations Deserialization Vulnerability in VMware Aria Operations Allows Arbitrary Command Execution Local Privilege Escalation Vulnerability in VMware Aria Operations: Root Access Exploit Inconsistent Volume Detachment Vulnerability in OpenStack Privilege Escalation Vulnerability in VMware Aria Operations Vulnerability: Privilege Escalation in Cloud Foundry Instances with CAPI and Loggregator-Agent Denial of Service Vulnerability in Cloud Foundry Routing Release Versions 0.262.0 and Prior to 0.266.0 Denial-of-Service (DoS) Vulnerability in Spring Boot with Reverse Proxy Cache Insecure Redirect Vulnerability in VMware Workspace ONE Access and VMware Identity Manager Multiple Vulnerabilities in Cloud Foundry Releases Open Redirect Vulnerability in VMware Workspace ONE UEM Console Allows for SAML Response Retrieval and User Impersonation Command Injection Vulnerability in VMware Aria Operations for Networks: Remote Code Execution Risk Authenticated Deserialization Vulnerability in VMware Aria Operations for Networks Information Disclosure Vulnerability in VMware Aria Operations for Networks Critical SQL Injection Vulnerability in SourceCodester Complaint Management System 1.0 Arbitrary File Write Vulnerability in VMware Aria Operations for Networks Information Disclosure Vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment Heap Overflow Vulnerability in vCenter Server's DCERPC Protocol Implementation VMware vCenter Server Use-After-Free Vulnerability Allows Arbitrary Code Execution VMware vCenter Server DCERPC Protocol Out-of-Bounds Write Vulnerability Memory Corruption Vulnerability in VMware vCenter Server Allows Authentication Bypass VMware vCenter Server Out-of-Bounds Read Vulnerability Denial of Service (DOS) Vulnerability in Salt Masters Vulnerability: Git Providers in Salt Masters Prior to 3005.2 or 3006.2 Allow for Wrong Environment Data Access VMware SD-WAN (Edge) Bypass Authentication Vulnerability Critical SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 (VDB-226098) Privilege Escalation through Guest Alias Vulnerability Timing Condition Vulnerability in Harbor Vulnerability: Unauthorized Access to Cloud Foundry Resources via Deactivated Identity Provider Refresh Tokens Potential Arbitrary Activity Launch in getTrampolineIntent of SettingsActivity.java Out of Bounds Write Vulnerability in Mfc_Transceive of phNxpExtns_MifareStd.cpp Silent Permission Bypass Vulnerability in onPackageAddedInternal of PermissionManagerService.java Resource Exhaustion Vulnerability in SettingsState.java Privilege Escalation Vulnerability in RunningTasks.java Critical OS Command Injection Vulnerability in KylinSoft Youker-Assistant on KylinOS (VDB-226099) Permanent Denial of Service Vulnerability in WifiNetworkSuggestionsManager Resource Exhaustion Vulnerability in addPermission of PermissionManagerServiceImpl.java Unauthenticated Access to User Images in AvatarPickerActivity.java Tapjacking/Overlay Attack Vulnerability in Phone Account Settings Activity Permissions Bypass in onSetRuntimePermissionGrantStateByDeviceAdmin Allows Work Profile to Read SMS Messages Possible Local Escalation of Privilege in addOrReplacePhoneAccount of PhoneAccountRegistrar.java Missing Permission Check in getMainActivityLaunchIntent Allows Local Privilege Escalation in Android Potential Local Escalation of Privilege Vulnerability in ResolverActivity.java Possible Elevation of Privilege in getPendingIntentLaunchFlags of ActivityOptions.java Possible Privilege Escalation Vulnerability in getStringsForPrefix Method of Settings.java Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226100) Use-after-free vulnerability in UsbRequest.java allows for local privilege escalation Automatic Granting of Accessibility Services Vulnerability Resource Exhaustion Crash Loop in setMimeGroup of PackageManagerService.java Permissions Bypass in Exported Content Providers of ShannonRcs Biometric Auth Failure Allows Lockscreen Bypass on Android Devices Use After Free Vulnerability in setUclampMinLocked of PowerSessionManager.cpp Missing Permission Check in onParentVisible of HeaderPrivacyIconsController.kt Allows Local Privilege Escalation on Factory Reset Devices Android Manifest Permissions Bypass Vulnerability Use-after-free vulnerability in binder_vma_close in binder.c allows local attackers to escalate privileges on Android via a crafted application that leverages improper locking. Unrestricted Broadcast Intent in sendHalfSheetCancelBroadcast of HalfSheetActivity.java Allows for Nearby BT MAC Address Disclosure Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226101) Resource Exhaustion Vulnerability in pushDynamicShortcut of ShortcutPackage.java Heap Buffer Overflow in avdt_scb_hdl_write_req of avdt_scb_act.cc Improper Input Validation in EditInfoFragment Allows Unauthorized Access to Contacts Use-after-free vulnerability in MediaCodec.cpp allows for local privilege escalation Microphone Privacy Indicator Bypass Vulnerability in ServiceUtilities.cpp Out-of-Bounds Read Vulnerability in Android Deserialization Out-of-Bounds Write Vulnerability in bta_av_rc_disc_done of bta_av_act.cc Use After Free Vulnerability in Android Linux Kernel Use-after-free vulnerability in binder_transaction_buffer_release in binder.c allows local attackers to escalate privileges via crafted input. Improper Locking in looper_backed_event_loop.cpp Allows for Memory Corruption and Local Privilege Escalation Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226102) Improper Crypto Usage in Android Boot Partition Replacement Vulnerability Out of Bounds Write Vulnerability in acc_ctrlrequest_composite of f_accessory.c Unprivileged Audio Recording Vulnerability in openMmapStream of AudioFlinger.cpp Path Traversal Vulnerability in clearApplicationUserData of ActivityManagerService.java Unsafe Deserialization Vulnerability in ChooseTypeAndAccountActivity.java Out-of-bounds Write Vulnerability in phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp Possible Permission Bypass Vulnerability in BluetoothSwitchPreferenceController.java Possible One-Time Permission Bypass in GrantPermissionsViewModel.kt Heap Buffer Overflow in dropFramesUntilIframe of AAVCAssembler.cpp Allows Remote Information Disclosure Possible out of bounds read vulnerability in s2mpg11_pmic_probe of s2mpg11-regulator.c Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226103) Bypassing Background Activity Launch Restrictions via PendingIntent in AlarmManagerActivity Out-of-bounds Write Vulnerability in gatt_process_prep_write_rsp of gatt_cl.cc Out-of-Bounds Write Vulnerability in A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc Bypassing Factory Reset Protection through Incorrect UI Display in onPrimaryClipChanged Out-of-Bounds Write Vulnerability in SDP_AddAttribute of sdp_db.cc Unrestricted Uninstallation of Applications in AppInfoDashboardFragment.java Out of Bounds Write Vulnerability in C2SurfaceSyncObj.cpp Bypass of Factory Reset Protections in onAttach of SettingsPreferenceFragment.java Heap Buffer Overflow in read_paint of ttcolr.c in Android-13 (A-254803162) Guest Users Can Escalate Privileges in AddSupervisedUserActivity Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226104) Improper Input Validation in launchDeepLinkIntentToRight of SettingsHomepageActivity.java Allows for Arbitrary Activity Launch Unsafe PendingIntent in getSliceEndItem of MediaVolumePreferenceController.java allows for foreground activity start from the background, leading to local information disclosure without additional execution privileges needed Parcel Mismatch Vulnerability in WorkSource Allows Local Privilege Escalation Intent Rebroadcast Vulnerability in MediaSessionRecord.java Possible Credential Disclosure in TOFU Flow in ClientModeImpl.java Heap Buffer Overflow in inflate.c: Local Privilege Escalation Vulnerability Out-of-bounds Write Vulnerability in avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Critical SQL Injection Vulnerability in SourceCodester Vehicle Service Management System 1.0 (VDB-226105) Out of Bounds Read Vulnerability in p2p_iface.cpp Possible Local Escalation of Privilege in Android's PermissionManagerServiceImpl.java Out-of-Bounds Read Vulnerability in btm_vendor_specific_evt of btm_devctl.cc Out-of-bounds Read Vulnerability in btm_create_conn_cancel_complete of btm_sec.cc Out-of-bounds Read Vulnerability in btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc Bypassing DISALLOW_CONTENT_CAPTURE Permission in EnableContentCapturePreferenceController.java Improper Input Validation in DefaultAutofillPicker.java Allows for Misleading Default Autofill Application Selection Out-of-bounds Read Vulnerability in btm_ble_read_remote_features_complete of Android Out of Bounds Read Vulnerability in GetNextSourceDataPacket of bta_av_co.cc Cross-Site Scripting (XSS) Vulnerability in SourceCodester Vehicle Service Management System 1.0 Out of Bounds Read Vulnerability in btu_ble_ll_conn_param_upd_evt of btu_hcif.cc Out-of-bounds Read Vulnerability in btu_ble_rc_param_req_evt of btu_hcif.cc Out-of-bounds Read Vulnerability in btm_read_tx_power_complete of btm_acl.cc Out of Bounds Read Vulnerability in btm_ble_rand_enc_complete of btm_ble.cc Out-of-Bounds Read Vulnerability in ParseBqrLinkQualityEvt of btif_bqr.cc Out-of-Bounds Write Vulnerability in BTA_GATTS_HandleValueIndication of bta_gatts_api.cc Out-of-bounds Read Vulnerability in btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc Out of Bounds Read Vulnerability in btm_read_link_quality_complete of btm_acl.cc Out-of-bounds Read Vulnerability in btm_read_rssi_complete of btm_acl.cc Out-of-bounds Read Vulnerability in btm_ble_write_adv_enable_complete of btm_ble_gap.cc Cross-Site Scripting (XSS) Vulnerability in SourceCodester Vehicle Service Management System 1.0 Out of Bounds Read Vulnerability in btm_ble_rand_enc_complete of btm_ble.cc Out-of-bounds Read Vulnerability in btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc Out of Bounds Read Vulnerability in btm_iso_impl.h Uncaught Exception in SnoozeHelper.java Allows Local Privilege Escalation Out of Bounds Write Vulnerability in ufdt_convert.c Bypassing Fingerprint Unlock Logic Error in CustomizedSensor.cpp Persistent Reboot Loop Vulnerability in Android-13 (A-246749764) Persistent Reboot Loop Vulnerability in Android-13 (A-246749702) Persistent Reboot Loop Vulnerability in Android-13 (A-246749936) Persistent Reboot Loop Vulnerability in Android-13 (A-246750467) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Vehicle Service Management System 1.0 Use-after-free vulnerability in MediaCodec.cpp allows for local privilege escalation Potential Local Privilege Escalation in NetworkProviderSettings.java Possible Permission Bypass in getAvailabilityStatus of Transcode Permission Controllers in Android Permission Bypass in Transcode Permission Controllers Allows Local Privilege Escalation Possible Permission Bypass in getAvailabilityStatus of Transcode Permission Controllers in Android Possible Permission Bypass in getAvailabilityStatus of Transcode Permission Controllers in Android Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Absolute Path Traversal Vulnerability in moxi624 Mogu Blog v2 up to 5.2 Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Out of Bounds Read Vulnerability in forceStaDisconnection of hostapd.cpp Out of Bounds Read Vulnerability in p2p_iface.cpp Permission Bypass in Transcode Permission Controllers: Local Privilege Escalation Vulnerability Improper Input Validation in AccountTypePreference.java Allows Misleading User about Installed Accounts Improper Input Validation in InstallStart.java Allows for Installer Package Name Manipulation Use-after-free vulnerability in UnwindingWorker of unwinding.cc allows for local escalation of privilege with System execution privileges needed Heap Buffer Overflow in ih264e_init_proc_ctxt of ih264e_process.c Stored Cross-site Scripting (XSS) Vulnerability in easyappointments prior to 1.5.0 Local Arbitrary Code Execution via Use After Free in registerSignalHandlers Potential Local Privilege Escalation in WifiServiceImpl.java Out of Bounds Write Vulnerability in BufferBlock of Suballocation.cpp Possible Delay of Lockdown Screen in FallbackHome.java Could Lead to Local Escalation of Privilege Out of Bounds Read Vulnerability in ufdt_local_fixup_prop of ufdt_overlay.c Potential Denial of Service Vulnerability in WindowManagerService's updateInputChannel Method Authentication Misconfiguration in PasspointXmlUtils.java Allows Remote Information Disclosure Out-of-Bounds Read Vulnerability in parse_printerAttributes of ipphelper.c Missing Permission Check in UidObserverController.java Allows Local Information Disclosure Stored Cross-site Scripting (XSS) Vulnerability in easyappointments prior to 1.5.0 Double Free Vulnerability in keystore_cli_v2.cpp Allows Local Privilege Escalation Race condition in setPowerMode of HWC2.cpp allows for out-of-bounds read, leading to local information disclosure Heap Buffer Overflow in _ufdt_output_node_to_fdt of ufdt_convert.c Persistent Denial of Service Vulnerability in addNetwork of WifiManager.java Possible Privilege Escalation through SensorService Permissions Bypass in Android Permissions Bypass Vulnerability in BackupHelper.java Allows Privilege Escalation Possible Image Truncation Vulnerability in BitmapExport.java Use after free vulnerability in cs40l2x_cp_trigger_queue_show in cs40l2x.c allows local attackers to escalate privileges via a crafted application. Out of Bounds Read Vulnerability in dumpstateBoard of Dumpstate.cpp Improper Access Control in GitHub Repository alextselegidis/easyappointments Prior to 1.5.0 Out-of-bounds Write Vulnerability in buildCommand of bluetooth_ccc.cc Out of Bounds Write Vulnerability in append_to_params of param_util.c Use After Free Vulnerability in Android Kernel Allows for Local Privilege Escalation Use After Free Vulnerability in Android Kernel Allows for Local Privilege Escalation Out-of-bounds Read Vulnerability in VendorGraphicBufferMeta Initialization Out-of-Bounds Read Vulnerability in cpif Handling of Probe Failures Out-of-Bounds Read Vulnerability in ConvertToHalMetadata of aidl_utils.cc Out of Bounds Read Vulnerability in ConvertToHalMetadata of aidl_utils.cc Out of Bounds Read Vulnerability in handleEvent of nan.cpp Out-of-bounds Read Vulnerability in append_camera_metadata of camera_metadata.c Session Fixation Vulnerability in easyappointments prior to 1.5.0 Out of Bounds Write Vulnerability in load_png_image of ExynosHWCHelper.cpp Out-of-bounds Write Vulnerability in dwc3-exynos.c Out of Bounds Write Vulnerability in setToExternal of ril_external_client.cpp Out of Bounds Read Vulnerability in sms_ExtractCbLanguage of sms_CellBroadcast.c Out-of-Bounds Write Vulnerability in EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c Race condition vulnerability in dit_hal_ioctl of dit.c allows for local privilege escalation in Android kernel, potentially leading to system execution privileges. Possible Memory Corruption Vulnerability in lwis_slc_buffer_free of lwis_device_slc.c Out-of-bounds Write Vulnerability in ProfSixDecomTcpSACKoption of RohcPacketCommon Out-of-bounds Write Vulnerability in lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c Out-of-Bounds Read Vulnerability in EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c Insecure Password Requirements in GitHub Repository janeczku/calibre-web prior to 0.6.20 Out of Bounds Read Vulnerability in sms_GetTpPiIe of sms_PduCodec.c Android Kernel Vulnerability: A-229255400 Out of Bounds Read Vulnerability in DoSetTempEcc of imsservice.cpp Out-of-Bounds Read Vulnerability in ParseWithAuthType of simdata.cpp Out of Bounds Read Vulnerability in DoSetPinControl of miscservice.cpp Integer Overflow in fdt_next_tag of fdt.c Allows for Local Privilege Escalation Heap Buffer Overflow in cd_CodeMsg of cd_codec.c in Android Kernel Android Kernel Vulnerability: A-254114726 Hidden Debug Policy Vulnerability in Android Kernel Out of Bounds Write Vulnerability in wl_update_hidden_ap_ie of wl_cfgscan.c Critical SQL Injection Vulnerability in IBOS 4.5.5 (VDB-226110) Out-of-bounds Write Vulnerability in add_roam_cache_list of wl_roam.c Out-of-bounds Write Vulnerability in dhd_prot_ioctcmplt_process of dhd_msgbuf.c Buffer Overflow Vulnerability in rtt_unpack_xtlv_cbfn of dhd_rtt.c Buffer Overflow Vulnerability in rtt_unpack_xtlv_cbfn of dhd_rtt.c Heap Buffer Overflow in get_svc_hash of nan.cpp in Android Kernel Heap Buffer Overflow in createTransmitFollowupRequest of nan.cpp Buffer Overflow Vulnerability in rtt_unpack_xtlv_cbfn of dhd_rtt.c Buffer Overflow Vulnerability in rtt_unpack_xtlv_cbfn of dhd_rtt.c Heap Buffer Overflow in rtt_unpack_xtlv_cbfn of dhd_rtt.c Critical SQL Injection Vulnerability in SourceCodester Judging Management System 1.0 (VDB-226147) Out-of-Bounds Read Vulnerability in btif_rc.cc's register_notification_rsp Logic Error in PackageInstallerService Allows Bypass of Background Activity Launch Restrictions Contact Phone Number Enumeration Vulnerability in NewOutgoingCallIntentBroadcaster.java Privacy Indicator Bypass in CallScreeningServiceHelper: Potential Audio Recording Vulnerability Insecure Hash Vulnerability in buildPropFile of Android Filesystem Out-of-Bounds Write Vulnerability in nci_snd_set_routing_cmd of nci_hmsgs.cc NFC Permissions Bypass Vulnerability in SecureNfcEnabler and SecureNfcPreferenceController Uncaught Exception in PreferencesHelper.java Leads to Boot Loop Vulnerability Logic Error in deliverOnFlushComplete Allows Bypass of Background Activity Launch Restrictions Foreground Service Persistence Vulnerability in ActivityManagerService DOM-based Cross-site Scripting (XSS) Vulnerability in Chatwoot Prior to 2.14.0 Possible boot loop vulnerability in parseUsesPermission of ParsingPackageUtils.java leading to local denial of service Missing Permission Check in AppLocalePickerActivity.java Allows Unauthorized Change of System App Locales Dynamic BroadcastReceiver Registration Vulnerability in retrieveServiceLocked of ActiveServices.java Path Traversal Vulnerability in extractRelativePath of FileUtils.java Missing Permission Check in LayerState.cpp Allows Screen Display Takeover and Content Swap Partial Lockscreen Bypass Vulnerability in canStartSystemGesture of RecentsAnimationDeviceState.java Use-after-free vulnerability in OnWakelockReleased of attribution_processor.cc allows for remote code execution without additional execution privileges needed Arbitrary Activity Launch Vulnerability in Intent.toUriInner Arbitrary Code Loading Vulnerability in AccountManagerService.java Privilege Escalation via PackageInstallerSession Foreground Service Start Local File Exfiltration via Crafted Webpage in Obsidian Desktop Heap Buffer Overflow in inflate.c: Local Privilege Escalation Vulnerability in Android Race condition vulnerability in WVDrmPlugin.cpp allows for local privilege escalation Bypass of Shadow Stack Protection in efi-rt-wrapper.S Uncaught Exception Vulnerability in registerPhoneAccount of PhoneAccountRegistrar.java Missing Permission Check in applySyncTransaction of WindowOrganizer.java Allows Local Information Disclosure Possible Cross-User Media Read Vulnerability in ChooserActivity.java Double Free Vulnerability in adreno_set_param of adreno_gpu.c Missing Permission Check in retrieveAppEntry of NotificationAccessDetails.java Out-of-Bounds Write Vulnerability in sdpu_build_uuid_seq of sdp_discovery.cc Logic Error in AccessibilityService Allows App Hiding and Privilege Escalation SQL Injection Vulnerability in Fast & Effective Popups & Lead-Generation for WordPress Plugin Resource Exhaustion Vulnerability in SnoozeHelper.java Allows for Unauthorized Notification Access Improper Input Validation in PhoneAccountRegistrar.java Allows Local Denial of Service Out-of-bounds Read Vulnerability in AnalyzeMfcResp of NxpMfcReader.cc CVE-2023-21113 CVE-2023-21114 Link Key Type Downgrade Vulnerability in btm_sec_encrypt_change of btm_sec.cc Possible Downgrade Vulnerability in InstallPackageHelper.java Permission Bypass Vulnerability in registerReceiverWithFeature of ActivityManagerService.java Heap Buffer Overflow in unflattenString8 of Sensor.cpp Lateral Movement Vulnerability in M-Files Desktop Component Service Use-after-free vulnerability in cdm_engine.cpp allows for local privilege escalation Improper Input Validation in onResume of AppManagementFragment.java Allows Local Privilege Escalation Missing Permission Check Allows Local Privilege Escalation in Android Bypassing DISALLOW_DEBUGGING_FEATURES Restriction for Tracing Vulnerability Unsafe Deserialization Vulnerability in Android Unsafe Intent Vulnerability in bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java Uninitialized Data Out-of-Bounds Write Vulnerability in NuMediaExtractor.cpp Local Privilege Escalation Vulnerability in AppStandbyController.java Possible local escalation of privilege through background activity launch in getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java Arbitrary JavaScript Injection in Autoptimize WordPress Plugin (CVE-2021-XXXXX) Remote Code Execution Vulnerability in btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc Possible Bypass of Parcel Mismatch Mitigations in checkKeyIntentParceledCorrectly() of ActivityManagerService.java Bypassing Factory Reset Protections in ManagePermissionsActivity.java Bypassing Factory Reset Protections in ManagePermissionsActivity.java Bypassing Factory Reset Protections in ManagePermissionsActivity.java Improper Input Validation in NotificationAccessSettings.java Allows for Local Privilege Escalation Improper Input Validation in JobStore.java Allows for Local Denial of Service on Android Uncaught Exception in JobStore.java Allows Local Persistent Denial of Service in Android Improper Input Validation in onNullBinding of CallRedirectionProcessor.java Allows for Long Lived Connection and Local Privilege Escalation Unsafe Intent in bindPlayer of MediaControlPanel.java allows for arbitrary activity launch in SysUI SQL Injection Vulnerability in NEX-Forms WordPress Plugin Bypassing Factory Reset Protections in ManagePermissionsActivity.java Developer Mode Traces Permissions Bypass Vulnerability Dev Mode Permissions Bypass Vulnerability in Android Local Denial of Service Vulnerability in Android Potential Denial of Service Vulnerability in NotificationContentInflater's doInBackground Method Possible bypass of background launch restrictions in updatePictureInPictureMode of ActivityRecord.java Use After Free Vulnerability in Android Kernel Allows for Local Privilege Escalation Possible UAF Vulnerability in lwis_i2c_device_disable of lwis_device_i2c.c Out of Bounds Read Vulnerability in BuildSetConfig of protocolimsbuilder.cpp Potential Local Privilege Escalation in registerGsmaServiceIntentReceiver of ShannonRcsService.java Out of Bounds Read Vulnerability in handle_set_parameters_ctrl of hal_socket.c Heap Buffer Overflow in Google BMS Kernel Module Allows Local Privilege Escalation Out of Bounds Read Vulnerability in FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc Out of Bounds Read Vulnerability in Do_AIMS_SET_CALL_WAITING of imsservice.cpp Out of Bounds Read Vulnerability in StoreAdbSerialNumber of protocolmiscbuilder.cpp Out of Bounds Read Vulnerability in BuildSetRadioNode of protocolmiscbuilder.cpp Out of Bounds Read Vulnerability in BuildGetRadioNode of protocolmiscbulider.cpp Heap Buffer Overflow in encode of wlandata.cpp in Android Kernel (A-263783137) Heap Buffer Overflow in encode of miscdata.cpp in Android Kernel Out of Bounds Write Vulnerability in simdata.cpp Heap Buffer Overflow in BuildSetTcsFci of protocolmiscbuilder.cpp Out of Bounds Write Vulnerability in simdata.cpp Use-after-free vulnerability in RGXUnbackingZSBuffer in rgxta3d.c allows for arbitrary code execution Arbitrary Code Execution via Use After Free in PMR_ReadBytes of pmr.c Arbitrary Code Execution via Use After Free in DevmemIntMapPMR Arbitrary Code Execution via Use After Free in DevmemIntUnmapPMR Use-after-free vulnerability in RGXBackingZSBuffer of rgxta3d.c allows for arbitrary code execution Missing Bounds Check in setProfileName of DevicePolicyManagerService.java Allows for Local Denial of Service in Android Out of Bounds Read Vulnerability in convertCbYCrY of ColorConverter.cpp Out of Bounds Read Vulnerability in inviteInternal of p2p_iface.cpp Directory Traversal Vulnerability in Image Optimizer by 10web WordPress Plugin Out of Bounds Read Vulnerability in ComposerCommandEngine.h Side Channel Information Disclosure in verifyInputEvent of InputDispatcher.cpp Local Privilege Escalation in WifiCallingSettings.java Missing Permission Check in DataUsageList.java Allows Unauthorized Access to Admin User's Network Activities Guest User Permissions Bypass in isPageSearchEnabled of BillingCycleSettings.java Guest User Mobile Data Permissions Bypass Vulnerability Possible Denial of Service Vulnerability in list_key_entries of utils.rs Missing Permission Check in requestAppKeyboardShortcuts of WindowManagerService.java Allows for App Inference and Local Information Disclosure Race condition vulnerability in installKey of KeyUtil.cpp allows for local information disclosure with system execution privileges (Android-13). Possible Bypass of User Specified WiFi Encryption Protocol in parseSecurityParamsFromXml of XmlUtil.java Insufficient Access Control in Support Ticket Feature in Devolutions Server 2023.1.5.0 and Below: Unauthorized Ticket Submission and Diagnostic File Download Heap Buffer Overflow in xmlParseTryOrFinish of parser.c in Android Possible Heap Buffer Overflow in btm_ble_update_inq_result of btm_ble_gap.cc Out-of-Bounds Read Vulnerability in Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp NFC Tag Data Read Vulnerability in ForegroundUtils of ForegroundUtils.java Possible Permission Bypass in getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java Missing Permission Check in WifiNetworkFactory.java Allows Local Privilege Escalation Out of Bounds Read Vulnerability in LogResponse of Dns.cpp Possible Local Escalation of Privilege in UsbAccessoryUriActivity.onCreate Possible Heap Buffer Overflow in btm_ble_update_inq_result of btm_ble_gap.cc Possible Bypass of Lock Task Mode in startLockTaskMode of LockTaskController.java Reflected Cross-Site Scripting Vulnerability in Responsive Filterable Portfolio Plugin for WordPress Possible vulnerability: Unencrypted Connection Termination Bypass in btm_acl_encrypt_change of Android Possible bypass of notification hide preference in fixNotification method of NotificationManagerService.java Improper Input Validation in setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java Allows Local Privilege Escalation Integer Overflow Vulnerability in VideoFrame of VideoFrame.h Out of Bounds Read Vulnerability in gatt_dbg_op_name of gatt_utils.cc Out-of-bounds Read Vulnerability in btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc Out-of-bounds Read Vulnerability in btm_ble_batchscan_filter_track_adv_vse_cback of Android Bluetooth Server Out-of-bounds Read Vulnerability in btm_acl_process_sca_cmpl_pkt of Android Out of Bounds Read Vulnerability in btif_sdp_server.cc Out-of-bounds Read Vulnerability in btu_ble_proc_ltk_req of btu_hcif.cc Reflected Cross-Site Scripting Vulnerability in Thumbnail Carousel Slider Plugin for WordPress Out-of-bounds Read Vulnerability in on_remove_iso_data_path of btm_iso_impl.h Possible Out of Bounds Read in btif_sdp_server.cc Could Lead to Remote Denial of Service Out of Bounds Read Vulnerability in btm_delete_stored_link_key_complete of Android Bluetooth Stack Out of Bounds Read Vulnerability in startWpsPbcInternal of sta_iface.cpp Potential Out of Bounds Read Vulnerability in Android WiFi Server Out of Bounds Read Vulnerability in startWpsPinDisplayInternal of sta_iface.cpp Out-of-Bounds Read Vulnerability in initiateVenueUrlAnqpQueryInternal of sta_iface.cpp Out of Bounds Read Vulnerability in initiateTdlsSetupInternal of sta_iface.cpp Out-of-Bounds Read Vulnerability in setCountryCodeInternal of sta_iface.cpp Out-of-Bounds Read Vulnerability in sta_iface.cpp Allows for Local Privilege Escalation HTML Injection in Vault's Key-Value v2 (kv-v2) Diff Viewer Out of Bounds Read Vulnerability in initiateHs20IconQueryInternal of sta_iface.cpp Heap Buffer Overflow Vulnerability in Android-13 Allows Local Information Disclosure Out of Bounds Read Vulnerability in Android Wifi Server Out of Bounds Read Vulnerability in initiateTdlsTeardownInternal of sta_iface.cpp Out of Bounds Read Vulnerability in addGroupWithConfigInternal of p2p_iface.cpp Race condition in DevmemIntAcquireRemoteCtx of devicemem_server.c allows for arbitrary code execution and local privilege escalation in the kernel Arbitrary Code Execution via Use After Free in PMRChangeSparseMemOSMem Integer Overflow in PMRWritePMPageList: Local Privilege Escalation without User Interaction Out of Bounds Write Vulnerability in PMRChangeSparseMemOSMem of physmem_osmem_linux.c Insecure Default Value in Android Kernel Allows Remote Information Disclosure over Cellular Networks Reflected Cross-Site Scripting Vulnerability in Image Optimizer by 10web WordPress Plugin Insecure Default Value in Android Kernel Allows Remote Information Disclosure over Cellular Networks Out-of-bounds Write Vulnerability in load_dt_data of storage.c Out of Bounds Read Vulnerability in LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c Heap Buffer Overflow in ss_ProcessReturnResultComponent of ss_MmConManagement.c Android Protected Confirmation Screen Bypass Vulnerability Out of Bounds Read Vulnerability in SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c Possible Information Disclosure Vulnerability in HTBLogKM of htbserver.c Out of Bounds Write Vulnerability in PMRChangeSparseMemOSMem of physmem_osmem_linux.c Unsafe PendingIntent in registerServiceLocked allows for local privilege escalation without user interaction Reflected Cross-Site Scripting in WP Inventory Manager WordPress Plugin Unprivileged App Broadcast Vulnerability: Local Information Disclosure in AccessPointPreference.java Unprivileged Application Can Start Non-Exported Activity Vulnerability Unauthenticated Sensor Data Retrieval Vulnerability Uninitialized Data Leak Vulnerability in avrc Potential Local Escalation of Privilege in ChooseLockSettingsHelper.java Lockscreen PIN Bypass Vulnerability in LockSettingsActivity Out-of-bounds Write Vulnerability in aoc_service_set_read_blocked of aoc.c Misleading UI in applyRemoteView of NotificationContentInflater.java allows for foreground service notification hiding and local information disclosure Confused Deputy Vulnerability in visitUris of RemoteViews.java Allows for Image Leakage and Local Information Disclosure Confused Deputy Vulnerability in visitUris of Notification.java Allows Image Data Leakage Across User Boundaries XFS File System Vulnerability: Local Privilege Escalation via Out-of-Bounds Memory Access Resource Exhaustion Vulnerability in Policy.java Integer Overflow in rw_i93_send_to_upper in rw_i93.cc Allows for Local Privilege Escalation Server Impersonation Vulnerability in InsecureEapNetworkHandler Buffer Overflow Vulnerability in validateForCommonR1andR2 of PasspointConfiguration.java Missing Permission Check in visitUris of Notification.java Allows for Local Privilege Escalation Possible Local Escalation of Privilege Vulnerability in KeyguardSecurityContainerController.java Uncaught Exception in ShortcutInfo Allows Unauthorized Retention of Notification Listening Access Bypassing Device Policy Restriction in BluetoothScanningMainSwitchPreferenceController.java Potential Local Privilege Escalation Vulnerability in WifiScanningMainSwitchPreferenceController One-Time Permission Retention Vulnerability in OneTimePermissionUserManager.java Out of Bounds Write Vulnerability in gatt_end_operation of gatt_utils.cc Improper Input Validation in ConfirmDialog.java Allows for VPN Bypass and Local Privilege Escalation Improper Input Validation in validatePassword of WifiConfigurationUtil.java Leads to Local Denial of Service Resource Exhaustion Vulnerability: Local Denial of Service without User Interaction One-Time Permission Persistence Vulnerability in OneTimePermissionUserManager.java Use-after-free vulnerability in binder.c allows for local privilege escalation Arbitrary Activity Launch Vulnerability in SettingsHomepageActivity Unauthenticated Sideload App Vulnerability in InstallPackageHelper.java Overflowing Service Label in Notification Access Permission Dialog Box Race condition vulnerability in startInput of AudioPolicyInterfaceImpl.cpp could lead to false microphone privacy indicator display Possible Out of Bounds Write Vulnerability in OSMMapPMRGeneric of pmr_os.c Improper Memory Access Check in mem_protect.c Allows for Hypervisor Memory Access Root CA Certificates Vulnerability: Remote Information Disclosure without User Interaction Google Play Protection Bypass Vulnerability in killBackgroundProcesses of ActivityManagerService.java Bypassing Lockdown Mode with Screen Pinning Vulnerability Path Traversal Vulnerability in MmsProvider.java Allows for Unauthorized Directory Permission Modification Background Activity Launch Vulnerability with PiP Mode Escalation Out of Bounds Read Vulnerability in parseInputs of ShimPreparedModel.cpp Improper Input Validation in readFrom Method of Uri.java Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in SDP_AddAttribute of sdp_db.cc Out of Bounds Read Vulnerability in convertSubgraphFromHAL of ShimConverter.cpp Bypassing Factory Reset Protections in AdminIntegratedFlowPrepareActivity.java Uninitialized Data Information Disclosure in writeToParcel of CursorWindow.cpp Missing Permission Check in visitUris of RemoteViews.java Allows for Image Disclosure Across Users Microphone Privacy Indicator Logic Error Allows for Local Privilege Escalation Cross-User Media Read Vulnerability in visitUris of RemoteViews.java Possible Permanent DoS Vulnerability in setMediaButtonBroadcastReceiver of MediaSessionRecord.java Failure to Lock Screen After Timeout Vulnerability Out of Bounds Write Vulnerability in TRANSPOSER_SETTINGS of lpp_tran.h Confused Deputy Vulnerability in StatusHints.java Allows for Cross-User Image Disclosure Improper Input Validation in DevicePolicyManager.java Allows Local Denial of Service MediaSessionRecord.java: Local Information Disclosure Vulnerability via Confused Deputy Unauthenticated Image Disclosure Vulnerability in visitUris of RemoteViews.java Type Confusion Vulnerability Allows Remote Code Execution Potential Local Information Disclosure Vulnerability in visitUris of Notification.java Confused Deputy Vulnerability: Local Information Disclosure without User Interaction Race condition vulnerability in MmsProvider.java allows for local denial of service without user interaction Local Information Disclosure Vulnerability in visitUris of Notification.java Local Information Disclosure Vulnerability in openContentUri of ActivityManagerService.java Side Channel Information Disclosure in PackageManagerNative Allows for Local Privilege Escalation without User Interaction Package Disclosure Vulnerability in Slice: Local Information Disclosure without User Interaction Content Provider Installation Check Vulnerability in SliceManagerService App Installation Detection Vulnerability Allows Local Privilege Escalation Factory MAC Address Disclosure Vulnerability in SEPolicy Application Disclosure Vulnerability in Slice: Local Privilege Escalation without User Interaction Package Manager Information Disclosure Vulnerability Critical SQL Injection Vulnerability in SourceCodester Purchase Order Management System 1.0 Side Channel Information Disclosure in PackageManager Allows Unauthorized App Detection App Installation Status Disclosure Vulnerability in ActivityManagerService Package Manager Side Channel Information Disclosure Vulnerability App Installation Detection Vulnerability: Side Channel Information Disclosure App Installation Status Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability Side Channel Information Disclosure in ContentService Allows Reading of Installed Sync Content Providers Bluetooth Permissions Bypass Vulnerability in Android Devices Out of Bounds Read Vulnerability in Composer Allows Local Privilege Escalation Out of Bounds Read Vulnerability in libcore: Local Information Disclosure Vulnerability: OS Command Injection in INEA ME RTU Firmware (Versions < 3.36) Bluetooth Heap Buffer Overflow: Local Privilege Escalation without User Interaction Permissions Bypass Vulnerability in Settings Allows Unauthorized Control of Private DNS Settings Cross-User Media Read Vulnerability in IntentResolver Unauthenticated Call Forwarding Vulnerability in Core Bluetooth Out of Bounds Read Vulnerability: Local Information Disclosure without User Interaction Bluetooth Heap Buffer Overflow: Remote Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability Side Channel Information Disclosure in ContentService Allows App Installation Detection without Query Permissions App Installation Status Information Disclosure Vulnerability Side Channel Information Disclosure in UsageStatsService Allows Reading of Installed 3rd Party Apps DollarMathPostFilter Regular Expression Denial of Service in GitLab CE/EE Side Channel Information Disclosure in Device Policy Allows Unauthorized App Verification Cross-User Settings Disclosure Vulnerability in Package Manager Side Channel Information Disclosure Vulnerability in Activity Manager Package Installer Vulnerability: Unauthorized App Installation Detection and Privilege Escalation App Installation Status Information Disclosure Vulnerability Package Manager Service Information Disclosure Vulnerability Side Channel Information Disclosure in Permission Manager Allows App Installation Detection without Query Permissions Unauthenticated App Detection Vulnerability in Package Installer Unauthenticated Local Information Disclosure in Activity Manager Out of Bounds Memory Access Vulnerability in Google Chrome Service Worker API Overlay Manager Vulnerability: Unauthorized App Installation Detection and Local Information Disclosure InputMethod Vulnerability: App Installation Status Disclosure via Side Channel Information App Installation Status Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability App Ops Service Logic Error: Local Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability Input Method App Detection Vulnerability Unprivileged App Detection Vulnerability in InputMethod Unprivileged App Detection Vulnerability Minikin Vulnerability: Remote Denial of Service via Malicious Message Out of Bounds Memory Access Vulnerability in Google Chrome Service Worker API Telecomm Vulnerability: Unauthorized Call State Disclosure without User Interaction Permission Bypass Vulnerability in Permission Manager Allows Local Privilege Escalation Logic Error in Speech Code Allows Local Privilege Escalation without User Interaction Unsafe PendingIntent in ActivityStarter allows for background activity launch and local privilege escalation without user interaction Job Scheduler Information Disclosure Vulnerability App Installation Status Information Disclosure Vulnerability Side Channel Information Disclosure in Device Idle Controller Allows App Installation Detection without Query Permissions Bluetooth Out of Bounds Read Vulnerability: Remote Information Disclosure without User Interaction Window Manager App Installation Information Disclosure Vulnerability Package Manager Side Channel Information Disclosure Vulnerability Use After Free Vulnerability in Google Chrome DevTools Media Projection Vulnerability: App Installation Detection and Local Information Disclosure Background Activity Launch Vulnerability in Activity Manager Unbounded Read Vulnerability in NFA Allows Local Information Disclosure Remote Information Disclosure Vulnerability in NFA: Missing Bounds Check Package Manager Service Information Disclosure Vulnerability Use-after-free vulnerability in libaudioclient allows for local privilege escalation Bluetooth Out of Bounds Write Vulnerability Enables Remote Code Execution NFC Out of Bounds Read Vulnerability: Local Information Disclosure UWB Google App Masquerade Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Server Out of Bounds Read Vulnerability: Local Information Disclosure Skia Integer Overflow Vulnerability in Google Chrome Bluetooth Out of Bounds Write Vulnerability Allows Local Privilege Escalation Bluetooth Use After Free Vulnerability Allows Code Execution and Privilege Escalation Permanent DoS Vulnerability: Resource Exhaustion Leading to Local Denial of Service Resource Exhaustion Vulnerability in ContactsProvider Resource Exhaustion Vulnerability in Contacts App Allows Local Denial of Service Heap Allocation Pattern Prediction Vulnerability in Scudo Heap Out-of-Bounds Read/Write Vulnerability in Scudo Audio Vulnerability: Out of Bounds Read Allows Local Information Disclosure Settings Usage Access Restriction Toggle Screen Permissions Bypass Vulnerability Heap Buffer Overflow in SQLite in Google Chrome: Remote Code Execution Vulnerability Integer Overflow Vulnerability in Security Element API Allows for Local Privilege Escalation Integer Overflow Vulnerability in Secure Element Allows for Local Privilege Escalation Out of Bounds Read Vulnerability in libdexfile Allows Local Privilege Escalation Telephony Vulnerability: Unauthorized SIM Preference Change Allows Privilege Escalation Factory Reset Protection Bypass Vulnerability in System UI Integer Underflow Vulnerability in Sysproxy Allows for Local Privilege Escalation Telephony Vulnerability: ICCID Retrieval Logic Error SELinux Policy Restriction Bypass and Local Information Disclosure Vulnerability Silent Ring Vulnerability: Local Privilege Escalation in Telecomm Bluetooth Server Out of Bounds Read Vulnerability: Local Information Disclosure Hard-coded Credentials Vulnerability in GitHub Module Prior to 1.6.2 Bluetooth Heap Buffer Overflow: Local Privilege Escalation without User Interaction Local Arbitrary Code Execution Vulnerability in Media Resource Manager Unauthenticated Local Information Disclosure in Content Resolver Unintentional Data Leakage Vulnerability in Settings Prompts Package Manager Permissions Bypass: Unsafe PendingIntent Vulnerability Whitechapel Memory Corruption Vulnerability: Local Information Disclosure without User Interaction Token Leakage Vulnerability in User Backup Manager Allows Bypass of User Confirmation Critical Vulnerability: Privilege Escalation via Settings Restriction Bypass Profile Owner Bypass Vulnerability: Local Privilege Escalation without User Interaction DELMIA Apriso Release 2017-2022: Reflected Cross-site Scripting (XSS) Vulnerability Mobile Preference Restriction Evasion: Local Privilege Escalation via Permission Bypass Remote Denial of Service Vulnerability in Messaging Application Bluetooth Use After Free Vulnerability Allows Local Privilege Escalation SIM Change Vulnerability: Local Privilege Escalation without User Interaction Local Information Disclosure Vulnerability in registerPhoneAccount of TelecomServiceImpl.java Bluetooth Use After Free Vulnerability Enables Remote Information Disclosure Background Activity Launch Vulnerability in Activity Manager Insecure Default Value in Setup Wizard Allows Local Privilege Escalation SDKSandbox Vulnerability: Logic Error Allows Strandhogg Style Overlay Attack for Local Privilege Escalation Cryptographic Assurance Bypass: Logic Error Enables Local Privilege Escalation without User Interaction Server-Side Request Forgery Vulnerability in DELMIA Apriso: Unauthorized Host Requests Kernel Memory Corruption Vulnerability in io_uring.c Integer Overflow Vulnerability in DevmemIntChangeSparse of devicemem_server.c Out of Bounds Read Vulnerability in MMU_UnmapPages of mmu_common.c Uncaught Exception Arbitrary Code Execution Vulnerability in RGXDestroyZSBufferKM Static RSA Key Vulnerability in AXIS OS 11.0.X - 11.3.x OSDP Message Parser Crash Vulnerability in Axis Network Door Controllers and Intercoms Heap-based Buffer Overflow Vulnerability in AXIS A1001 Privileged Escalation Vulnerability: Broken Access Control Allows Operator Account to Gain Administrator Privileges Insecure File Permissions Expose User Credentials in Integration Interface Insufficient File Permissions Allow Unauthorized Access to Administrator Credentials Unsafe .NET Object Deserialization in DELMIA Apriso: Post-Authentication Remote Code Execution Vulnerability Unsanitized User Input in AXIS License Plate Verifier API Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Settings > Access Control Configuration Interface SQL Injection Vulnerability in AXIS License Plate Verifier's search.cgi Remote Code Execution Vulnerability in AXIS OS during ACAP Application Installation Flaw in Secure Boot Protection Allows Sophisticated Device Tampering Attack Vulnerability: Path Traversal Attack in VAPIX API overlay_del.cgi Vulnerability: Denial-of-Service Attack on AXIS OS Dynamic Overlay Configuration Page Vulnerability: Path Traversal in VAPIX API for File/Folder Deletion Vulnerability: Path Traversal Attack in AXIS OS VAPIX API (irissetup.cgi) Insecure Locking Mechanism in Secure Folder Prior to SMR Jan-2023 Release 1 Externally-Controlled Format String Vulnerability in STST TA Prior to SMR Jan-2023 Release 1: Arbitrary Code Execution KnoxCustomManagerService Vulnerability: Unauthorized Access to Device SIM PIN Improper Authorization Vulnerability in semAddPublicDnsAddr in WifiService Unprotected Action Exploit: Unauthorized Control of BLE Advertising in ChnFileShareKit Insufficient Permissions Vulnerability in SemChameleonHelper Local Privilege Escalation Vulnerability in Telecom Application Prior to SMR JAN-2023 Release 1 Vulnerability: Hardcoded AES Key Exposes Cardemulation PIN in NFC Prior to SMR Jan-2023 Release 1 NfcTile Access Control Vulnerability Improper Input Validation Vulnerability in TelephonyUI Allows Unauthorized Configuration of Preferred Call ePDG Vulnerability: Unauthorized Access to SSID via Implicit Intent Cross-Site Scripting Vulnerability in Enable SVG, WebP & ICO Upload WordPress Plugin Out-of-Bound Read Vulnerability in mapToBuffer Function in libSDKRecognitionText.spensdk.samsung.so Library Bixby Vision Data Access Vulnerability Unauthorized Invitation Vulnerability in Smart Things Prior to 1.7.93 Local Privilege Escalation Vulnerability in Galaxy Store JavaScript Execution Vulnerability in Galaxy Store 4.5.49.8 and earlier Fingerprint TA Memory Address Exposure Vulnerability Account ID Exposure Vulnerability in Contacts App Improper Access Control Vulnerability in Phone Application Prior to SMR Feb-2023 Release 1: Local Unauthorized Access to Sensitive Information via Implicit Broadcast Vulnerability: Unauthorized Access to Secure Folder App Preview via HomeScreen Logic Flaw UwbDataTxStatusEvent Input Validation Vulnerability Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 (VDB-226265) Screen Capture Vulnerability in WindowManagerService Data Authenticity Verification Bypass Vulnerability in Android Q(10), R(11), and S(12) Improper Access Control Vulnerability in Runestone Application Allows Unauthorized Device Location Access Cryptographic Vulnerability in Samsung Flow for Android: Message Decryption and Command Injection Cryptographic Vulnerability in Samsung Flow for PC 4.9.14.0 Allows Message Decryption and Command Injection Improper Access Control Vulnerability in MyFiles Allows Local Attackers to Write Files via Implicit Intent Local File Access Vulnerability in MyFiles App Improper Access Control Vulnerability in Samsung Cloud: Local Privilege Escalation via Implicit Intent Path Traversal Vulnerability in Samsung Cloud Allows Unauthorized Access to PNG File Improper Access Control Vulnerability in Call Application Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 (VDB-226266) Unauthenticated Access to Owner's Widget in One Hand Operation + (prior to version 6.1.21) SECRIL Stack-based Overflow Vulnerability in IpcRxEmbmsSessionList Bluetooth Implicit Intent Vulnerability: Unauthorized Access to Connected Device MAC Address SoftSim TA Vulnerability: Improper Input Validation Allows Local Access to Protected Data Lockscreen Vulnerability in Samsung Keyboard Allows Unauthorized Access to Text History Insecure Authorization Implementation in Exynos Baseband: Exploiting Unencrypted Message Handling Galaxy Themes Service Path Traversal Vulnerability Bluetooth File Transfer Vulnerability: Unauthorized File Sending via Bluetooth Privilege Escalation Vulnerability in PhoneStatusBarPolicy Allows Unauthorized Do Not Disturb Control Critical Use After Free Vulnerability in Decon Driver Prior to SMR Mar-2023 Release 1 Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 (VDB-226267) Authentication Bypass Vulnerability in SecSettings prior to SMR Mar-2023 Release 1 AutoPowerOnOffConfirmDialog in Settings Vulnerability: Unauthorized Device Shutdown Quick Share Agent Vulnerability: Unauthorized Access to MAC Address Improper Access Control Vulnerability in MyFiles App Allows Local Attacker to Access Secret Mode Information in Samsung Internet Improper Access Control in Samsung Calendar Allows Local Attacker to Configure Improper Status Improper Access Control Vulnerability in BixbyTouch: Untrusted Applications Can Access Local Files Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 (VDB-226268) Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 Improper Access Control Vulnerability in AppLock: Unauthorized Privileged Operation Execution Android VideoPreviewActivity Vulnerability Allows Unauthorized Access to Media Data Improper Export of Android Application Components Vulnerability in ImagePreviewActivity Local Privilege Escalation Vulnerability in Telephony Framework Local Privilege Escalation Vulnerability in Tips prior to SMR May-2023 Release 1 Critical Heap Out-of-Bounds Write Vulnerability in Pre-SMR May-2023 Release 1 Bootloader Enables Arbitrary Code Execution Critical SQL Injection Vulnerability in Campcodes Online Thesis Archiving System 1.0 Local Privilege Escalation Vulnerability in GearManagerStub Improper Access Control Vulnerability in ThemeManager: Arbitrary File Write Kernel Pointer Leakage Vulnerability SemShareFileProvider Improper Access Control Vulnerability Buffer Overflow Vulnerability in Shannon Baseband's Auth API Improper Access Control Vulnerability in Knox Enrollment Service Allows Unauthorized Installation of KSP App Active Debug Code Vulnerability in ActivityManagerService mPOS TUI Trustlet Externally-Controlled Format String Vulnerability Memory Overwrite Vulnerability in setPartnerTAInfo in mPOS TUI Trustlet Out-of-bounds Write Vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI Trustlet Critical SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 (VDB-226271) Double Free Validation Vulnerability in setPinPadImages in mPOS TUI Trustlet Arbitrary Code Execution Vulnerability in mPOS Fiserve Trustlet Privilege Escalation Vulnerability in FactoryTest Application Prior to SMR May-2023 Release 1 Buffer Overflow Vulnerability in mm_LteInterRatManagement.c in Shannon Baseband Buffer Overflow Vulnerability in mm_Plmncoordination.c in Shannon Baseband Arbitrary File Write Vulnerability in Samsung Core Service Arbitrary Code Execution Vulnerability in Samsung Blockchain Keystore (prior to version 1.3.12.1) Out-of-bounds Read Vulnerability in Samsung Blockchain Keystore's BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY Command Arbitrary Code Execution Vulnerability in Samsung Blockchain Keystore (prior to version 1.3.12.1) Arbitrary Code Execution Vulnerability in Samsung Blockchain Keystore (prior to version 1.3.12.1) Critical SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (VDB-226272) Out-of-bounds Read Vulnerability in Samsung Blockchain Keystore (prior to version 1.3.12.1) Allows Arbitrary Memory Reading Out-of-bounds Read Vulnerability in Samsung Blockchain Keystore Allows Arbitrary Memory Reading Knox ID Validation Logic Vulnerability in Notification Framework Privilege Escalation Vulnerability in CC Mode prior to SMR Jun-2023 Release 1 Vulnerability: Improper Scheme Validation in Galaxy Store Allows APK Installation via InstantPlay Deeplink Vulnerability in InstantPlay Allows Unauthorized APK Installation from Galaxy Store XSS Vulnerability in InstantPlay: Unauthorized APK Installation via Galaxy Store Exynos Baseband Heap Out-of-Bound Write Vulnerability Improper Access Control Vulnerability in SearchWidget Prior to Version 3.3 in China Models Critical Remote File Inclusion Vulnerability in SourceCodester Student Study Center Desk Management System 1.0 (VDB-226273) PII Enumeration via Credential Recovery in BlackBerry AtHoc version 7.15 SQL Injection Vulnerability in BlackBerry AtHoc Management Console BlackBerry AtHoc v7.15 Management Console (Reports) Reflected XSS Vulnerability Stored XSS Vulnerability in BlackBerry AtHoc Management Console Windows LSA Elevation of Privilege Vulnerability RPC Runtime DoS Vulnerability Windows Netlogon Information Disclosure Vulnerability Exposes Sensitive Data Windows iSCSI Service Denial of Service Vulnerability: Disrupting Storage Connectivity SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Cross-Site Scripting (XSS) Vulnerability in SourceCodester Complaint Management System 1.0 Container Elevation of Privilege Vulnerability in Azure Service Fabric Windows GDI Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Event Tracing Information Disclosure Vulnerability MSMQ Elevation of Privilege Vulnerability .NET Framework Denial of Service Vulnerability Windows Authentication RCE Vulnerability: A Critical Security Flaw Exploiting Remote Code Execution Critical SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 (VDB-226275) Windows Cryptographic Information Leakage Vulnerability Task Scheduler Privilege Escalation Vulnerability in Windows Windows Installer Privilege Escalation Vulnerability Windows L2TP Remote Code Execution Vulnerability Windows L2TP Remote Code Execution Vulnerability IKE Protocol Denial of Service Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows SMB Witness Service Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Air Cargo Management System 1.0 Windows Cryptographic Information Leakage Vulnerability Secure Your System: Microsoft Cryptographic Services Elevation of Privilege Vulnerability Windows GDI Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Azure DevOps Server Critical Remote Code Execution Vulnerability in Microsoft Message Queuing Windows L2TP Remote Code Execution Vulnerability Windows L2TP Remote Code Execution Vulnerability Windows LDAP Denial of Service Vulnerability Windows Error Reporting Service Privilege Escalation Vulnerability Windows Cryptographic Information Leakage Vulnerability Linux Kernel RPL Protocol Handling Denial of Service Vulnerability Windows Boot Manager Secure Boot Bypass Vulnerability Secure Your System: Microsoft Cryptographic Services Elevation of Privilege Vulnerability BitLocker Security Feature Bypass Vulnerability: A Critical Flaw in Data Encryption Exploiting Cross-Site Scripting Vulnerability in Azure DevOps Server Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Exploiting Visual Studio's Elevation of Privilege Vulnerability Visual Studio Remote Code Execution Vulnerability VS Extension Remote Code Execution Vulnerability in Microsoft SQL Server Integration Service Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Critical Heap-Based Buffer Overflow Vulnerability Discovered in ImageMagick Package Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Arbitrary Code Execution Vulnerability in Adobe Photoshop Versions 23.5.3 and Earlier, 24.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Photoshop: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Photoshop Versions 23.5.3 and Earlier, 24.1 and Earlier Out-of-Bounds Read Vulnerability in Photoshop Versions 23.5.3 and Earlier, 24.1 and Earlier Integer Overflow or Wraparound Vulnerability in Adobe Acrobat Reader User Impersonation Vulnerability in Code Dx Versions Prior to 2023.4.2 Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Adobe Digital Editions Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Use After Free Vulnerability in FrameMaker 2020 and 2022 Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Arbitrary Code Execution via Improper Input Validation in Adobe InDesign Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Maintenance Mode Bypass Vulnerability in CMP – Coming Soon & Maintenance Plugin for WordPress Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Adobe InDesign NULL Pointer Dereference Vulnerability Allows Application Denial-of-Service Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe InCopy Out-of-Bounds Write Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe InCopy Allows Memory Disclosure Adobe InCopy Out-of-Bounds Read Vulnerability Insecure Password Requirements in GitHub Repository Modoboa/Modoboa Prior to 2.1.0 Use After Free Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension 3.4.6 and Earlier Stack-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Heap-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution XML External Entity (XXE) Vulnerability Stack-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Adobe Acrobat Reader Privilege Escalation Vulnerability Adobe Acrobat Reader Privilege Escalation Vulnerability Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Access of Uninitialized Pointer Vulnerability in Adobe Substance 3D Designer 12.4.1 and Earlier Arbitrary Code Execution via Out-of-Bounds Write in FrameMaker 2020 and 2022 Use-After-Free Vulnerability in iscsi_sw_tcp_session_create in Linux Kernel Allows Information Leakage Out-of-Bounds Read Vulnerability in FrameMaker 2020 and 2022 Allows Memory Disclosure Arbitrary Code Execution via Improper Input Validation in FrameMaker 2020 and 2022 Arbitrary Code Execution via Out-of-Bounds Write in FrameMaker 2020 and 2022 Vulnerability: Information Disclosure in DSP Services during Dynamic Module Loading DNS Response Buffer Over-read Vulnerability Improper Authentication in HLOS Key Velocity Checks: A Cryptographic Vulnerability Invalid Address Vulnerability in Trusted Execution Environment Service API WLAN HAL Memory Corruption Vulnerability Double Free Vulnerability in Modem's PKCS15 SIM File Parsing BPF Verifier Pruning Vulnerability in Linux Kernel >=5.4 Integer Overflow Vulnerability in Multimedia Framework's synx bind and synx signal Functions Insecure Configuration Vulnerability in Modem's LTE Security Mode Command Processing GSL Memory Node Query Vulnerability in Automotive GPU Linux Memory Corruption Vulnerability in QcRilRequestImsRegisterMultiIdentityMessage Processing SMS Memory Corruption Vulnerability in Radio Interface Layer Telephony-Triggered Memory Corruption in Data Network Stack & Connectivity Array Index Out of Bounds Vulnerability in Linux Update and Record Process Linux System Configuration API Vulnerability: Memory Corruption Exploit API Instance ID Mismatch Vulnerability in Video Calling Audio Memory Corruption Vulnerability in sva_model_serializer Stored XSS Vulnerability in GitLab WebIDE Beta Buffer Overflow Vulnerability in Linux File Upload API System Vulnerability: Unprivileged App Can Manipulate Global Brightness and Disrupt System Functionality HAB Memory Management Vulnerability: Exploiting Broad System Privileges via Physical Address Automotive System Call Vulnerability: Untrusted Pointer Dereference Leading to Memory Corruption Integer Overflow Vulnerability in RIL Triggering qcril_uim_request_apdu Request Invalid System Information Block 1 causing Transient Denial of Service (DoS) Vulnerability in Modem Bluetooth GATT Packet Information Disclosure Vulnerability RIL Memory Corruption Vulnerability in APDU Packet Sending WLAN Memory Corruption Vulnerability in doDriverCmd GPS HLOS Driver Vulnerability: Memory Corruption in injectFdclData with Invalid Data Length Type Conversion Vulnerability in TEE's secure_io_read/write Function Leads to Memory Corruption in Core Insecure Storage of Derived Keys in HLOS: A Cryptographic Vulnerability Transient Denial of Service Vulnerability in Modem during RRC Reconfiguration Processing Audio Playback Vulnerability: Memory Corruption with Enabled Audio Effects Audio Metadata Memory Corruption Vulnerability WLAN HOST Memory Corruption Vulnerability Audio Corruption Vulnerability in ADSP during Record Use Case Beacon/Probe Response Frame Processing Vulnerability in WLAN Firmware Vulnerability: Transient Denial of Service (DoS) in WLAN Firmware due to Missing Header Fields in Frames Null Pointer Dereference Vulnerability in CAN Protocol in Linux Kernel FT Information Element Parsing Vulnerability in WLAN Firmware: Transient Denial of Service WLAN Beacon/Probe-Response Frame Parsing Vulnerability: Transient DOS Exploit Buffer Overflow Vulnerability in Core Platform Log Printing Display Metadata Memory Corruption Vulnerability Buffer Overflow Vulnerability in Core Platform Log Printing Graphics File Import Vulnerability: Memory Corruption Exploit Graphics Buffer Overflow Vulnerability Transient Denial of Service (DoS) Vulnerability in Bluetooth HOST during Descriptor Validation for Blacklisted BT Keyboard WLAN HOST Information Disclosure Vulnerability via Invalid Source Address in DPP Action Frame GPU Privilege Escalation Vulnerability Memory Corruption Vulnerability in Core Syscall for Sectools Fuse Comparison Feature Concurrent Audio Tunnel Playback/Recording Vulnerability VM Resource Manager Vulnerability: Memory Corruption via Improper Access Windows ALPC Elevation of Privilege Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows LDAP Remote Code Execution Vulnerability IKE Extension Denial of Service Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows L2TP Remote Code Execution Vulnerability Stored Cross-Site Scripting Vulnerability in TaxoPress WordPress Plugin (Versions up to 3.6.4) Windows Win32k Privilege Escalation Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Windows PPP Information Disclosure Vulnerability IKE Extension Denial of Service Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability HTTP.sys Information Leakage Vulnerability Windows NT OS Kernel Elevation of Privilege Vulnerability PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol Stored Cross-Site Scripting Vulnerability in TaxoPress WordPress Plugin PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol Unveiling the Microsoft PEAP Information Disclosure Vulnerability PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol Microsoft Printer Driver Information Disclosure Vulnerability Critical Remote Code Execution Vulnerability in Windows Fax Service PEAP Remote Code Execution Vulnerability in Microsoft's Protected Extensible Authentication Protocol Windows iSNS Server Information Disclosure Vulnerability Windows iSNS Server Information Disclosure Vulnerability Stored Cross-Site Scripting Vulnerability in TaxoPress WordPress Plugin Windows iSCSI Discovery Service Denial of Service Vulnerability PEAP Denial of Service Vulnerability in Microsoft's Protected Extensible Authentication Protocol Windows iSCSI Service Denial of Service Vulnerability: Disrupting Storage Connectivity Data Box Gateway Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server RPC Runtime RCE Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Stored Cross-Site Scripting Vulnerability in BadgeOS Plugin for WordPress Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Pervasive Windows PPTP Remote Code Execution Vulnerability SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Exposed Secrets: Microsoft Office Information Disclosure Vulnerability Microsoft Publisher Security Bypass Vulnerability Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Unauthenticated Elevation of Privilege Vulnerability in Microsoft SharePoint Server Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver for SQL Server Edge (Chromium-based) Security Feature Bypass Vulnerability Insecure Direct Object Reference vulnerability in BadgeOS WordPress Plugin (up to version 3.7.1.6) allows unauthorized modification of post titles EdgeTamper: A Critical Vulnerability in Microsoft Edge (Chromium-based) Unauthenticated Elevation of Privilege Vulnerability in Microsoft OneNote .NET Framework Denial of Service Vulnerability: Exploiting System Resource Exhaustion Windows DWM Core Library Privilege Escalation Vulnerability Windows Malicious Software Removal Tool Privilege Escalation Vulnerability Windows Credential Manager User Interface Elevation of Privilege Vulnerability RPC Runtime RCE Vulnerability Windows Netlogon Denial of Service Vulnerability: Disrupting Network Authentication RPC Runtime Information Disclosure Vulnerability Insecure Direct Object Reference vulnerability in BadgeOS WordPress Plugin Secure Your System: Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Windows Bind Filter Driver Privilege Escalation Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Vulnerability: Unauthorized Modification of Data in BadgeOS Plugin for WordPress Windows Media Player Remote Code Execution Vulnerability Visio File Information Disclosure Vulnerability SharePoint Server Remote Code Execution Vulnerability SharePoint Server Security Feature Bypass Vulnerability SharePoint Server Remote Code Execution Vulnerability Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Windows NTLM Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Windows Backup Service Privilege Escalation Vulnerability Windows Event Tracing Information Disclosure Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Win32k Privilege Escalation Vulnerability Windows L2TP DoS Vulnerability IKE Extension Denial of Service Vulnerability Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Out-of-Boundary Read Vulnerability in compare_netdev_and_ip in RDMA in the Linux Kernel Print Spooler Privilege Escalation Vulnerability in Windows Exposed: Microsoft Exchange Server Information Leakage Vulnerability Microsoft Exchange Server Spoofing Vulnerability: A Gateway for Impersonation Attacks Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Print Spooler Privilege Escalation Vulnerability in Windows Windows Overlay Filter Information Leakage Vulnerability Windows Overlay Filter Privilege Escalation Vulnerability WinSock Elevation of Privilege Vulnerability in Windows Ancillary Function Driver Microsoft Message Queuing DoS Vulnerability Null Pointer Dereference Vulnerability in Linux Kernel's SCTP Network Protocol Windows Local Session Manager (LSM) Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Windows Kernel Information Leakage Vulnerability Critical Elevation of Privilege Vulnerability in Azure App Service on Azure Stack Hub Exploiting the Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Stored Cross-Site Scripting Vulnerability in Aajoda Testimonials WordPress Plugin 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution Unauthenticated Order Status Manipulation in WooCommerce Order Status Change Notifier WordPress Plugin 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Edge Chromium Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Arbitrary File Download and PHAR Unserialization Vulnerability in KIWIZ Invoices Certification & PDF System WordPress Plugin Windows Installer Privilege Escalation Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Windows Media Player Remote Code Execution Vulnerability Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Power BI Report Server URL Spoofing Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Exploiting the .NET and Visual Studio Remote Code Execution Vulnerability Exploiting Microsoft Defender for Endpoint Security Feature Bypass Vulnerability GitLab Refs/Replace Content Smuggling Vulnerability Windows iSCSI Service Denial of Service Vulnerability: Disrupting Storage Connectivity Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Secure Channel DoS Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Windows Active Directory Domain Services API Denial of Service Vulnerability: Disrupting Network Operations Kerberos Privilege Escalation Vulnerability in Windows Windows Secure Channel DoS Vulnerability Windows Secure Channel DoS Vulnerability Privilege Escalation Vulnerability in GitLab EE with OpenID Connect DFS Remote Code Execution Vulnerability in Windows Windows Graphics Component Privilege Escalation Vulnerability Exploiting the Windows Graphics Component for Remote Code Execution Vulnerability in Oracle Communications BRM - Elastic Charging Engine Allows Unauthorized Access to Critical Data Oracle iSupplier Portal Unauthenticated Read Access Vulnerability Oracle Hospitality Reporting and Analytics Product Vulnerability Oracle Database Data Redaction Vulnerability Oracle Hospitality Reporting and Analytics Product Vulnerability: Unauthorized Access and Data Manipulation Oracle Database RDBMS Security Component Unauthorized Access Vulnerability Unauthenticated Test Alert Abuse in Grafana Oracle Java SE and Oracle GraalVM Enterprise Edition Serialization Vulnerability Title: Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement (Advising Notes) Oracle BI Publisher Product Vulnerability: Unauthorized Takeover Oracle ZFS Storage Appliance Kit Object Store Unauthorized Read Access Vulnerability Oracle Self-Service Human Resources Vulnerability: Unauthorized Data Manipulation Oracle Java SE and Oracle GraalVM Enterprise Edition DTLS Vulnerability MySQL Server Denial of Service Vulnerability Unauthenticated Network Access Vulnerability in Oracle WebLogic Server Unauthenticated Remote Denial of Service Vulnerability in Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Reflected Cross-Site Scripting Vulnerability in WP Responsive Tabs Plugin MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Sound Component Unauthenticated Access Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Oracle BI Publisher Product Vulnerability: Unauthorized Takeover Vulnerability in Oracle Web Applications Desktop Integrator Allows Unauthorized Data Access and Manipulation Oracle Communications Convergence Product Takeover Vulnerability Oracle Applications DBA Product Vulnerability: Unauthorized Data Manipulation via Java Utils Oracle Demantra Demand Management Unauthenticated Access Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Data Manipulation Oracle Learning Management Product Vulnerability Oracle Mobile Field Service Synchronization Vulnerability Oracle Sales Offline Unauthenticated Data Manipulation Vulnerability Oracle Sales for Handhelds Unauthenticated Data Manipulation Vulnerability Oracle iSetup Unauthenticated Access Vulnerability Oracle HCM Common Architecture Unauthenticated Access Vulnerability Oracle Collaborative Planning Unauthenticated Access Vulnerability Oracle Access Manager Authentication Engine Privilege Escalation Vulnerability Format String Vulnerability in Triangle MicroWorks' SCADA Data Gateway MySQL Cluster Vulnerability: Unauthorized Takeover via Physical Communication Segment Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Oracle Web Services Manager XML Security Component Unauthenticated Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service Unauthenticated User Broadcast and Forced Logout Vulnerability in Triangle MicroWorks' SCADA Data Gateway MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server (InnoDB Component) Allows for Denial of Service Attacks MySQL Server Vulnerability: Unauthorized Access and Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service via Thread Pooling Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability SQL Injection Vulnerability in Colibri Page Builder for WordPress (Versions up to 1.0.227) Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Hang and Crash Oracle VM VirtualBox Prior to 6.1.42 and Prior to 7.0.6 Windows Vulnerability: Unauthorized Data Access Oracle VM VirtualBox Vulnerability: Unauthorized Takeover via Multiple Protocols MySQL Server Denial of Service Vulnerability Vulnerability in Primavera Gateway: Unauthorized Data Access and Manipulation Vulnerability in Oracle VM VirtualBox Allows Unauthorized Data Access Vulnerability: Unauthorized Widget Manipulation in Elementor Addons Plugin Oracle Communications Converged Application Server Remote Takeover Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Oracle Data Provider for .NET Remote Code Execution Vulnerability Oracle Global Lifecycle Management NextGen OUI Framework Takeover Vulnerability Oracle Solaris NSSwitch Vulnerability: Unauthorized Takeover of System Oracle VM VirtualBox Denial of Service Vulnerability Oracle VM VirtualBox Denial of Service Vulnerability Vulnerability: Unauthorized Access to Private Project Commits in GitLab Oracle Solaris NSSwitch Vulnerability: Unauthorized Access and Partial Denial of Service Oracle Financial Services Analytical Applications Infrastructure Product Vulnerability Vulnerability in Oracle Financial Services Behavior Detection Platform Allows Unauthorized Data Access Vulnerability in Oracle Banking Virtual Account Management Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Banking Virtual Account Management Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Banking Virtual Account Management: Unauthorized Data Access and Modification Vulnerability in Oracle Banking Virtual Account Management: Unauthorized Data Access and Modification Vulnerability in Oracle Banking Virtual Account Management Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Banking Virtual Account Management Allows Unauthorized Access and Data Manipulation Critical Data Access Vulnerability in Oracle Siebel CRM (UI Framework) Stored Cross-site Scripting (XSS) Vulnerability in AzuraCast GitHub Repository (prior to 0.18) Oracle Business Intelligence Enterprise Edition: Unauthorized Access Vulnerability Vulnerability in Oracle MySQL Server (InnoDB Component) Allows for Denial of Service Attacks MySQL Server Privilege Escalation Vulnerability MySQL Server Denial of Service Vulnerability Oracle Banking Payments: Unauthorized Data Access and Manipulation Vulnerability Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Oracle Database Recovery Manager Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Health Sciences InForm Allows Unauthorized Data Access and Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle Health Sciences InForm Vulnerability in Oracle Health Sciences InForm: Unauthorized Access and Data Manipulation Vulnerability in Oracle Health Sciences InForm: Unauthorized Data Access and Partial Denial of Service Oracle Health Sciences InForm Partial Denial of Service Vulnerability Vulnerability in Oracle Health Sciences InForm Allows Unauthorized Access to Critical Data Unauthorized Read Access Vulnerability in Oracle JD Edwards EnterpriseOne Tools Oracle Solaris IPS Repository Daemon Unauthorized Data Access Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash OAuth2 Authorization Code Invalidation Vulnerability in Mattermost Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-100210) Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Vulnerability in Oracle Hospitality OPERA 5 Property Services: Unauthorized Access and Data Compromise MySQL Server Denial of Service Vulnerability Java VM Component Vulnerability in Oracle Database Server (19c and 21c) MySQL Server Denial of Service Vulnerability Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Oracle Java SE and Oracle GraalVM Enterprise Edition Unauthenticated Network Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-0001) Out-of-Bounds Write Vulnerability in Linux Kernel's SLIMpro I2C Device Driver MySQL Server Denial of Service Vulnerability Oracle BI Publisher Unauthorized Data Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Essbase (Security and Provisioning Component) Unauthenticated Remote Code Execution Vulnerability in Oracle Essbase (Security and Provisioning Component) Unauthenticated Remote Code Execution Vulnerability in Oracle Essbase (Security and Provisioning Component) MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Solaris Core Vulnerability: Unauthorized Takeover of System Oracle Database Server Advanced Networking Option Unauthenticated Access Vulnerability Jenkins Code Dx Plugin 3.1.0 CSRF Vulnerability: Unauthorized URL Connection MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle Business Intelligence Enterprise Edition Allows Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition MySQL Server Denial of Service Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle iReceivables Attachments Unauthorized Read Access Vulnerability Jenkins Code Dx Plugin 3.1.0 and earlier: Missing Permission Check Allows Unauthorized File Path Existence Check Oracle WebLogic Server Unauthenticated Access Vulnerability Oracle Hyperion Essbase Administration Services Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service (DOS) Unauthenticated Remote Denial of Service Vulnerability in Oracle WebLogic Server Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Vulnerability in Oracle MySQL Server: JSON Component Allows for Denial of Service (DoS) Attacks Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Oracle SQL Developer Installation Vulnerability Padding Oracle Attack Vulnerability in HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 Oracle BI Publisher Product Vulnerability: Unauthorized Access to Critical Data Vulnerability in Oracle MySQL Connectors: Unauthorized Access and Denial of Service MySQL Server Denial of Service Vulnerability Oracle iProcurement E-Content Manager Catalog Vulnerability Vulnerability in Oracle Application Express Team Calendar Plugin: Remote Code Execution Vulnerability in Oracle Application Express Customers Plugin: Remote Takeover MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Application Object Library Allows Unauthorized Access and Partial Denial of Service Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Regular Expression Denial of Service in GitLab CE/EE via Crafted Payloads in preview_markdown Endpoint Vulnerability in Oracle MySQL Server Allows Takeover (CVE-2021-2345) Elastic Search Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Application Express Administration: Unauthorized Access and Partial Denial of Service Oracle Solaris HTTP Denial of Service Vulnerability Oracle Solaris Utility Vulnerability: High Privileged Takeover Oracle GraalVM Enterprise Edition Native Image Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Platform Oracle VM VirtualBox Vulnerability: Unauthorized Data Access Oracle VM VirtualBox Vulnerability: Unauthorized Access to Critical Data Regular Expression Denial of Service in GitLab CE/EE via Crafted Payloads in preview_markdown Endpoint Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2021-12345) Oracle VM VirtualBox Vulnerability: Unauthorized Data Access Vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources: Unauthorized Data Access and Manipulation Oracle Clinical Remote Data Capture Product Vulnerability Vulnerability in Oracle Mobile Security Suite: Unauthorized Access to Critical Data Oracle WebLogic Server Denial of Service Vulnerability Oracle User Management Proxy User Delegation Unauthorized Read Access Vulnerability Oracle VM VirtualBox Prior to 6.1.44 and Prior to 7.0.8 Windows VM Unauthorized Data Access Vulnerability Vulnerability in Oracle VM VirtualBox: Unauthorized Data Access HTML Injection Vulnerability in GitLab CE/EE Allows Email Address Field Manipulation Oracle VM VirtualBox Vulnerability: Unauthorized Access and Data Manipulation Oracle VM VirtualBox Vulnerability: Unauthorized Access and Data Manipulation Oracle VM VirtualBox Vulnerability: Unauthorized Access to Critical Data Oracle Solaris Utility Unauthenticated Access Vulnerability Oracle E-Business Suite Reports Configuration Unauthenticated Access Vulnerability MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Unauthenticated Network Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle MySQL Server (InnoDB Component) Allows for Denial of Service Attacks Oracle Self-Service Human Resources Unauthorized Read Access Vulnerability SQL Injection Vulnerability in Web Directory Free for WordPress (Versions up to 1.6.7) Oracle Essbase Security and Provisioning Vulnerability: Unauthorized Data Access Oracle Business Intelligence Enterprise Edition Vulnerability: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Business Intelligence Enterprise Edition allows unauthorized data manipulation Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Takeover of PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Hang and Crash Oracle VM VirtualBox Denial of Service Vulnerability Oracle VM VirtualBox RDP Network Access Vulnerability Oracle HTTP Server Unauthenticated Remote Code Execution Vulnerability GitHub Repository Access Control Vulnerability Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access Vulnerability Oracle Business Intelligence Enterprise Edition: Partial Denial of Service Vulnerability Oracle Health Sciences Sciences Data Management Workbench Blinding Functionality Unauthorized Access Vulnerability Vulnerability in Oracle Solaris Device Driver Interface Allows for Takeover Unbreakable Enterprise Kernel (UEK) RDS Module Local Denial of Service Vulnerability Unauthenticated Network Access Vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition MySQL Server Denial of Service Vulnerability Oracle Business Intelligence Enterprise Edition Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Commerce Guided Search: Unauthorized Data Access and Manipulation Use-after-free vulnerability in WebKitGTK package allows for denial of service or arbitrary code execution Oracle WebLogic Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Oracle Database Server Unified Audit Component Vulnerability Oracle E-Business Suite iSurvey Module: Unauthenticated Remote Code Execution Vulnerability Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK Utility Component Partial Denial of Service Vulnerability Vulnerability in Oracle Web Applications Desktop Integrator Allows Unauthorized Data Access and Partial Denial of Service Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in Oracle Agile PLM WebClient: Unauthorized Data Access and Manipulation Critical SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 (VDB-226969) Oracle WebLogic Server Vulnerability: Unauthorized Data Access and Server Crash Unauthenticated Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK Oracle E-Business Suite Vulnerability: Unauthorized Data Access and Manipulation in Oracle Applications Framework Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE (JavaFX) Unauthenticated Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK Unauthenticated Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Vulnerability in Oracle MySQL Server: Unauthorized Read Access to Data Unauthenticated Access Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 JD Edwards EnterpriseOne Orchestrator Unauthorized Data Access Vulnerability Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK Vulnerability: Unauthorized Read Access Java VM Component Vulnerability in Oracle Database Server Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service MySQL Server Denial of Service Vulnerability JD Edwards EnterpriseOne Tools Web Runtime SEC Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Replication Vulnerability: Unauthorized Hang or Crash MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Critical SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 Vulnerability in Oracle Hyperion Workspace: Unauthorized Access and Data Manipulation Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Vulnerability in Oracle Hyperion Financial Reporting: Unauthorized Access and Partial Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in MySQL Server: Unauthorized Hang and Crash (CVE-2021-2345) Vulnerability in Oracle Java SE and Oracle GraalVM: Unauthenticated Network Access via CORBA Vulnerability in MySQL Server: Unauthorized Hang and Crash (CVE-2021-2345) Oracle WebLogic Server Remote Code Execution Vulnerability SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 MySQL Server Denial of Service Vulnerability PL/SQL Component Privilege Escalation Vulnerability in Oracle Database Server Oracle WebLogic Server Remote Code Execution Vulnerability Oracle Notification Server Unauthenticated Access Vulnerability Oracle Database Sharding Component Partial Denial of Service Vulnerability Oracle Database Sharding Component Denial of Service Vulnerability Oracle E-Business Suite Vulnerability: Unauthorized Data Access and Manipulation in Oracle Applications Framework Oracle Database Recovery Manager Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Critical SQL Injection Vulnerability in Campcodes Retro Basketball Shoes Online Store 1.0 (VDB-226973) Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Oracle Java SE, Oracle GraalVM, and Oracle GraalVM Enterprise Edition HTTPS Denial of Service Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access Unauthenticated Remote Data Read Vulnerability in Oracle Enterprise Session Border Controller Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Vulnerability in Oracle Hospitality OPERA 5 Property Services: Takeover via HTTP Access Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Hospitality OPERA 5 Property Services: Takeover via HTTP Access Vulnerability in Oracle Communications Order and Service Management Allows Unauthorized Data Access Oracle WebLogic Server Remote Code Execution Vulnerability Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 (VDB-226974) Title: Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects Vulnerability in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition: Unauthorized Data Access MySQL Server Denial of Service Vulnerability Oracle iRecruitment Product Vulnerability: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Installer Allows Unauthorized Data Access and Denial of Service MySQL Server 8.1.0 Denial of Service Vulnerability Java VM Component Vulnerability in Oracle Database Server Vulnerability in MySQL Server Allows for Denial of Service Attacks Oracle VM VirtualBox Prior to 7.0.12 Vulnerability: High Privileged Takeover Oracle VM VirtualBox Prior to 7.0.12 Vulnerability: High Privileged Takeover Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 (VDB-226975) Oracle VM VirtualBox Core Vulnerability: Unauthorized Access and Denial of Service Oracle WebLogic Server Unauthenticated Takeover Vulnerability Vulnerability in Oracle MySQL Connectors: Unauthenticated Takeover (CVE-2021-2345) MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server (InnoDB Component) Allows for Denial of Service Attacks Vulnerability in Oracle Analytics BI Publisher Web Server: Unauthorized Data Access and Manipulation Oracle Enterprise Command Center Framework API Unauthorized Access Vulnerability Vulnerability in Oracle Enterprise Command Center Framework Allows Unauthorized Data Access and Manipulation Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 MySQL Server Denial of Service Vulnerability MySQL Server UDF Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Encryption Vulnerability Vulnerability in MySQL Server: Unauthorized Hang and Crash (CVE-2021-2345) MySQL Server Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Manipulation Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Access and Data Compromise Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 (VDB-226977) Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Trade Finance: Unauthorized Access and Data Compromise Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Manipulation Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Manipulation Unauthenticated Access Vulnerability in Oracle WebCenter Content Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Unauthenticated Network-based Filesystem Vulnerability in Oracle Solaris Oracle Solaris Kernel Denial of Service Vulnerability Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 (VDB-226978) Unauthenticated Remote Denial of Service Vulnerability in Oracle Sun ZFS Storage Appliance Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 Critical SQL Injection Vulnerability in Campcodes Coffee Shop POS System 1.0 Cross-Site Scripting (XSS) Vulnerability in Campcodes Coffee Shop POS System 1.0 Critical SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 (CVE-2021-226983) Critical SQL Injection Vulnerability in SourceCodester Task Reminder System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Task Reminder System 1.0 (CVE-2021-226985) Cross-Site Scripting Vulnerability in Dream Technology Mica up to 3.0.5 (VDB-226986) SQL Injection Vulnerability in WP Custom Cursors WordPress Plugin Stack-based Buffer Overflow Vulnerability in Adobe Bridge Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe Bridge Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Stored Cross-Site Scripting Vulnerability in Login Rebuilder WordPress Plugin Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Adobe Connect Improper Access Control Vulnerability Allows Security Feature Bypass Out-of-Bounds Read Vulnerability in Adobe After Effects Stack-based Buffer Overflow Vulnerability in Adobe Premiere Rush 2.6 and Earlier: Arbitrary Code Execution Use After Free Vulnerability in InCopy Versions 18.1 and Earlier: Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe After Effects: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe After Effects: Arbitrary Code Execution Arbitrary Code Execution via Improper Input Validation in After Effects Versions 23.1 and Earlier Stored Cross-Site Scripting Vulnerability in SEO by 10Web WordPress Plugin Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Stack-based Buffer Overflow Vulnerability in Adobe Animate: Arbitrary Code Execution Use After Free Vulnerability in Adobe Premiere Rush 2.6 and Earlier Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Animate Allows Arbitrary Code Execution XML Injection Vulnerability in Adobe Commerce Allows Arbitrary File System Read Adobe Commerce Incorrect Authorization Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Commerce Versions 2.4.4-p2 and 2.4.5-p1 Stored Cross-Site Scripting Vulnerability in SEO Alert WordPress Plugin Improper Access Control Vulnerability in Adobe Commerce Versions 2.4.4-p2 and 2.4.5-p1: Security Feature Bypass Incorrect Authorization Vulnerability in Adobe Commerce Versions 2.4.4-p2 and 2.4.5-p1: Minor Information Disclosure Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions Insufficient Validation in PE and OLE Parsers in Rapid7's Velociraptor Allows for Remote Crash URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier Versions SQL Injection Vulnerability in Adobe RoboHelp Server Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier GitHub Repository Modoboa/Modoboa Prior to 2.1.0 - Improper Authorization Vulnerability Weak Cryptography for Passwords Vulnerability in Adobe Experience Manager 6.5.15.0 and Earlier: Security Feature Bypass and Password Decryption Adobe RoboHelp Server Improper Input Validation Vulnerability Adobe RoboHelp Server Path Traversal Remote Code Execution Vulnerability Adobe RoboHelp Server XXE Vulnerability SQL Injection Vulnerability in Adobe RoboHelp Server Race condition vulnerability in Intel(R) Ethernet Controllers and Adapters E810 Series firmware (before version 1.7.2.4) enables local denial of service. CX-Programmer Ver.9.79 and Earlier: Use After Free Vulnerability with Information Disclosure and Arbitrary Code Execution m-FILTER Email Authentication Bypass Vulnerability Remote Code Execution Vulnerability in MAHO-PBX NetDevancer CSRF Vulnerability in modoboa/modoboa prior to 2.1.0 Arbitrary OS Command Execution Vulnerability in MAHO-PBX NetDevancer TMM Termination Vulnerability in BIG-IP AFM NAT Policy Unquoted File Path Vulnerability in WAB-MAT Ver.5.0.0.8 and Earlier DLL Hijacking Vulnerability in BIG-IP Edge Client for Windows (Versions 7.1.5 to 7.2.3.1) Unauthenticated Network Access Vulnerability in Intel Unison Software CSRF Vulnerability in MAHO-PBX NetDevancer and MobileGate HTML Email Injection in Tribe29 Checkmk: Exploiting Email Vulnerability in Checkmk Versions SQL Injection Vulnerability in Quick Post Duplicator for WordPress (Versions up to 2.0) Unison Software Vulnerability: Authenticated User Can Enable Denial of Service via Network Access Invalid Free Vulnerability in Ichitaro 2022 1.0.1.57600 Frame Stream Parser Unison Software Vulnerability: Local Access Privilege Escalation Exploit Vulnerability: Privilege Escalation via Improper Access Control in Intel Thunderbolt DCH Drivers for Windows Privilege Escalation via Incorrect Permissions in Tribe29 Checkmk Appliance Out of Bounds Read Vulnerability in Datakit CrossCadWare_x64.dll Arbitrary Script Injection Vulnerability in MAHO-PBX NetDevancer Series Buffer Overflow Vulnerability in Intel(R) Server Board BMC Firmware Open Redirect Vulnerability in pgAdmin 4: Remote Phishing Attack via Crafted URL OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: Remote Command Execution Privilege Escalation and Unauthorized Actions via Log Viewing Vulnerability Arbitrary Memory Access Vulnerability in OpenHarmony-v3.1.5 and Prior Versions HTTP Profile Denial of Service Vulnerability TP-Link SG105PE Firmware Authentication Bypass Vulnerability OS Command Injection Vulnerability in PIX-RT100 Versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 Integer Overflow Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5 Bridge Group Functionality Sensitive Data Exposure in Tribe29 Checkmk Appliance: Password Retrieval via Log File Reading Integer Underflow Vulnerability in SoftEther VPN's vpnserver OvsProcessData Functionality Reflective Cross-Site Scripting Vulnerability in Tribe29 Checkmk Appliance before 1.6.4 Critical Remote Management Vulnerability in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314 (VDB-227001) Race condition vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools allows for potential denial of service via local access Escalation of Privilege Vulnerability in Intel(R) Optane(TM) PMem 100 Series Management Software Intel(R) NUC BIOS Firmware Vulnerability: Local Privilege Escalation via Improper Access Control Buffer Overflow Vulnerability in Intel(R) QAT Library Software Title: Use After Free Vulnerability in CX-Programmer Ver.9.79 and Earlier Allows Information Disclosure and Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Snap One Wattbox WB-300-IP-3 Undocumented Telnet and SSH Services Vulnerability in PIX-RT100 Versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 CX-Programmer Ver.9.79 and Earlier: Use After Free Vulnerability with Information Disclosure and Arbitrary Code Execution Webconf Denial of Service Vulnerability in Tribe29 Checkmk Appliance SQL Injection Vulnerability in Milesight VPN v2.0.2 LoginAuth Functionality Allows Authentication Bypass GitLab Jira Prefix ReDoS Vulnerability Path Traversal and URL Evaluation Vulnerability in OpenAM Web Policy Agent Out-of-Bounds Read Vulnerability in Datakit CrossCadWare_x64.dll OMRON CX-Motion Pro 1.4.6.013 and Earlier XXE Vulnerability CPU Resource Utilization Vulnerability in BIP-IP Versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x Remote SQL Injection Vulnerability in CONPROSYS HMI System (CHS) Ver.3.5.0 and Earlier Denial of Service Vulnerability in SoftEther VPN's DCRegister DDNS_RPC_MAX_RECV_SIZE Functionality Incorrect Permission Assignment Vulnerabilities in iControl REST and TMOS Shell (tmsh) Dig Command Firmware Vulnerability: Out-of-Bounds Write in Intel(R) FPGA Products BIOS Firmware Vulnerability: Denial of Service via Adjacent Access Improper Authorization Vulnerability in GitLab CE/EE Allows Project Reporter to Leak Owner's Sentry Instance Projects Uninitialized Resource Vulnerability in Intel(R) NUC BIOS Firmware Allows Local Information Disclosure Default Credentials Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and Earlier: Unauthorized User Credential Alteration Pgpool-II Information Disclosure Vulnerability Arbitrary Script Injection Vulnerability in EasyMail 2.00.130 and Earlier Password Hash Authentication Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and Earlier Arbitrary File Download and Remote Code Execution Vulnerability in SS1 Ver.13.0.0.40 and Rakuraku PC Cloud Agent Ver.2.1.8 Arbitrary Code Execution via Path Traversal in SS1 Ver.13.0.0.40 and Rakuraku PC Cloud Agent Ver.2.1.8 Unauthenticated Network Access Denial of Service Vulnerability in Intel Unison Software Intel(R) oneVPL GPU Software Local Information Disclosure Vulnerability Improper Access Control Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and Earlier: Remote Unauthorized Access to Server Certificate and Private Key Zephyr Host Vulnerability: Arbitrary Code Execution via Union Variant Confusion Undisclosed Traffic Termination Vulnerability in BIG-IP OAuth Server Termination Vulnerability Escalation of Privilege Vulnerability in Intel Thunderbolt DCH Drivers for Windows Hard-coded Credentials Vulnerability in SS1 Ver.13.0.0.40 and Earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and Earlier Out-of-Bound Write Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Out-of-Bound Read Vulnerability Out-of-Bound Read Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Improper Authorization in Checkmk RestAPI Allows Unauthorized Access to Host Configs Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier: Out-of-Bound Read Vulnerability Use-After-Free Vulnerability in Linux Kernel Performance Events System Out-of-Bound Read Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Out-of-Bound Read Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier Out-of-Bounds Read Vulnerability in Datakit CrossCadWare_x64.dll Uncontrolled Search Path Vulnerability in Intel(R) oneAPI Toolkit and Component Software Installers Intel(R) NUC BIOS Firmware Vulnerability: Privileged User Information Disclosure via Local Access OMRON CP1L-EL20DR-D Firmware Overwrite and Remote Code Execution Vulnerability DLL Hijacking Vulnerability in BIG-IP Edge Client Windows Installer (Versions 7.2.2 to 7.2.3.1) User Enumeration Vulnerability in Checkmk <=2.2.0p4 Use-after-free vulnerability in Linux Kernel io_uring subsystem allows local privilege escalation Screen Creator Advance 2 Ver.0.1.1.4 Build01 and Earlier: Use-After-Free Vulnerability Privilege Escalation Vulnerability in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier Sensitive Information Exposure in SUSHIRO App for Android Stack-based Buffer Overflow Vulnerability in Command Centre Server OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: Exploiting ys_thirdparty check_system_user Functionality Uninitialized Pointer Vulnerability in CX-Motion-MCH v2.32 and Earlier Improper Server Certificate Verification in Ichiran App for iOS and Android Untrusted Search Path Vulnerability in ELECOM Camera Assistant and QuickFileDealer SQL Injection Vulnerability in WP Replicate Post Plugin for WordPress (Versions up to 4.0.2) Stored Cross-Site Scripting Vulnerability in Unsupported Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G OS Command Injection Vulnerability in Milesight VPN v2.0.2: Remote Code Execution via liburvpn.so create_private_key Improper Message Integrity Enforcement Vulnerability in BIG-IP Edge Client for Windows and Mac OS Arbitrary Script Injection Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and Earlier iControl SOAP Format String Vulnerability CSRF Vulnerability in Unsupported Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G Reflected Cross-Site Scripting Vulnerability in Unsupported Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G XML External Entity (XXE) Vulnerability in tsClinical Define.xml Generator and Metadata Desktop Tools Blind SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Arbitrary SQL Query Execution Information Disclosure Vulnerability in Intel(R) Server Board BMC Firmware Arbitrary File Reading Vulnerability in GitHub Enterprise Server Arbitrary Environment Variable Injection in GitHub Enterprise Server Insecure Configuration of Automotive VM Listener Processing TEE Requests Camera Memory Corruption Vulnerability FMQ-based Data Transmission Vulnerability in VR Service: Memory Corruption Critical Vulnerability: Memory Corruption Exploit in Data Modem during MO and MT VOLTE Calls WLAN HOST Memory Corruption Vulnerability VM Compromise Vulnerability: Arbitrary Memory Overwrite and Memory Corruption via TX Write Bit Mask API Vulnerability in Multi-mode Call Processor: Memory Corruption Exploit Plaintext Password Storage Vulnerability in Snap One Wattbox WB-300-IP-3 Unrestricted Access to Private Personal Information in GitHub Repository microweber/microweber prior to 1.3.4 Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows CoS Queue Management DoS Vulnerability in Juniper Networks Junos OS on ACX2K Series Devices Missing Release of Memory after Effective Lifetime Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved BGP Route Processing Improper Handling of Unexpected Data Type Vulnerability in Juniper Networks Junos OS on SRX and MX Series Platforms Kernel Memory Leak Vulnerability in Juniper Networks Junos OS Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS TCP Processing Juniper Networks Junos OS Evolved PTX10003 Series Devices Memory Leak DDoS Vulnerability Uninitialized Pointer Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Buffer Overflow Vulnerability in Juniper Networks Junos OS on QFX10K Series Systems Privilege Escalation Vulnerability in GitHub Repository microweber/microweber prior to 1.3.4 Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Use After Free Vulnerability in Juniper Networks Junos OS Evolved Unauthenticated Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on QFX10K Series Out-of-bounds Write Vulnerability in Juniper Networks Junos OS on SRX and MX Series Improper Preservation of Consistency in MAC Limit Configuration Leading to Denial of Service (DoS) in Juniper Networks Junos OS Memory Exhaustion DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Incomplete Cleanup Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Validation of Array Index Vulnerability in Juniper Networks Junos OS SIP ALG Unchecked Input for Loop Condition Vulnerability in Juniper Networks Junos OS NAT Library Critical Heap-based Buffer Overflow Vulnerability in PoDoFo 0.10.0 (VDB-227226) Memory Leak Vulnerability in Juniper Networks Junos OS on MX Series Platforms with MPC10/MPC11 Line Cards Out-of-Bounds Write Vulnerability in Juniper Networks Junos OS Flow Processing Daemon (flowd) Improper Locking Vulnerability in Juniper Networks Junos OS on MX and SRX Series Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS IPsec Library Heap Memory Leak Vulnerability in Juniper Networks Junos OS PTX Series and QFX10000 Series H.323 ALG Out-of-Bounds Write Vulnerability in Juniper Networks Junos OS Buffer Overflow Vulnerability in Juniper Networks Junos OS SIP ALG Missing Release of Memory Vulnerability in Juniper Networks Junos OS Flow Processing Daemon (flowd) Open Redirect Vulnerability in BIG-IP APM Access Policy Out-of-bounds read vulnerability in Kostac PLC Programming Software (Formerly Koyo PLC Programming Software) Version 1.6.9.0 and earlier Critical SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store 1.0 (VDB-227227) Buffer Overflow Vulnerability in Kostac PLC Programming Software (Formerly Koyo PLC Programming Software) Version 1.6.9.0 and Earlier HTTP Profile Enforcement Options Vulnerability Use-after-free vulnerability in Kostac PLC Programming Software (Formerly Koyo PLC Programming Software) Version 1.6.9.0 and earlier Stored Cross-Site Scripting Vulnerability in SHIRASAGI v1.16.2 and Earlier: Schedule Function Stored Cross-Site Scripting Vulnerability in SHIRASAGI v1.16.2 and Earlier: Theme Switching Function Command Centre Server Privilege Validation Vulnerability Hard-coded API Key Vulnerability in Wolt Delivery: Food and more Android App Critical SQL Injection Vulnerability in SourceCodester Complaint Management System 1.0 (VDB-227228) Open Redirect Vulnerability in web2py Versions Prior to 2.23.1: Phishing Attack Vector Experion Server Stack Overflow DoS Vulnerability UAF Vulnerability in OpenHarmony-v3.1.5 and Prior: Privilege Escalation via check_permission_for_set_tokenid Arbitrary Script Injection Vulnerability in EC-CUBE Content Management Denial of Service vulnerability in Gallagher Controller 6000 and 7000 Critical SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0 Privilege Escalation Vulnerability in Intel(R) SCS Add-on Software Installer for Microsoft SCCM Seiko Solutions SkyBridge Series: Critical Function Authentication Bypass Vulnerability Escalation of Privilege Vulnerability in Intel(R) Server Board BMC Firmware Denial of Service Vulnerability in Intel Server Board BMC Firmware BIOS Firmware Vulnerability in Intel NUC Devices Enables Local Information Disclosure Information Disclosure Vulnerability in Open CAS Software for Linux Unison Software Vulnerability: Network-Based Privilege Escalation Privilege Escalation Vulnerability in Intel(R) NUC BIOS Firmware Unrestricted Upload Vulnerability in hansunCMS 1.4.3 (VDB-227230) Arbitrary File Upload Vulnerability in Advantech WebAccess/SCADA v9.1.3 and Prior Weak password vulnerability in Kiwi TCMS versions 11.6 and prior Unvalidated Discord Channel ID Input Vulnerability in Kenny2Automate User post count exposure vulnerability in Discourse Cross-Site Scripting (XSS) Vulnerability in Discourse Cross-Site Scripting (XSS) Vulnerability in Discourse Tag Descriptions Cross-Site Scripting Vulnerability in ViewVC Versions Prior to 1.2.2 and 1.1.29 Cross-Site Request Forgery (CSRF) Vulnerability in CKEditor Integration UI Redis Denial-of-Service Vulnerability in HRANDFIELD and ZRANDMEMBER Commands Unrestricted File Upload Vulnerability in SourceCodester Online Pizza Ordering System 1.0 Panic vulnerability in go-ipld-prime JSON codec when encoding Bytes tokens Cross-Site Scripting (XSS) vulnerability in sanitize-svg prior to v0.4.0 Stored XSS Vulnerability in Grafana's Text Plugin Hard-coded JwtSigKey in KubePi allows for arbitrary jwt token forgery and administrator account takeover Cross-Site Scripting Vulnerability in ViewVC Vulnerability in HTTP4s User-Agent and Server Header Parsers Vulnerability: Configuration Override in Tokio Named Pipe Server Quadratic Complexity DoS Vulnerability in Luxon's DateTime.fromRFC2822() Method Cross-Site Scripting (XSS) Vulnerability in Discourse Information Leakage Vulnerability in Nextcloud Deck 1.8.1 and earlier Unmasking Variable Secrets in Octopus Deploy: Exploiting the Variable Preview Function Database Error DoS Vulnerability in Nextcloud Deck Broken Access Control Vulnerability in Nextcloud Deck App Arbitrary POST Request Vulnerability in Deck Integration with Nextcloud Passcode Bypass Vulnerability in Nextcloud Talk Android App Allows Unauthorized Access to Files and Conversations Improper Client IP Address Validation in Parse Server Cross-Site Scripting Vulnerability in Canarytokens History Page Insufficient Access-Level Checks in Mantis Bug Tracker (MantisBT) Prior to 2.25.6 Denial of Service Vulnerability in Mercurius GraphQL Adapter for Fastify Unauthorized API Access and Sensitive Information Leakage in KubePi Session Fixation Vulnerability in KubePi Versions 1.6.3 and Below Unauthorized API Interface Access and Sensitive Information Leakage in KubeOperator 3.16.3 and Below Clear-text logging of passwords in FreshRSS API authentication failure Improper Authorization Bug in Argo CD Polynomial Time Complexity Vulnerabilities in cmark-gfm Polynomial Time Complexity Vulnerability in cmark-gfm Out-of-Bounds Read in cmark-gfm's validate_protocol Function Unbounded Resource Exhaustion Vulnerability in cmark-gfm Flarum Mentions Extension JSON:API Payload Leakage Vulnerability Flarum Notification Bypass Vulnerability Uncontrolled Reply Creation Vulnerability in Flarum Vulnerability: Local File Include, Server-Side Request Forgery, and PHAR Deserialization in wpForo Forum Plugin Arbitrary File Inclusion Vulnerability in Git JavaScript Injection Vulnerability in gatsby-transformer-remark Plugin Vulnerability: Insecure RefreshToken Handling in ZITADEL RSSHub Vulnerability: Server-Side Request Forgery (SSRF) Exploit Authentication Bypass Vulnerability in Izanami Docker Image Arbitrary Command Execution Vulnerability in Netdata Agent Netdata Agent Streaming Vulnerability: Unauthorized Access to MACHINE_GUID as API Key Vulnerability: Spoofing Interactive Permission Prompt in Deno Runtime Open Cluster Management (OCM) Vulnerability: Cluster-Level Privilege Escalation via Worker Node Access GLPI Incorrect Authorization Vulnerability: Unauthorized Access to Inventory Files Jira Service Management Server and Data Center Authentication Vulnerability: Impersonation and Unauthorized Access Information Disclosure in Atlassian Confluence Server and Data Center Broken Access Control Vulnerability in Atlassian Confluence Server Allows Unauthorized Attachment Upload High Severity RCE Vulnerability (CVE-2023-22505) in Confluence Data Center & Server High Severity Injection and RCE Vulnerability (CVE-2023-22506) in Bamboo Data Center High Severity RCE Vulnerability (CVE-2023-22508) in Confluence Data Center & Server Uncaught Exception Vulnerability in eemeli/yaml Prior to 2.0.0-5 High Severity RCE Vulnerability in Bitbucket Data Center and Server (Version 8.0.0) Unauthorized Creation of Confluence Administrator Accounts and Instance Access Vulnerability High Severity RCE Vulnerability in Bamboo Data Center and Server Versions 8.1.0 - 9.3.0 Unauthenticated Reset and Admin Account Creation Vulnerability in Confluence Local File Inclusion Vulnerability in Directorist WordPress Plugin High Severity RCE Vulnerability in Crowd Data Center and Server (Version 3.4.6) Confluence Template Injection Vulnerability Allows Remote Code Execution Critical Privileged RCE Vulnerability in Assets Discovery Agent Remote Code Execution Vulnerability in Atlassian Companion App for MacOS High Severity RCE Vulnerability in Confluence Data Center (Version 7.19.0) Template Injection Vulnerability in Confluence Data Center and Server Allows Remote Code Execution Denial of Service Vulnerability in `/v2/_catalog` Endpoint Stored Cross-Site Scripting (XSS) Vulnerability in Ko-fi Button WordPress Plugin Improper Access Control in Editor Components of LibreOffice Allows Unprompted Loading of External Links FTP Server Memory Consumption Vulnerability Reflected Cross-Site Scripting in Product Addons & Fields for WooCommerce WordPress Plugin Authentication Bypass in Devolutions Workspace Desktop 2023.1.1.3 and earlier: Unlocking Hub Business Space without Password Sensitive Information Exposure in Dell PowerScale OneFS Change Password API Dell PowerScale OneFS Cloudpool Sensitive Information Disclosure Vulnerability Dell PowerScale OneFS IPMI Log File Information Disclosure Vulnerability Dell PowerScale OneFS Log File Information Disclosure and Privilege Escalation Vulnerability Unauthenticated Information Disclosure in White Rabbit Switch Sequelize JS Library Vulnerability: SQL Injection Exploitation Sequelize JS Library: Improper Parameter Filtering Vulnerability CSV Formula Injection Vulnerability Improper Input Filtering in Sequelize JS Library: Potential for Sensitive Information Disclosure Root Privilege Escalation Vulnerability in White Rabbit Switch Reflected Cross-Site Scripting Vulnerability in Danfoss AK-EM100 Web Applications Critical SQL Injection Vulnerability in Danfoss AK-EM100 Web Forms Clear-text Storage of Login Credentials in Danfoss AK-EM100 Reflected Cross-Site Scripting Vulnerability in Danfoss AK-EM100 Web Applications Local File Inclusion Vulnerability in Danfoss AK-EM100 Web Applications Template Injection Vulnerability in alf.io prior to 2.0-M4-2304 Session Token Persistence Vulnerability in IBM Robotic Process Automation Insufficient Permission Settings in IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 Security Misconfiguration in IBM Robotic Process Automation for Cloud Pak Cross-Site Scripting (XSS) Vulnerability in IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 Cross-Site Scripting (XSS) Vulnerability in IBM B2B Advanced Communications and Multi-Enterprise Integration Gateway CWE-319: Cleartext Transmission of Sensitive Information in InHand Networks InRouter 302 and InRouter 615 InRouter 302 and 615 Vulnerability: OS Command Injection Leading to Remote Code Execution Vulnerability: Predictable Salt Usage in InHand Networks InRouter Devices User-Controlled Key Authorization Bypass in alf.io prior to 2.0-M4-2304 Unauthenticated MQTT Topic Subscription Vulnerability in InHand Networks InRouter Insufficiently Randomized MQTT ClientID Parameter Vulnerability in InHand Networks InRouter Authentication Bypass Vulnerability in Apache Shiro and Spring Boot Integration Authorization Bypass Vulnerability in WP Activity Log Plugin Allows User Enumeration Denial of Service Vulnerability in Geo SCADA Server via Incorrect Authorization Information Disclosure Vulnerability in EcoStruxure Geo SCADA Expert 2019-2021 Memory Corruption Vulnerability in InsydeH2O SMM Handler SMM Memory Corruption Vulnerability in InsydeH2O with Kernel 5.0-5.5 Insufficient Input Validation in BIOS Guard SMI Handler Leads to Memory Corruption in InsydeH2O SMRAM Corruption Vulnerability in Insyde InsydeH2O Insufficient Input Validation in InsydeH2O IhisiSmm Driver Leads to SMRAM Corruption Infinite Recursion Vulnerability in PowerDNS Recursor 4.8.0 Local Privilege Escalation Vulnerability in Nokia WaveLite Products Remote Code Execution Vulnerability in Rockwell Automation 1756-EN* Communication Devices Sessionid Information Disclosure and Authentication Bypass in SecurePoint UTM Authenticated Server-Side Template Injection (SSTI) in Strapi 4.5.5 Unpredictable Client Visits Vulnerability in WordPress XXE Vulnerability in Zoho ManageEngine Exchange Reporter Plus before 5708 Information Disclosure via EXPLAIN in PgHero before 3.1.0 Path Traversal Vulnerability in TitanFTP Denial-of-Service Vulnerability in Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A SQL Injection Vulnerability in IzyBat Orange Casiers (before 20221102_1) via getCasier.php?taille= URI Improper Access Controls Vulnerability in FortiNAC-F and FortiNAC Privilege Escalation via Modified Installer in FortiClientMac FortiWeb Unauthorized Configuration Download Vulnerability Cross-site Scripting (XSS) Vulnerability in FortiNAC-F and FortiNAC License Management Multiple Cross-Site Scripting (XSS) Vulnerabilities in FortiNAC Escalation of Privilege Vulnerability in Fortinet FortiOS and FortiProxy Improper Input Validation Vulnerability in SEL-411L Authenticated Code Execution Vulnerability in Fortinet FortiOS and FortiProxy Open Redirect Vulnerability in Fortinet FortiOS and FortiProxy Improper Certificate Validation Vulnerability in FortiAnalyzer and FortiManager OS Command Injection vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3 and openSUSE Leap 15.4 Sensitive Information Leakage through Log Files Improper Privilege Management in SUSE kubewarden: Arbitrary Secret Reading Vulnerability Improper Privilege Management in SUSE Rancher: Unauthorized Access to Kubernetes Secrets Improper Privilege Management in SUSE Rancher: Retention of User Permissions in Rancher UI Clickjacking Vulnerability in SEL-411L: Unauthorized UI Layer Manipulation Privilege Escalation Vulnerability in SUSE Rancher's Admission Webhook Update Logic Buffer Overflow Vulnerability in openSUSE libeconf: DoS via Malformed Config Files OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: Remote Command Execution via vtysh_ubus tcpdump_start_cb Arbitrary Script Execution Vulnerability in T&D Corporation and ESPEC MIC CORP. Data Logger Products Privilege Escalation Vulnerability in Intel(R) Xeon(R) Processors with Intel(R) SGX or Intel(R) TDX Out-of-bounds Read Vulnerability in Intel Media SDK and Intel oneVPL Software Command Injection Vulnerability in F5OS Tenant File Name Processing OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: Exploiting libzebra.so change_hostname Functionality Cross-Site Scripting Vulnerability in SEL-411L Heap-based Buffer Overflow Vulnerability in Ichitaro Version 2022 1.0.1.57600 Buffer Overflow Vulnerability in Intel(R) Server Board BMC Firmware Denial of Service Vulnerability in Intel(R) Server Board S2600BP UEFI Firmware Unison Software Vulnerability: Network-based Privilege Escalation Memory Resource Utilization Vulnerability in BIG-IP Virtual Server with HTTP/2 Profile and MRF Router Option Arbitrary JavaScript Execution Vulnerability in Apache Jena AMRWBPlus Audio Player Vulnerability: Memory Corruption with Modified Content Audio Buffer Overflow Vulnerability Audio IOCTLs Vulnerability: Memory Corruption Risk Heap-based Buffer Overflow in Open Design Alliance Drawings SDK Improper Input Validation Vulnerability in SEL-411L: Reflection Attacks against Authorized Users Heap-Based Buffer Overflow in Open Design Alliance Drawings SDK Command Injection Vulnerability in Ghidra RuntimeScripts Linux Launch Script CSRF Vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress Plugin CSRF Vulnerability in MageNet Website Monetization Plugin CSRF Vulnerability in Hal Gatewood Dashicons + Custom Post Types Anders Thorborg Missing Authorization Vulnerability Code Injection Vulnerability in BinaryStash WP Booklet CSRF Vulnerability in Rafael Dery Superior FAQ Plugin <= 1.0.2 Stored Cross-Site Scripting (XSS) Vulnerability in Nicolas Lemoine WP Better Emails Plugin <= 0.4 Versions Unauthenticated Access to All Stored Server Files in Plane 0.7.1 Stored XSS Vulnerability in Altanic No API Amazon Affiliate Plugin CSRF Vulnerability in Aarvanshinfotech Online Exam Software: eExamhall Plugin <= 4.0 Reflected XSS Vulnerability in Manuel Masia | Pixedelic.Com Camera Slideshow Plugin <= 1.4.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in Clio Grow Plugin <= 1.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in Subscribers.Com Subscribers Plugin <= 1.5.3 Stored Cross-Site Scripting (XSS) Vulnerability in Tips and Tricks HQ RSS Feed Subscription Plugin CSRF Vulnerability in TriniTronic Nice PayPal Button Lite Plugin Sensitive Information Storage Vulnerability in Jose Mortellaro Freesoul Deactivate Plugins CSRF Vulnerability in Abdul Ibad WP Tabs Slides Plugin <= 2.0.3 CSRF Vulnerability in Auto Affiliate Links Plugin <= 6.3 Deadlock Vulnerability in Linux Kernel Device Mapper-Multipathing Sub-component Stored XSS Vulnerability in Shopfiles Ltd Ebook Store Plugin CSRF Vulnerability in Tips and Tricks HQ Category Specific RSS Feed Subscription Plugin CSRF Vulnerability in Jeroen Peters Name Directory Plugin <= 1.27.1 CSRF Vulnerability in WP Google Tag Manager Plugin CSRF Vulnerability in BigContact Contact Page Plugin <= 1.5.8 CSRF Vulnerability in Hiroaki Miyashita Custom Field Template Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Custom4Web Affiliate Links Lite Plugin <= 2.5 Cross-Site Scripting (XSS) Vulnerability in Jason Bobich Theme Blvd Responsive Google Maps Plugin MainWP Wordfence Extension Missing Authorization Vulnerability Privilege Escalation via Arbitrary File Write in Netskope Client Service CSRF Vulnerability in PixelYourSite Plugin Cross-Site Scripting (XSS) Vulnerability in WPMobile.App Plugin (<= 11.13) Unauthenticated Reflected XSS Vulnerability in Webcodin WCP Contact Form Plugin <= 3.1.0 Reflected XSS Vulnerability in teachPress Plugin <= 8.1.8 Unauthenticated Reflected XSS Vulnerability in Collne Inc. Welcart e-Commerce Plugin <= 2.8.10 Unauthenticated Reflected XSS Vulnerability in PropertyHive Plugin <= 1.5.48 Cross-Site Scripting (XSS) Vulnerability in Wpsoul Greenshift Plugin CSRF Vulnerability in Atif N SRS Simple Hits Counter Plugin <= 1.1.0 CSRF Vulnerability in Tiempo.com WordPress Plugin Allows Arbitrary Shortcode Deletion Unauthenticated Reflected XSS Vulnerability in chilidevs Return and Warranty Management System for WooCommerce Plugin (<= 1.2.3) Stored Cross-Site Scripting (XSS) Vulnerability in Agent Evolution IMPress Listings Plugin <= 2.6.2 Stored Cross-Site Scripting (XSS) Vulnerability in TemplatesNext ToolKit Plugin <= 3.2.7 Cross-Site Scripting (XSS) Vulnerability in WordPress Download Manager Gutenberg Blocks Plugin CSRF Vulnerability in Supsystic Coming Soon Plugin Lester 'GaMerZ' Chan WP-CommentNavi Plugin <= 1.12.1 Authenticated Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting Vulnerability in OOPSpam Anti-Spam Plugin <= 1.1.35 Stored Cross-Site Scripting (XSS) Vulnerability in nCrafts FormCraft Plugin <= 1.2.6 Critical Reflected Cross-Site Scripting (XSS) Vulnerability in Jason Lau User Meta Manager Plugin CSV Injection vulnerability in GiveWP Reflected Cross-Site Scripting Vulnerability in Tiempo.com WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Robert Macchi WP Links Page Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Oi Yandex.Maps for WordPress <= 3.2.7 Cross-site Scripting (XSS) Vulnerability in GLPI Versions 9.4.0 to 10.0.5 Cross-site Scripting (XSS) Vulnerability in GLPI Versions Prior to 10.0.6 via Malicious RSS Feeds Cross-site Scripting Vulnerability in GLPI Versions 0.6.0 to 10.0.5 Arbitrary File Overwrite and Path Traversal Vulnerability in act SQL Injection Vulnerability in CakePHP's `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` Methods Improper Authorization Validation in Silverstripe Framework's GridField Print View Unvalidated Redirect Vulnerability in Silverstripe Framework Directory Traversal Vulnerability in Rapid7 Insight Agent Token Handler Versions 3.2.6 and Below Vulnerability: Bypassing Quantity Limits in Shopware Cart Arbitrary Code Execution in Twig Environment without Sandbox Extension in Shopware Shopware Administration Session Expiration Vulnerability Shopware Log Module Vulnerability: Unauthorized Access to User Accounts Vulnerability: Newsletter Double Opt-In Bypass in Shopware Arbitrary JavaScript Execution via File Upload in Zulip Authorization Bypass Vulnerability in Argo CD Missing Permissions Check Allows Unauthorized Removal of Bots in Wire Server Unintended Access Vulnerability in Vantage6 Federated Learning Infrastructure Unlimited Draft Size Vulnerability in Discourse Unlimited Chat Drafts Denial of Service Vulnerability in Discourse Heap overflow vulnerability in Sofia-SIP library allows for remote code execution Insecure Certificate Checking in libgit2's SSH Remote Git for Windows DLL Side-Loading Vulnerability Buffer Overrun Vulnerability in TPM2-TSS Software Stack (CVE-XXXX) Default secret key vulnerability in CKAN Docker images Aruba Networks Access Point Management Protocol (PAPI) UDP Port Command Injection Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Command Injection Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Command Injection Vulnerability WooCommerce Multivendor Marketplace – REST API Plugin for WordPress Unauthorized Data Access and Addition Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Command Injection Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Stack-Based Buffer Overflow Vulnerability Aruba Networks Access Point Management Protocol (PAPI) UDP Port Stack-Based Buffer Overflow Vulnerability PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution PAPI Protocol Buffer Overflow Vulnerabilities Enable Remote Code Execution ArubaOS Web Management Interface Authenticated Remote Command Injection Vulnerability ArubaOS Web Management Interface Authenticated Remote Command Injection Vulnerability Insecure Direct Object References in WCFM Membership Plugin for WordPress ArubaOS Web Management Interface Authenticated Remote Command Injection Vulnerability ArubaOS Web Management Interface Authenticated Remote Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability Cross-Site Request Forgery Vulnerability in WP Directory Kit Plugin (Versions up to 1.1.9) ArubaOS Command Line Interface Authenticated Command Injection Vulnerability Insufficient Session Expiration Vulnerability in ArubaOS Command Line Interface ArubaOS Authenticated Path Traversal Vulnerability Allows Arbitrary File Deletion ArubaOS Command Line Interface Authenticated Path Traversal Vulnerability Allows Arbitrary File Deletion ArubaOS Command Line Interface Authenticated Path Traversal Vulnerability Allows Arbitrary File Deletion ArubaOS Command Line Interface Information Disclosure Vulnerability ArubaOS Command Line Interface Authenticated Path Traversal Vulnerability ArubaOS Authenticated Information Disclosure Vulnerability ArubaOS Web Management Interface Stored XSS Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Local File Inclusion Vulnerability in WP Directory Kit Plugin (Versions up to 1.1.9) Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerabilities Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerabilities Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Aruba Access Point Management Protocol (PAPI) Buffer Overflow Vulnerability Unauthenticated DoS Vulnerability in Aruba InstantOS and ArubaOS 10 Aruba InstantOS and ArubaOS 10 Command Injection Vulnerabilities Aruba InstantOS and ArubaOS 10 Command Injection Vulnerabilities Vulnerability: Cross-Site Request Forgery in WP Directory Kit Plugin (up to version 1.2.1) Aruba InstantOS and ArubaOS 10 Command Injection Vulnerabilities Aruba WLAN Vulnerability: Complex Disclosure of Sensitive Information Regular Expression DoS Vulnerability in Action Dispatch SQL Injection Vulnerability in ActiveRecord Regular Expression DoS Vulnerability in Action Dispatch Catastrophic Backtracking DoS Vulnerability in Active Support Open Redirect Vulnerability in Rails 7.0.4.1: Bypassing Protection with Carefully Crafted URLs Open Redirect Vulnerability in Brave's Adblock Lists GlobalID <1.0.1 Regular Expression Denial of Service (ReDoS) Vulnerability Vulnerability: Unauthorized Data Modification and Loss in WP Directory Kit Plugin Unauthenticated Access Vulnerability in LS ELECTRIC XBC-DN32U PLC Unauthenticated User Creation Vulnerability in LS ELECTRIC XBC-DN32U PLC Improper Access Control in LS ELECTRIC XBC-DN32U: Remote Lockout of Data Reading ClearText Transmission of Sensitive Information in LS ELECTRIC XBC-DN32U Unauthenticated Remote Control and Tampering Vulnerability in LS ELECTRIC XBC-DN32U Memory Disclosure Vulnerability in Arm Android Gralloc Module Privilege Escalation via Sudoedit Argument Mishandling Unsanitized Websocket Event Exposes Archived Team Data in Mattermost Insecure TLS Protocols in SanDisk PrivateAccess Prior to 6.4.9: A Man-in-the-Middle Vulnerability Missing Access Controls and Authentication Requirement in Western Digital My Cloud and SanDisk ibi Apps and Web Apps Authentication Bypass Vulnerability in My Cloud OS 5 Devices Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices Post-Authentication Remote Command Injection Vulnerability in Western Digital My Cloud OS 5 Devices SSRF Vulnerability Allowing DNS Address Manipulation and Local Server Exploitation SanDisk Security Installer DLL Search Order Hijack Vulnerabilities Uncontrolled Resource Consumption Vulnerability in Western Digital My Cloud Devices Bypassing Administrator-Enforced Web Login Restrictions in Devolutions Remote Desktop Manager Memory Allocation Bypass Vulnerability in libssh's pki_verify_data_signature Function XML External Entity (XXE) Vulnerability in ExtractCCDAAttributes Processor in Apache NiFi Vulnerability: Bypass of Access Controls in Palantir Foundry Lime2 Versions 2.519.0 - 2.532.0 Unauthorized Analysis Creation Vulnerability in Contour Service Foundry Issues Denial of Service Vulnerability Information Leakage Vulnerability in Foundry's Linter Service Arbitrary Script Injection Vulnerability in EC-CUBE 4.x Product List and Detail Screens Rapid Response Mode DNS Profile Vulnerability Vulnerability: Unauthorized Modification of Data in WP Activity Log Premium Plugin Denial of Service Vulnerability in Intel(R) oneVPL GPU Software Unquoted search path vulnerability in Intel SysFwUpdt software installer SIP Profile Configuration Vulnerability in BIG-IP JavaScript Injection in Threat Intelligence Rules Authentication Bypass Vulnerability in Milesight VPN v2.0.2's verifyToken Functionality TGAInput::decode_pixel() Out-of-Bounds Read Vulnerability in OpenImageIO v2.4.7.1 Out-of-Bounds Read Vulnerability in Datakit CrossCadWare_x64.dll Information Disclosure Vulnerability in pg_ivm Versions Prior to 1.5.1: Unauthorized Access to Protected Data Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Potential Denial of Service Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Sling App CMS version 1.1.4 and Prior Cross-Site Request Forgery Vulnerability in WP Activity Log Premium Plugin PHP Object Injection Vulnerability in Tiki Spreadsheets Feature PHP Object Injection Vulnerability in Tiki before 24.2 via TikiImporter Blog WordPress CSRF Vulnerability in Tiki through 25.0: tiki-importer.php and tiki-import_sheet.php PHP Object Injection Vulnerability in Tiki (before 24.1) with feature_create_webhelp enabled Arbitrary File Download Vulnerability in Mitel MiContact Center Business Server Remote Code Execution in Kardex Mlog MCC 5.7.12+0-a203c2a213-master via Path Concatenation Vulnerability Stored XSS Vulnerability in BlogEngine.NET 3.3.8.0 Allows Arbitrary JavaScript Injection via Specially Crafted File Upload Stored XSS Vulnerability in BlogEngine.NET 3.3.8.0 Allows Arbitrary JavaScript Injection Unauthenticated Access to Unpublished Blog Files in BlogEngine.NET 3.3.8.0 Cross-Site Request Forgery Vulnerability in WP Activity Log for WordPress (up to version 4.5.0) Stored Cross-Site Scripting Vulnerability in IBM Cloud Pak for Business Automation Insecure Transmission of Authentication Credentials in IBM Aspera Connect and Cargo (IBM X-Force ID: 244107) Default HTTP Usage in IBM Robotic Process Automation Commands Cross-Site Scripting (XSS) Vulnerability in IBM Aspera Faspex 4.4.1 Information Disclosure Vulnerability in IBM Aspera Faspex 5.0.0 through 5.0.7 Arbitrary URL Access Vulnerability in Orbit Fox WordPress Plugin Cleartext Transmission Vulnerability in IBM Aspera Faspex 5.0.5 Denial of Service Vulnerability in IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS Insecure Certificate Key File Distribution in IBM QRadar SIEM Privileged User Information Disclosure Vulnerability in IBM Sterling B2B Integrator CSV Injection Vulnerability in IBM InfoSphere Information Server 11.7 Clear Text Storage of User Credentials in IBM InfoSphere Information Server 11.7 Otter WordPress Plugin PHAR Deserialization Vulnerability Information Disclosure Vulnerability in Zoom for Windows Clients Zoom Client STUN Parsing Vulnerability: Remote Denial of Service (DoS) Exploit Zoom Client STUN Parsing Vulnerability: Remote Denial of Service (DoS) Exploit Zoom Client for IT Admin Windows Installers Local Privilege Escalation Vulnerability Command Injection Vulnerability in Apache Airflow and Apache Airflow MySQL Provider Improper Input Validation in Apache Airflow JDBC Provider allows RCE attacks Unauthorized File Access in Apache Airflow (CVE-2021-XXXX) Apache Airflow Run ID Manipulation Vulnerability Remote Code Execution in SmartBear Zephyr Enterprise through 7.15.0 via User-Defined Input Reflected Cross-Site Scripting Vulnerability in WordPress Vertical Image Slider Plugin (up to version 1.2.16) Unauthenticated File Upload Vulnerability in SmartBear Zephyr Enterprise Privilege Escalation Vulnerability in SmartBear Zephyr Enterprise Allows Unauthorized Password Resets Information Disclosure Vulnerability in SmartBear Zephyr Enterprise Allows Unauthorized File Access Authentication Bypass Vulnerability in Strapi through 4.5.5 with AWS Cognito Sensitive User Details Disclosure in Strapi (CVE-2021-41163) Integer Overflow in mem.rs in bzip2 crate before 0.4.4 for Rust Information Disclosure Vulnerability in SecurePoint UTM Firewall Denial of Service Vulnerability in Pandora 1.3.0 via Deeply Nested ZIP Archive Unauthenticated ZIP Archive Decryption Vulnerability in Zip4j LenovoFlashDeviceInterface SMI Handler Local Privilege Escalation Vulnerability SQL Injection Vulnerability in Efence Login Function Path Traversal Vulnerability in ChangingTec MOTP System Insufficient Filtering in Openfind Mail2000 File Uploading Function Allows for XSS Attack Incorrect Access Control in User API Views Default TELNET Access with Root Privileges on Hero Qubo HCD01_02_V1.38_20220125 Devices Denial of Service Vulnerability in MediaWiki's SpecialMobileHistory Static Credentials Vulnerability in ManageEngine Access Manager Plus (AMP), Password Manager Pro, and PAM360 XSS Vulnerability in MediaWiki's Wikibase Date Formatting Cross-Site Scripting (XSS) Vulnerability in MediaWiki E-Widgets Insecure AES-CTR Encryption with Repeated Nonce in MediaWiki's CheckUser TokenManager Post-Authentication Command Injection Vulnerability in Zyxel USG FLEX and VPN Series Firmware Path Traversal Vulnerability in Zyxel USG FLEX and VPN Series Firmware Buffer Overflow Vulnerability in Zyxel USG FLEX Series Firmware Configuration Parser Input Sanitization Vulnerability Buffer Overflow Vulnerability in Zyxel ATP and USG Series Firmware Post-Authentication Information Exposure Vulnerability in Zyxel ATP, USG, VPN, NWA, WAC, and WAX Series Firmware Zyxel NBG6604 Firmware V1.01(ABIR.0)C0 Post-Authentication Command Injection Vulnerability Default Telnet Access Vulnerability in Zyxel LTE3316-M604 Firmware V2.00(ABMP.6)C0 Zyxel NBG-418N v2 Firmware XSS Vulnerability Buffer Overflow Vulnerability in Zyxel NBG-418N v2 Firmware: Remote DoS via Crafted Packets Format String Vulnerability in Zyxel NBG-418N v2 Firmware Buffer Overflow Vulnerability in Zyxel NBG-418N v2 Firmware Cross-Site Scripting (XSS) Vulnerability in SourceCodester Purchase Order Management System 1.0 Unauthenticated RSS Feed Overwrite Vulnerability in Splunk Enterprise Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise 9.0.4 and Below Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise XML View Vulnerability: Privilege Escalation via 'pivot' Command in Splunk Enterprise Splunk Enterprise 'display.page.search.patterns.sensitivity' Bypass Vulnerability Blind Server-Side Request Forgery (SSRF) Vulnerability in Splunk Enterprise Vulnerability: Arbitrary File Upload in Splunk Enterprise Lookup Tables Unrestricted Email Sending Vulnerability in Splunk Enterprise Versions Below 8.1.13, 8.2.10, and 9.0.4 Splunk Enterprise 'map' Command Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in UCMS 1.6.0 Component Column Configuration (saddpost.php) Unprotected Alias Commands in Splunk Enterprise Versions Below 8.1.13, 8.2.10, and 9.0.4 Improperly-Formatted 'INGEST_EVAL' Parameter Vulnerability in Splunk Enterprise Cross-Site Request Forgery (CSRF) Vulnerability in Splunk Secure Gateway (SSG) App Allows Unauthorized Collection Updates Insecure Reversion to HTTP in Splunk Add-on Builder and Splunk CloudConnect SDK Vulnerability: Unauthorized Mentorship Enrollment and Editing in GrowthExperiments Extension Privilege Escalation via Malicious Configuration Classes in Apache Spark Privilege Escalation via Insecure Folder Permissions in Shibboleth Service Provider (SP) Installation Path Unsecured Read Access to SSH Private Key in TigerGraph Enterprise Free Edition 3.x User Credentials Logging Vulnerability in TigerGraph Enterprise Free Edition 3.x Title: Libreswan IKEv1 Aggressive Mode Vulnerability in Red Hat Enterprise Linux Arbitrary Data Reading Vulnerability in TigerGraph Enterprise Free Edition 3.x Authentication Bypass Vulnerability in TigerGraph Enterprise Free Edition 3.x Code Injection Vulnerability in SugarCRM EmailTemplates Authenticated Remote Code Execution in ExpressionEngine (CVE-2021-12345) Insecure Firmware Validation Allows for Malicious Firmware Installation on AudioCodes VoIP Desk Phones Hard-coded Cryptographic Key Vulnerability in AudioCodes VoIP Desk Phones Hard-coded Cryptographic Key Vulnerability in AudioCodes VoIP Desk Phones Vulnerability: Spoofing of 2FA PIN Validation in Syracom Secure Login Plugin for Jira SQL Injection Vulnerability in WebChess 0.9.0 and 1.0.0.rc2: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName) Reflected Cross-Site Scripting Vulnerability in Loginizer WordPress Plugin Lexmark Products Vulnerability: Improper Control of Interaction Frequency Vulnerability: Mishandling of Personnummer with Matching Last Four Digits Authentication Bypass Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP Vulnerability: Unauthorized Password Resets in Profile Builder Plugin for WordPress Remote Code Execution Vulnerability in Bottles before 51.0 XSS Vulnerability in Hughes Network Systems Router Terminal for Multiple Versions Reflected Cross-site Scripting (XSS) Vulnerability in OpenEMR < 7.0.0 OpenEMR < 7.0.0 LFI Vulnerability in new.php Allows Code Execution Arbitrary File Read Vulnerability in OpenEMR < 7.0.0 via Path Traversal in setup.php Cross Site Scripting (XSS) Vulnerability in jfinal_cms 5.1.0 Stored Cross-Site Scripting Vulnerability in Online Booking & Scheduling Calendar for WordPress by vcita Plugin Axis 207W Network Camera: Reflected XSS Vulnerability in Web Administration Portal Cross Site Scripting (XSS) Vulnerability in Sourcecodester Simple Guestbook Management System v1 Unauthenticated Modification of Plugin Settings in Online Booking & Scheduling Calendar for WordPress by vcita Plugin Missing resource deallocation in dwc3_qcom_acpi_register_core in Linux kernel before 5.17 Unreleased Reference Vulnerability in qcom_aoss.c Driver Misinterpretation of module_get_next_page Return Value in Linux Kernel Misinterpretation of drm_gem_shmem_get_sg_table Return Value in virtgpu_object.c Misinterpretation of Return Value in dwc3-qcom.c in Linux Kernel Stored Cross-Site Scripting Vulnerability in Contact Form Builder by vcita Plugin for WordPress Improper Error Handling in Tegra XUSB Driver in Linux Kernel Misinterpretation of regulator_get Return Value in Linux Kernel UFS MediaTek Driver Misinterpretation of devm_gpiod_get_index_optional Return Value in Linux Kernel Bluetooth Driver Missing Error Handling in hashmap__new Function in Linux Kernel Misinterpretation of get_sg_table Return Value in Linux Kernel's malidp_planes.c Misinterpretation of alloc_memory_type Return Value in Linux Kernel Misinterpretation of mlx5_get_uars_page Return Value in Linux Kernel 5.15.13 and Earlier SQL Injection Vulnerability in ESPCMS P8.21120101 Background Login Function Denial of Service Vulnerability in Libreswan 4.9 Cross-Site Request Forgery Vulnerability in Contact Form Builder by vcita Plugin for WordPress Arbitrary Code Execution via XSS in Ecommerce-CodeIgniter-Bootstrap XSS Vulnerability in InvoicePlane 1.6 via filter_product Input Arbitrary Code Execution Vulnerability in craigrodway classroombookings 2.6.4 via bgcol Parameter in Weeks.php XSS Vulnerability in InventorySystem via edit_store_name and edit_active inputs XSS Vulnerability in Kalkun 0.8.0 via User_model.php XSS Vulnerability in Sourcecodester Oretnom23 Blog Site 1.0 Stored Cross-Site Scripting Vulnerability in vcita WordPress Plugin XSS Vulnerability in Sourcecodester Oretnom23 POS Point Sale System 1.0 XSS Vulnerability in Sourcecodester Oretnom23 Employee's Payroll Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Book Store Management System v1.0 Arbitrary Code Execution via XSS in Sourcecodester Oretnom23 Sales Management System 1.0 Cross-Site Request Forgery Vulnerability in vcita WordPress Plugin (Versions up to 2.6.4) Race Condition and Use-After-Free Vulnerability in Linux Kernel's VCC Device Handling Stored Cross-Site Scripting Vulnerability in Favorites Plugin for WordPress Deprecated MD5 Algorithm Used for Admin Password Hashing in TP-Link Router TL-WR940N V6 Stored Cross-Site Scripting Vulnerability in Download Manager Plugin for WordPress Improper Permissions in GeoVision GV-Edge Recording Manager 2.2.3.0 for Windows Allows Arbitrary Code Execution and Privilege Escalation Hard-coded Credentials Expose Sensitive Information in Qognify NiceVision Versions 3.1 and Prior Local File Disclosure Vulnerability in Cellinx NVT v1.0.6.002b Incorrect Access Control Vulnerability in TOTOLINK A720R V4.1.5cu.532_ B20210610 CSRF Vulnerability in GitHub Repository Builderio/qwik (prior to 0.104.0) XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 14 Purchase Component XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via Embedded Videos in Language Component Zoho Asset Explorer 6.9 XSS Vulnerability via Credential Name in New Assets Workstation Creation Support Center Plus 11 OS Command Injection Vulnerability in Schedule Creation XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via Comment Field XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 14: Comment Field in Assets Credentials Change Command Injection Vulnerability in Tenda CP7, CP3, IT7-PCS, IT7-LCS, and IT7-PRS Denial of Service Vulnerability in Kodi Home Theater Software 19.5 via Heap Buffer Overflow Buffer Overflow Vulnerability in MojoJson v1.2.3: Arbitrary Code Execution via SkipString Function Arbitrary Code Execution Vulnerability in MojoJson v1.2.3 Buffer Overflow Vulnerability in Barenboim json-parser Allows Arbitrary Code Execution Reflected Cross-Site Scripting Vulnerability in wpForo Forum WordPress Plugin Non-Endpoint Channel Access Vulnerability in SEL Real-Time Automation Controller (RTAC) NULL Pointer Dereference Vulnerability in crasm 1.8-3 Divide by Zero Vulnerability in crasm 1.8-3 Bypassing File System Restrictions in Google Chrome (CVE-2021-37976) Firmware Modification Vulnerability in Certain Netgear Products CRC Algorithm Vulnerability in Ubiquiti airFiber AF2X Radio Firmware Use After Free Vulnerability in Google Chrome on Android (Chromium Security Severity: High) Vulnerability: Firmware Modification via CRC Check Bypass in TRENDnet TV-IP651WI Network Camera Clickjacking Vulnerability in Connectwise Automate 2022.11 Lack of HSTS Implementation in Connectwise Control 22.8.10013.8329 Login Page Cross Origin Resource Sharing (CORS) Vulnerability in Connectwise Control 22.8.10013.8329 Arbitrary Read/Write Vulnerability in Google Chrome Sandbox on Windows Cleartext Authentication Vulnerability in Connectwise Automate 2022.11 Insecure App Transport Security (ATS) Settings in Selfwealth iOS Mobile App 3.3.1 Sensitive Key Disclosure in Selfwealth iOS Mobile App 3.3.1 Arbitrary Code Execution via Crafted JPG File Upload in Ftdms v3.1.6 Arbitrary File Deletion Vulnerability in LMXCMS v1.41 via BackdbAction.class.php Bypassing Navigation Restrictions in Google Chrome DevTools Buffer Overflow Vulnerability in avc_parse_slice Function Integer Overflow Vulnerability in Q_DecCoordOnUnitSphere Function Memory Leak Vulnerability in GPAC Version 2.2-rev0-gab012bbfb-master's lsr_read_rare_full Function Command Execution Vulnerability in DEK-1705 Firmware:34.23.1 Arbitrary File Deletion Vulnerability in OpenCart 4.0.0.0 to 4.0.2.2 Critical Code Execution Vulnerability Found in SA-WR915ND Router Firmware v17.35.1 Arbitrary File Deletion Vulnerability in bloofoxCMS v0.5.2.1 SQL Injection Vulnerability in Art Gallery Management System Project in PHP 1.0 SQL Injection Vulnerability in Art Gallery Management System Project in PHP 1.0 Stored XSS Vulnerability in Art Gallery Management System Project v1.0 via Crafted Payload in Fullname Parameter Stored XSS Vulnerability in Art Gallery Management System Project v1.0 Local File Exfiltration via Typora Path Handling Vulnerability Reflected XSS Vulnerability in Art Gallery Management System Project v1.0 SQL Injection Vulnerability in Art Gallery Management System Project v1.0 SQL Injection Vulnerability in Art Gallery Management System Project v1.0 Title: Vulnerability Alert: Local File Inclusion and Server-Side Request Forgery Directory Traversal in Synapsoft PDFocus 1.17 DOM-based XSS in Typora's updater/update.html allows arbitrary JavaScript execution DOM-based XSS in pasteCtrl.js in MarkText 0.17.1 and earlier versions allows arbitrary code execution in MarkText main window Red Hat Enterprise Linux 9.2 Update Failure: Webpack Issue CVE-2023-28154 Vulnerability Authentication Bypass Vulnerability in IS Decisions UserLock MFA 11.01 via Scheduled Task Reflected Cross-Site Scripting in CF7 Google Sheets Connector WordPress Plugin Memory Leak in lib60870 Multi-Client Server Example Cross-Site Scripting (XSS) Vulnerability in Genesys Administrator Extension (GAX) via iWD Business Structure Page (GAX-11261) Reflected Cross-Site Scripting Vulnerability in WPForms Google Sheet Connector WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Reflected Cross-Site Scripting Vulnerability in Elementor Forms Google Sheet Connector and gsheetconnector-for-elementor-forms-pro WordPress Plugins Stored XSS Vulnerability in M-Files Classic Web: Remote Code Execution via Stored HTML Document CSRF Vulnerability in Gravity Forms Google Sheet Connector WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Cross Site Scripting (XSS) vulnerability in Snippet-box 1.0.0 SQL Injection Vulnerability in Canteen Management System 1.0 via /php_action/getOrderReport.php Cross-site Scripting (XSS) Vulnerability in pimcore/pimcore GitHub Repository Cross Site Scripting (XSS) Vulnerability in Provide Server 14.4 via Login Form CSRF Vulnerability in WooCommerce Google Sheet Connector WordPress Plugin Command Injection Vulnerability in Korenix JetWave 4200 and JetWave 3000 Series Command Injection Vulnerability in Korenix Jetwave 4200 and JetWave 3000 Series Denial of Service Vulnerability in Korenix JetWave 4200 and JetWave 3200 Series Integer Overflow Vulnerability in CIQ API Method `Toybox.Graphics.BufferedBitmap.initialize` Bypassing Permission System in GarminOS TVM Component: Unauthorized Access to Sensitive Data CSRF Vulnerability in Caldera Forms Google Sheets Connector WordPress Plugin Buffer Overflow Vulnerability in `Toybox.Cryptography.Cipher.initialize` API Method Out-of-Bounds Memory Read Vulnerability in CIQ API Buffer Overflow Vulnerability in CIQ API Method `Toybox.GenericChannel.setDeviceConfig` Buffer Overflow Vulnerability in CIQ API Method `Toybox.Ant.GenericChannel.enableEncryption` Unauthorized Access to Toybox.SensorHistory Module in GarminOS TVM Component Buffer Overflow Vulnerabilities in GarminOS TVM Component Type Confusion Vulnerability in Toybox.Ant.BurstPayload.add API Method Unquoted Service Path Vulnerability in 42Gears Surelock Windows SureLock Service Draytek Router Web Application Cross Site Scripting (XSS) Vulnerability Arbitrary Code Execution via File Upload in zdir v3.2.0 Blind SQL Injection Vulnerability in PrestaShop StripeJS Module Hardcoded Credentials in Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 Command Injection Vulnerability in Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 Stored XSS Vulnerability in AvantFAX 3.3.7 Allows Session Hijacking Information Disclosure Vulnerability in AvantFAX 3.3.7: Unprotected Storage of Sent/Received Faxes and Database Backups File Upload Bypass Vulnerability in AvantFAX 3.3.7 Reflected Cross-Site Scripting Vulnerability in Ninja Forms Google Sheet Connector WordPress Plugin Local File Inclusion Vulnerability in Amano Xparc Parking Solutions 7.1.3879 SQL Injection Vulnerability in Amano Xoffice Parking Solutions 7.1.3879 SolarView Compact Command Injection Vulnerability Circumvention of Cryptographic Key Validation through Local File Manipulation Clickjacking Vulnerability in HCL BigFix OSD Bare Metal Server 311.12 or Lower Unauthorized Access to Administrator Page in BigFix WebUI Insights Site (Version 14) Vulnerability: Broken Cryptographic Algorithm in HCL DRYiCE MyCloud Vulnerability: Broken Cryptographic Algorithm in HCL DRYiCE iAutomate Configuration File Edit Vulnerability in HCL Launch Vulnerability in Kaspersky Password Manager allows credential theft from memory dump Insecure Storage of Admin Credentials in surelockwinsetupv2.40.0.Exe OS Command Injection Vulnerability in QNAP Operating Systems GitHub Repository Path Traversal Vulnerability in pimcore/pimcore (prior to 10.5.21) Remote Command Execution Vulnerability in QNAP Operating Systems Buffer Copy Without Size Checking Vulnerability in QNAP Operating System Unbounded Buffer Copy Vulnerability in QNAP Operating Systems Music Station Path Traversal Vulnerability Allows Unauthorized File Access Music Station Path Traversal Vulnerability Allows Unauthorized File Access Title: OS Command Injection Vulnerability in QNAP Operating Systems Allows Remote Command Execution Critical OS Command Injection Vulnerability in QNAP Operating Systems OS Command Injection Vulnerability in QNAP Operating System Versions Reflected Cross-Site Scripting in ConvertKit WordPress Plugin (CVE-2021-12345) Insufficiently Protected Credentials Vulnerability in QVPN Device Client Cleartext Transmission of Sensitive Information Vulnerability in QVPN Device Client Critical Cross-Site Scripting (XSS) Vulnerability Patched in QNAP Operating System Versions QUSBCam2 OS Command Injection Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Critical Remote Code Execution Vulnerability in Microsoft ODBC and OLE DB Windows Common Log File System Driver Privilege Escalation Vulnerability 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution 3D Printer Remote Code Execution Vulnerability Guardian Breached: Microsoft Defender for IoT Elevation of Privilege Vulnerability Exposed Critical SQL Injection Vulnerability in pimcore/pimcore Repository (Version < 10.5.21) Exploiting Visual Studio Remote Code Execution Vulnerability Azure Machine Learning Compute Instance Information Disclosure Vulnerability Service Fabric Explorer URL Spoofing Vulnerability SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Windows PPPoE Privilege Escalation Vulnerability BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Unprivileged Access Exploit in Microsoft Defender Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 3D Builder Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable for Unauthorized Code Execution Office for Android App Spoofing Vulnerability HTTP Protocol Stack RCE Vulnerability Windows BrokerInfrastructure Service Privilege Escalation Vulnerability CSRSS Information Disclosure Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Crash Vulnerability: Exploiting Denial of Service Outlook Privilege Escalation Vulnerability Excel Impersonation Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Critical Remote Code Execution Vulnerability in Windows DNS Server Windows Media Player Remote Code Execution Vulnerability Windows Media Player Remote Code Execution Vulnerability Print Nightmare: Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Pervasive Windows PPTP Remote Code Execution Vulnerability RPC Runtime RCE Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Windows PPPoE Remote Code Execution Vulnerability Azure Apache Ambari Spoofing Vulnerability: Unauthorized Access and Data Manipulation Risk CSRSS Information Disclosure Vulnerability Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Windows HTTP.sys Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows Accounts Picture Privilege Escalation Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Windows PPPoE Remote Code Execution Vulnerability ICMP Remote Code Execution Vulnerability: A Critical Threat to Network Security CryptoCode: Exploiting Windows Cryptographic Services for Remote Code Execution Windows Partition Management Driver Privilege Escalation Vulnerability Windows Resilient File System (ReFS) Privilege Escalation Vulnerability Windows Resilient File System (ReFS) Privilege Escalation Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Honor Products Vulnerable to File Writing Exploit with Potential Code Execution Honor Products Vulnerable to File Writing Exploit Leading to Information Disclosure Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions DOM-based Cross-site Scripting (XSS) in GitHub repository pimcore/pimcore prior to 10.5.21 Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Honor Products Vulnerable to Signature Management Exploit Honor Products Vulnerable to Signature Management Exploit Honor Products Vulnerable to Signature Management Exploit Honor Products Vulnerable to Information Leak Exploitation Honor Products Vulnerable to Signature Management Exploit Signature Management Vulnerability in Honor Products Honor Products Vulnerable to Information Leak Exploitation Honor Products Vulnerable to Privilege Assignment Vulnerability: Potential Device Service Exceptions Honor Products Vulnerable to Information Leak Exploitation Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-227587) Honor Products Vulnerable to Information Leak Exploitation Out of Bounds Read Vulnerability in Certain Honor Products: Potential Information Leak Type Confusion Vulnerability in Honor Products: Potential Information Leak Type Confusion Vulnerability in Honor Products: Potential Information Leak Unauthenticated Remote Attack to Influence Device Availability via UDP Packet Broadcast Unauthorized Access to Data Fields via REST Interface in SICK FTMg AIR FLOW SENSOR Unprivileged Remote File Download Vulnerability in SICK FTMg AIR FLOW SENSOR Uncontrolled Resource Consumption Vulnerability in SICK FTMg AIR FLOW SENSOR Sensitive Information Exposure in SICK FTMg AIR FLOW SENSOR: Source Code Analysis Vulnerability Remote Information Disclosure Vulnerability in SICK FTMg AIR FLOW SENSOR Improper Authorization Vulnerability in SourceCodester Service Provider Management System 1.0 Authentication Bypass Vulnerability in SICK FTMg AIR FLOW SENSOR Telnet Enabled with Default Configuration and No Password Set Arbitrary Remote Code Execution in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 via Missing Authentication Arbitrary Remote Code Execution in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 via Missing Authentication Type Confusion Vulnerability in cbq_classify in Linux Kernel Type Confusion Vulnerability in atm_tc_enqueue in Linux Kernel Heap-Based Buffer Overflow Vulnerability in UPX's PackTmt::pack() Function Segmentation Fault Vulnerability in UPX: Denial of Service via PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp Unspecified Request Vulnerability in Sunell DVR: Unauthorized Access to Sensitive Information SQL Injection Vulnerability in Windows Operating System Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-227589) Authentication Bypass Vulnerability in Priority Web Version 19.1.0.68 Libpeconv - Pre-Commit Access Violation Vulnerability Integer Overflow Vulnerability in Libpeconv Unprotected Credentials Exposed in Sunell DVR (CWE-522) Permissive Flash Cross-domain Policy in Media CP Media Control Panel: Potential Information Disclosure Vulnerability CSRF Vulnerability in Media CP Media Control Panel Insufficient Credential Protection in Media CP Media Control Panel Reflected XSS Vulnerability in Media CP Media Control Panel Insufficient Security Configuration in IBM Robotic Process Automation for Cloud Pak Local File Disclosure Vulnerability in IBM ICP4A - Automation Decision Services Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-227590) Elevated Privilege Vulnerability in IBM i 7.2, 7.3, 7.4, and 7.5 Cross-Site Request Forgery (CSRF) Vulnerability in IBM InfoSphere Information Server 11.7 Information Disclosure Vulnerability in IBM Cognos Controller Cross-Site Scripting (XSS) Vulnerability in IBM Infosphere Information Server 11.7 Insufficient Authorization Validation in IBM Robotic Process Automation API Routes Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Traditional Critical SQL Injection Vulnerability in SourceCodester Service Provider Management System 1.0 (VDB-227591) Cross-Site Scripting (XSS) Vulnerability in IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 Stored Cross-Site Scripting Vulnerability in IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 Remote Click Hijacking Vulnerability in IBM Sterling Partner Engagement Manager Insufficient Audit Logging Vulnerability in IBM Db2 for Linux, UNIX and Windows Unauthenticated SQL Injection Vulnerability in Paid Memberships Pro WordPress Plugin Unauthenticated SQL Injection Vulnerability in Easy Digital Downloads WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SourceCodester Service Provider Management System 1.0 Authenticated SQL Injection Vulnerability in Survey Maker WordPress Plugin (Version < 3.1.2) Reflected Cross-Site Scripting Vulnerability in Quick Event Manager WordPress Plugin Authenticated SQL Injection Vulnerability in Login with Phone Number WordPress Plugin Unauthenticated User Can Remount Encrypted Volume Without Password Prompt Buffer Overflow Vulnerability Patched in iOS 16.4 and iPadOS 16.4 Improved Redaction of Sensitive Information in macOS Sonoma 14 Arbitrary Code Execution Vulnerability in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2, iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3, and iPadOS 16.3 Root Privilege Escalation Vulnerability in macOS Big Sur, Ventura, and Monterey Email Forwarding Vulnerability in iOS, iPadOS, and macOS Vulnerability: User-sensitive data exposure through app access Cross-Site Scripting (XSS) Vulnerability in SourceCodester Service Provider Management System 1.0 Memory Handling Vulnerability in macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3 Improved Memory Handling in macOS Ventura 13.2: Fixing Kernel Memory Disclosure Vulnerability Vulnerability: Kernel Memory Layout Disclosure in macOS and iOS Privacy Preference Bypass Vulnerability Arbitrary Code Execution Vulnerability in macOS and iOS Improved Private Data Redaction for Log Entries in macOS Monterey 12.6.3 and Other OS Versions Improved Validation Fixes Permissions Issue Allowing Unauthorized Access to User-Sensitive Data in macOS Ventura 13.2 Arbitrary Code Execution Vulnerability in macOS Monterey and Ventura Vulnerability: App Bypasses Privacy Preferences in macOS Vulnerability in WP Directory Kit Plugin Allows Unauthorized Data Modification and Loss Improved Validation Fixes Safari History Access Vulnerability in macOS Ventura 13.2 Privacy Bypass Vulnerability Patched in macOS Monterey 12.6.3 and iOS 16.3 Cache-based Denial-of-Service Vulnerability Buffer Overflow Vulnerability in macOS Samba Network Share Mounting Use After Free Vulnerability in macOS and iOS Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in macOS Arbitrary Code Execution Vulnerability in macOS, watchOS, Safari, tvOS, iOS, and iPadOS Arbitrary Code Execution Vulnerability in macOS, watchOS, Safari, tvOS, iOS, and iPadOS Memory Corruption Vulnerability in Image Processing Cross-Site Request Forgery Vulnerability in CHP Ads Block Detector Plugin for WordPress Vulnerability Patched: Privilege Escalation via Arbitrary File Read Improved Handling of Temporary Files in macOS Ventura 13.2.1 Addresses Privacy Vulnerability Hidden Photos Album Vulnerability: Unauthorized Access through Visual Lookup Improved Input Validation Fixes Denial-of-Service Vulnerability in Apple Devices Privilege Escalation Vulnerability in macOS and iOS Gatekeeper Vulnerability: Bypassing File Checks in iCloud Shared-by-Me Folder Vulnerability Patched: Unauthorized Access to Protected File System Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in tvOS, iOS, and iPadOS Type Confusion Vulnerability in Apple Software Allows Arbitrary Code Execution Vulnerability: Unauthorized Plugin Settings Update and Reset in CHP Ads Block Detector Plugin for WordPress Improved Memory Handling Vulnerability Improved Memory Handling Vulnerability Sandbox Escape Vulnerability Patched in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4 Vulnerability: Logic Issue Allows Unauthorized Modification of File System Memory Disclosure Vulnerability in macOS Ventura 13.3 and macOS Big Sur 11.7.5 Memory Disclosure Vulnerability in Image Processing Arbitrary Code Execution Vulnerability in macOS and iOS Improved Private Data Redaction for Log Entries in macOS Ventura 13.3, iOS 16.4, and iPadOS 16.4: Addressing Privacy Vulnerability Vulnerability: Logic Issue Allows Unauthorized Modification of File System Buffer Overflow Vulnerability in macOS Ventura 13.2 Allows Arbitrary Code Execution via Malicious Samba Network Share Stored Cross-Site Scripting Vulnerability in CHP Ads Block Detector Plugin for WordPress Arbitrary Code Execution Vulnerability in Memory Handling Improved Private Data Redaction for Log Entries in iOS and iPadOS 15.7.4 and 16.4 Improved Private Data Redaction for Log Entries in macOS Ventura 13.3, macOS Monterey 12.6.4, and macOS Big Sur 11.7.5 Sandboxed App Camera Usage Disclosure Vulnerability Authentication Bypass Vulnerability in T&D Corporation and ESPEC MIC CORP. Data Logger Products Privilege Escalation via Misconfigured urvpn_client in Milesight UR32L v32.3.0.5 Directory Traversal Vulnerability in Milesight UR32L v32.3.0.5: Arbitrary File Read Critical Reflected XSS Vulnerability in Checkmk Business Intelligence Denial of Service Vulnerability in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 via Long Hostnames DLL Hijacking Vulnerability in Acronis Snap Deploy (Windows) before build 3900 OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5: ys_thirdparty user_delete Functionality Remote Code Execution Vulnerability in Control By Web X-600M Devices Memory Resource Utilization Vulnerability in BIG-IP Advanced WAF and BIG-IP ASM Cross-Site Scripting Vulnerability in Control By Web X-400 Devices Uncontrolled Search Path Element Vulnerability in pg_ivm Undisclosed Traffic Termination Vulnerability in BIG-IP Virtual Edition and BIG-IP SPK Out-of-Bound Write Vulnerability in Hermes JavaScript Engine Hermes Algorithm Type Confusion Vulnerability Fixed Path Vulnerability in Eternal Terminal 6.2.1's TelemetryService Integer Overflow in rndis_query_oid in Linux Kernel Relative Path Traversal Vulnerability in mlflow/mlflow (prior to 2.3.1) SSRF Vulnerability in Lexmark Products: Lack of Input Validation Incorrect Access Control in Stormshield Endpoint Security 2.3.0 through 2.3.2 allows authenticated users to read sensitive information Incorrect Access Control in Stormshield Endpoint Security 2.3.0 through 2.3.2 allows authenticated users to update global parameters SQL Injection Vulnerability in Geomatika IsiGeo Web 6.0 Remote Command Execution Vulnerability in Geomatika IsiGeo Web 6.0 Local File Inclusion Vulnerability in Geomatika IsiGeo Web 6.0 Bypassing 2-Step Verification in Axigen 10.3.3.52: Unauthorized Mailbox Access Heap-Based Buffer Overflow in Accusoft ImageGear 20.1's CreateDIBfromPict Functionality Privilege Escalation Vulnerability in Command Centre Server Allows Unauthorized Access to Personal Data Fields Stack-based Buffer Overflow in Intel(R) Trace Analyzer and Collector Software (Before Version 2021.8.0) Bypassing Client-Side Enforcement of Server-Side Security in Gallagher Command Centre Access Violation Vulnerability in Milesight UR32L v32.3.0.5 Eventcore Functionality Arbitrary script injection vulnerability in SEIKO EPSON printers/network interface Web Config Improper Access Control in Intel(R) Unite(R) Android Application: Potential Information Disclosure via Local Access Blind SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Improper Access Control Vulnerability in CONPROSYS IoT Gateway Products Privileged User Physical Access Vulnerability Uncontrolled Search Path Element Vulnerability in ITE Tech Consumer Infrared Drivers for Intel(R) NUC Remote Unauthenticated Access to SkyBridge MB-A200 ADB Port Vulnerability Out-of-Bounds Write Vulnerability in Datakit CrossCadWare_x64.dll Plaintext Password Storage Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Stack-based Buffer Overflow in Intel(R) Trace Analyzer and Collector Software (before version 2021.8.0) - Local Privilege Escalation Vulnerability Denial-of-Service Vulnerability in SoftEther VPN's vpnserver EnSafeHttpHeaderValueStr Functionality Heap-Based Buffer Overflow in Snap One Wattbox WB-300-IP-3 Versions WB10.9a17 and Prior Intel(R) Processor Vulnerability: Sequence of Instructions Enables Privilege Escalation, Information Disclosure, and Denial of Service Insecure Data Inference in Gallagher Command Centre RESTAPI Experion Server Heap Overflow Vulnerability Kernel Memory Information Leakage via io_uring Vulnerability Non-Unique TLS Certificate Vulnerability in SIMATIC IPC Devices Unsafe SOCKS4 Protocol Logic Error in Tor 0.4.7.13: TROVE-2022-002 Arbitrary File Upload and Remote Code Execution in Slider Revolution WordPress Plugin Denial of Service Vulnerability in Mercedes-Benz XENTRY Retail Data Storage 7.8.1 Log Information Disclosure Vulnerability in Terminalfour Remote Information Disclosure Vulnerability in WALLIX Access Manager 3.x through 4.0.x CL4NX Printer Web Client Interface Authentication Bypass Vulnerability BlueCat Device Registration Portal 2.2 XXE Vulnerability OS Command Injection in jc21 NGINX Proxy Manager Arbitrary File Read Vulnerability in Firefox < 109 Arbitrary File Read Vulnerability in Firefox and Thunderbird Improper Sanitization of Curl Command Output in Firefox, Thunderbird, and Firefox ESR CORS Misconfiguration in Acronis Cyber Infrastructure (ACI) before build 5.2.0-135 Leads to Sensitive Information Disclosure Cross-Origin Notification Leakage in Firefox for Android (Versions < 109) Cross-Origin URL Dragging Vulnerability WebSocket Connection Bypass Vulnerability in Firefox, Thunderbird, and Firefox ESR Inadequate Regular Expression Filtering in Console.log Allows Exfiltration of Data from Firefox, Thunderbird, and Firefox ESR Duplicate SystemPrincipal Object Creation Vulnerability in Firefox < 109 Memory Corruption Vulnerabilities in Firefox 108 and Firefox ESR 102.6 Critical Memory Corruption Vulnerability in Firefox 108 Unrestricted File Upload Vulnerability in erohtar/Dasherr Arbitrary API Endpoint Redirection in Spotipy Library (CVE-2021-XXXX) Out-of-Bounds Write Vulnerability in Contiki-NG BLE-L2CAP Module Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Improper Privilege Management in GLPI Allows Unauthorized Data Export LTI Consumer XBlock Missing Authorization Vulnerability OpenSearch JWT Role Claim Trimming Vulnerability Field-Level Security Bypass in OpenSearch Insufficient Session Expiration in Pi-hole®'s Web Interface Allows for Persistent Cookie-Based Attacks Unauthenticated User Can Create Topics Without Title or Content in Discourse Embeddable Comments Unrestricted Character Limit in Membership Request Reason Field Infinite Loop Vulnerability in OpenMage LTS eCommerce Platform Insecure Execution of External Executables in Git for Windows Code Injection Vulnerability in Modelina Library Reflected Cross-Site Scripting Vulnerability in Multiple WordPress Plugins Unrestricted Access to Contents of Restricted Tags in Discourse Regular Expression Denial of Service (ReDoS) Vulnerability in Discourse Tag topic count vulnerability in Discourse Content-Security-Policy Bypass in Electron with Disabled Sandbox Discourse Hidden Tag Filtering Vulnerability Vulnerability: Panics and Virtual Memory Leaks in go-unixfs HAMT Sharded Directories Panic Vulnerability in go-bitfield Package Cross-site Scripting (XSS) Vulnerability in Sanitize 5.0.0 - 6.0.0 Metabase Dashboard Subscription Information Disclosure Vulnerability Improper Privilege Management in Metabase Subscriptions Critical SQL Injection Vulnerability in SourceCodester Resort Reservation System 1.0 (CVE-2021-227639) XSS Vulnerability in Eta Templating Engine for Express API Panic and Virtual Memory Leak Vulnerability in go-unixfsnode Prior to 1.5.2 Local Authentication Bypass in BeyondTrust Privileged Remote Access (PRA) Versions 22.2.x to 22.4.x SQL Injection Vulnerability in Documize 5.4.2: Remote Code Execution via /api/dashboard/activity Endpoint Stored XSS Vulnerability in Jellyfin 10.8.x through 10.8.3 Allows Theft of Access Tokens Stored XSS Vulnerability in Jellyfin 10.8.x through 10.8.3 Allows Theft of Access Tokens Stored XSS Vulnerability in IMPatienT before 1.5.2 Allows Attackers to Steal Protected Health Information Dubbo Deserialization Vulnerability CVE-2023-23639 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Resort Reservation System 1.0 CVE-2023-23640 Stored Cross-Site Scripting (XSS) Vulnerability in WPmanage Uji Popup Plugin <= 1.4.3 Code Injection Vulnerability in MainWP Code Snippets Extension CSRF Vulnerability in A WP Life Album Gallery – WordPress Gallery Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Sk. Abul Hasan Team Member – Team with Slider Plugin <= 4.4 Deserialization of Untrusted Data Vulnerability in MainWP Links Manager Extension Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (VDB-227641) MainWP MainWP Code Snippets Extension Plugin <= 4.0.2 - Stored XSS Vulnerability MainWP Google Analytics Extension Plugin <= 4.0.4 - Authenticated SQL Injection Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in SparkPost Plugin <= 3.2.5 Unrestricted Upload of Dangerous File Type in MainWP File Uploader Extension Stored Cross-Site Scripting (XSS) Vulnerability in Webforward Mail Subscribe List Plugin CSRF Vulnerability in MainWP Matomo Extension <= 4.0.4 Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (VDB-227642) MainWP MainWP Maintenance Extension Plugin <= 4.1.1 - Authenticated SQL Injection Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in ConvertBox Auto Embed WordPress Plugin BeRocket Brands for WooCommerce Plugin <= 3.7.0.6 - Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in GiveWP Plugin <= 2.25.1 Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 Cross-Site Scripting (XSS) Vulnerability in Team Heateor Fancy Comments WordPress Plugin CSRF Vulnerability in Muneeb Layer Slider Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Harish Chouhan, Themeist I Recommend This Plugin <= 3.8.3 Stored Cross-Site Scripting (XSS) Vulnerability in RVOLA WP Original Media Path Plugin <= 2.4.0 Stored XSS Vulnerability in Catchsquare WP Smart Preloader Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Bruno Aesqe Babic File Gallery Plugin <= 1.8.5.3 GTmetrix for WordPress Plugin <= 0.4.5 XSS Vulnerability CSV Injection vulnerability in WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) User-Controlled Key Authorization Bypass in JS Help Desk: Exploiting Unconstrained ACLs Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (VDB-227644) CSRF Vulnerability in Bob Goetz WP-TopBar Plugin <= 5.36 Stored Cross-Site Scripting (XSS) Vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 Stored Cross-Site Scripting (XSS) Vulnerability in EZP Maintenance Mode Plugin <= 1.0.1 Stored XSS Vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder Plugin WPGraphQL Server-Side Request Forgery (SSRF) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in RadiusTheme Portfolio Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Brett Shumaker Simple Staff List Plugin <= 2.2.2 Youtube Shortcode <= 1.8.5 Auth. Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Sumo Social Share Boost Plugin <= 4.4 Uncontrolled Resource Consumption Vulnerability in Dell PowerScale Nodes Critical SQL Injection Vulnerability in SourceCodester Faculty Evaluation System 1.0 (VDB-227645) Improper Check for Certificate Revocation in Dell EMC Cloud Mobility for Cloud Storage Devices Dell EMC PV ME5 Client-side Desync Vulnerability OS Command Injection Vulnerability in Dell EMC DDOS 7.9 Dell VxRail OS Command Injection Vulnerability Dell VxRail Manager OS Command Injection Vulnerability Broken Cryptographic Algorithm Vulnerability in Dell Secure Connect Gateway (SCG) Version 5.14.00.12 Improper Authorization Vulnerability in Dell Command Intel vPro Out of Band Arbitrary Folder Deletion Vulnerability in Dell Command | Intel vPro Out of Band Insecure Operation on Windows Junction in Dell Command | Update, Dell Update, and Alienware Update Stored Cross-Site Scripting (XSS) Vulnerability in Chris Reynolds Progress Bar Plugin <= 2.2.1 Critical SQL Injection Vulnerability in SourceCodester Online DJ Management System 1.0 (VDB-227646) OceanWP Path Traversal Vulnerability Allows PHP Local File Inclusion Stored Cross-Site Scripting (XSS) Vulnerability in Andrew @ Geeenville Web Design Easy Sign Up Plugin <= 3.4.1 Pixelgrade Comments Ratings Plugin <= 1.1.7 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Arconix Shortcodes Plugin <= 2.1.7 - Stored XSS Vulnerability CSRF Vulnerability in Pixelgrade Comments Ratings Plugin CSRF Vulnerability in HM Plugin WordPress Books Gallery Plugin CSRF Vulnerability in miniOrange WordPress Social Login and Register Plugin Stored Cross-Site Scripting (XSS) via Unrestricted Upload of SVG and HTML Files in Awsm Innovations Embed Any Document Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress Plugin <= 3.9.4 Stored Cross-Site Scripting (XSS) Vulnerability in Denis WPJAM Basic Plugin <= 6.2.1 Critical SQL Injection Vulnerability in SourceCodester Online DJ Management System 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in miniOrange WordPress Social Login and Register Plugin CSRF Vulnerability in A2 Optimized WP Plugin <= 3.0.4 CSRF Vulnerability in User Meta Manager Plugin <= 3.4.9 CSRF Vulnerability in Manoj Thulasidas Theme Tweaker Plugin CSRF Vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash Plugin Cross-Site Scripting (XSS) Vulnerability in George Gecewicz Portfolio Slideshow Plugin <= 1.13.0 Esstat17 Page Loading Effects Plugin XSS Vulnerability CSRF Vulnerability in Premmerce Plugin <= 1.3.17 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online DJ Management System 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) Plugin <= 2.3.13 CSRF Vulnerability in David Gwyer Admin Log Plugin <= 1.50 Stored Cross-Site Scripting (XSS) Vulnerability in Winwar Media WP eBay Product Feeds Plugin <= 3.3.1 Stored Cross-Site Scripting (XSS) Vulnerability in Winwar Media WP Email Capture Plugin <= 3.9.3 CSRF Vulnerability in Winwar Media WP Email Capture Plugin Formilla Live Chat by Formilla Plugin <= 1.3 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Winwar Media WP Flipclock Plugin <= 1.7.4 Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227649) Excessive Authentication Attempts Vulnerability in Brainstorm Force Spectra: Functionality Bypass CSRF Vulnerability in HasTheme WishSuite Plugin <= 1.3.3 Stored XSS Vulnerability in Joel James Disqus Conditional Load Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Joel James Lazy Social Comments Plugin <= 2.0.4 Stored XSS Vulnerability in Userlike – WordPress Live Chat Plugin Code Injection Vulnerability in Brainstorm Force Spectra (Spectra: n/a - 2.3.0) Unauthenticated SQL Injection Vulnerability in MainWP Broken Links Checker Extension Plugin Content Spoofing and Phishing Vulnerability in Brainstorm Force Spectra Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227650) LDAP Injection Vulnerability in 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' Extension Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227651) CSRF Vulnerability in Joomla! Post-Installation Message Handling Vulnerability: Unauthorized Access to com_actionlogs in Joomla! 4.0.0 through 4.2.4 Improper Access Check Vulnerability in Joomla! 4.0.0 through 4.2.7 SQL Injection Vulnerability in Visforms Base Package for Joomla 3 Open Redirect and XSS Vulnerability in Joomla! 4.2.0 through 4.3.1 MFA Selection Screen Vulnerability: Lack of Rate Limiting Enables Brute Force Attacks on MFA Methods in Joomla! 4.2.0 - 4.3.1 Cross-site Scripting (XSS) Vulnerability in advcomsys.com oneVote Component for Joomla SQL Injection Vulnerability SQL Injection Vulnerability Remote Denial of Service Vulnerability in Fizz Library Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227652) GitHub Enterprise Server Path Traversal Vulnerability Allows Remote Code Execution GitHub Enterprise Server Improper Authentication Vulnerability GitHub Enterprise Server Incorrect Comparison Vulnerability GitHub Enterprise Server Authorization Bypass and Sensitive Information Disclosure Vulnerability GitHub Enterprise Server Incorrect Comparison Vulnerability Incorrect Diff Display Vulnerability in GitHub Enterprise Server Allows Commit Smuggling GitHub Enterprise Server Incorrect Comparison Vulnerability Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-XXXX) Motorola MBTS Site Controller Vulnerability: Hard-Coded Backdoor Password Motorola MBTS Base Radio: Unchangeable Hard-Coded Backdoor Password Vulnerability Firmware Update Authentication Bypass in Motorola MBTS Site Controller Lack of Firmware Authenticity Check in Motorola EBTS/MBTS Base Radio Motorola EBTS/MBTS Site Controller Debug Prompt Vulnerability CVE-2023-23775 Heartbeat Response Password Disclosure Vulnerability in FortiAnalyzer OS Command Injection Vulnerability in FortiWeb Versions 7.0.1 and Below, 6.4, and 6.3.18 and Below Relative Path Traversal Vulnerability in FortiWeb Versions 7.0.1 and Below, 6.4, 6.3, and 6.2 OS Command Injection Vulnerabilities in FortiWeb Versions 7.0.1 and below, 6.4, and 6.3.19 and below Critical Command Injection Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-12345) Stack-Based Buffer Overflow Vulnerability in Fortinet FortiWeb Stack-based Buffer Overflow in FortiWeb SAML Server Configuration Heap-based Buffer Overflow Vulnerability in Fortinet FortiWeb Fortinet FortiWeb External Format String Vulnerability Relative Path Traversal Vulnerability in Fortinet FortiWeb Stored XSS Vulnerability in DgCult Exquisite PayPal Donation Plugin <= v2.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in Christof Servit Affiliate-Toolkit Plugin <= 3.3.3 CSRF Vulnerability in Premmerce Redirect Manager Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Florin Arjocu Custom More Link Complete Plugin <= 1.4.1 Stored XSS Vulnerability in Premmerce Redirect Manager Plugin Critical Denial of Service Vulnerability in Ubiquiti EdgeRouter X (CVE-2021-227655) CSRF Vulnerability in Pods Framework Team Pods Plugin CSRF Vulnerability in HasThemes HT Menu Plugin <= 1.2.1 CSRF Vulnerability in HasThemes Swatchly Plugin <= 1.2.0 Stored Cross-Site Scripting (XSS) Vulnerability in Eightweb Interactive Read More Without Refresh Plugin <= 3.1 Stored Cross-Site Scripting (XSS) Vulnerability in Alex Moss Semalt Blocker Plugin <= 1.1.3 CSRF Vulnerability in Muneeb Form Builder Plugin <= 1.9.9.0 CSV Injection Vulnerability in Muneeb Form Builder | Create Responsive Contact Forms CSRF Vulnerability in SecondLineThemes Auto YouTube Importer Plugin Muneeb Layer Slider Plugin <= 1.1.9.7 - Stored XSS Vulnerability Stored XSS Vulnerability in Leonardo Giacone Easy Panorama Plugin <= 1.1.4 Remote Denial of Service Vulnerability in Netgear SRX5308 up to 4.3.5-3 (VDB-227658) SSRF Vulnerability in WP Shortcodes Plugin — Shortcodes Ultimate CSRF Vulnerability in HasThemes Really Simple Google Tag Manager Plugin CSRF Vulnerability in HasThemes HT Easy GA4 Plugin CSRF Vulnerability in HasThemes JustTables Plugin <= 1.4.9 CSRF Vulnerability in HasThemes HT Feed Plugin Stored XSS Vulnerability in Davinder Singh Custom Settings Plugin <= 1.0 Qumos MojoPlug Slide Panel Plugin <= 1.1.2 - Authenticated Stored XSS Vulnerability Stored XSS Vulnerability in Sergey Panasenko Sponsors Carousel Plugin <= 4.02 Stored XSS Vulnerability in Moris Dov Stock Market Charts Plugin Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Stored XSS Vulnerability in SnapOrbital Panorama Plugin <= 1.5 Stored Cross-Site Scripting (XSS) Vulnerability in Neil Gee Smoothscroller Plugin <= 1.0.0 Stored XSS Vulnerability in Joost de Valk Enhanced WP Contact Form Plugin CSRF Vulnerability in Joseph C Dolson My Calendar Plugin <= 3.4.3 Stored Cross-Site Scripting (XSS) Vulnerability in Alan Jackson Multi-column Tag Map Plugin Critical Cross-Site Scripting (XSS) Vulnerability in Twardes Sitemap Index Plugin <= 1.2.3 Cross-Site Scripting (XSS) Vulnerability in Vera Nedvyzhenko Simple PDF Viewer Plugin Stored XSS Vulnerability in Aviplugins.Com WP Register Profile With Shortcode Plugin <= 3.5.7 Stored Cross-Site Scripting (XSS) Vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich Snippets Plugin Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Stored Cross-Site Scripting (XSS) Vulnerability in ProfilePress Membership Team ProfilePress Plugin Marcin Pietrzak Interactive Polish Map Plugin <= 1.2 - Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Ludwig Media UTM Tracker Plugin <= 1.3.1 WP-TopBar Authenticated SQL Injection (SQLi) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Arsham Mirshah Add Posts to Pages Plugin <= 1.4.1 Cross-Site Scripting (XSS) Vulnerability in Google Maps v3 Shortcode Plugin <= 1.2.1 Stored Cross-Site Scripting (XSS) Vulnerability in Swashata WP Category Post List Widget Plugin <= 2.0.3 Stored XSS Vulnerability in Pierre JEHAN Owl Carousel Plugin <= 0.5.3 Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 Unauthenticated Reflected XSS Vulnerability in ProfilePress Membership Team ProfilePress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Rating-Widget Rating-Widget: Star Review System Plugin <= 3.1.9 Cross-Site Scripting (XSS) Vulnerability in TC Ultimate WP Query Search Filter Plugin Cross-Site Scripting (XSS) Vulnerability in Steven Henty Drop Shadow Boxes Plugin XPath Injection Vulnerability in Mendix Applications SolarWinds Platform 2022.4.1 Deserialization of Untrusted Data Remote Code Execution Vulnerability Unprotected Exception Handling Vulnerability Exposing Sensitive Information Server Vulnerability: Directory Traversal and File Enumeration SolarWinds Platform Vulnerability: Unauthorized Access to Sensitive Information Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 SolarWinds Platform: Incorrect Comparison Vulnerability Sensitive Data Disclosure in SolarWinds Serv-U File Share and File Request Attribute Changes SolarWinds Network Configuration Manager Directory Traversal Vulnerability SolarWinds Platform: Arbitrary Command Execution Vulnerability SolarWinds Platform: Incorrect Comparison Vulnerability SolarWinds Platform: Incorrect Comparison Vulnerability Open5GS GTP Library Denial of Service Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Synopsys Jenkins Coverity Plugin Unauthenticated Remote Code Execution in Synopsys Jenkins Coverity Plugin Unauthenticated Cross-Site Scripting Vulnerability in Coverity Connect Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 Vulnerability: Enumeration of Credentials IDs in Synopsys Jenkins Coverity Plugin Arbitrary File Upload Vulnerability in SAP Business Planning and Consolidation Cross-Site Scripting (XSS) Vulnerability in SAP Solution Manager (System Monitoring) Version 720 Unauthenticated Link Redirection Vulnerability in AP NetWeaver Application Server for ABAP and ABAP Platform Privilege Escalation Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Insufficient URL Validation in SAP Solution Manager 720 Allows for User Redirection to Malicious Sites XSS Vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence User Interface) Unauthenticated Access and Unauthorized Operations Vulnerability in SAP NetWeaver AS for Java - Version 7.50 Insufficient Input Validation in SAP NetWeaver AS for ABAP and ABAP Platform Unauthenticated Link-Based Information Disclosure and Modification Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Unauthenticated Link Redirection Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform CSRF Vulnerability in German Mesky GMAce Plugin <= 1.5.2 Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Vertical Scroll Recent Post Plugin <= 14.0 Stored XSS Vulnerability in TreePress – Easy Family Trees & Ancestor Profiles Plugin Cross-Site Scripting (XSS) Vulnerability in Michael Aronoff Very Simple Google Maps Plugin CSRF Vulnerability in Stripe Payments For WooCommerce Plugin Allows Unauthorized Settings Change Stored Cross-Site Scripting (XSS) Vulnerability in Carlos Moreira Interactive Geo Maps Plugin <= 1.5.8 Stored Cross-Site Scripting (XSS) Vulnerability in Gautam Thapar Button Builder – Buttons X Plugin <= 0.8.6 CSRF Vulnerability in Amit Agarwal Google XML Sitemap for Mobile Plugin Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 Stored Cross-Site Scripting (XSS) Vulnerability in wpdevart Responsive Vertical Icon Menu Plugin <= 1.5.8 Webdzier Button Plugin <= 1.1.23 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Path Traversal Vulnerability in German Mesky GMAce: Improper Limitation of Directory Access Stored Cross-Site Scripting (XSS) Vulnerability in Flector BBSpoiler Plugin <= 2.01 Stored Cross-Site Scripting (XSS) Vulnerability in Metaphor Creations Ditty Plugin <= 3.0.32 Stored XSS Vulnerability in Himanshu Bing Site Verification Plugin Stored Cross-Site Scripting (XSS) Vulnerability in TMS-Plugins wpDataTables Plugin <= 2.1.49 Stored Cross-Site Scripting (XSS) Vulnerability in bkmacdaddy designs Pinterest RSS Widget Plugin Stored Cross-Site Scripting (XSS) Vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS Plugin <= 4.3.9 CSRF Vulnerability in Nicolas Zeh PHP Execution Plugin Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface ExactMetrics Plugin <= 7.14.1: Stored Cross-Site Scripting (XSS) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in GreenTreeLabs Circles Gallery Plugin <= 1.0.10 Missing Authorization vulnerability in Ultimate Addons for Beaver Builder – Lite (versions n/a through 1.5.5) Stored XSS Vulnerability in David Gwyer WP Content Filter Plugin <= 3.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in Kanban for WordPress Kanban Boards Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Fullworks Quick Contact Form Plugin <= 8.0.3.1 Rank Math SEO Path Traversal Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Fullworks Quick Paypal Payments Plugin <= 5.7.25 Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface CSRF Vulnerability in LJ Apps WP Airbnb Review Slider Plugin OceanWP Ocean Extra Plugin <= 2.1.1 Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jamie Poitra M Chart Plugin <= 1.9.4 Stored Cross-Site Scripting (XSS) Vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar Plugin Missing Authorization vulnerability in MyThemeShop URL Shortener CSRF Vulnerability in Ozette Plugins Simple Mobile URL Redirect Plugin Stored Cross-Site Scripting (XSS) Vulnerability in CreativeThemes Blocksy Companion Plugin CSRF Vulnerability in HasThemes Extensions For CF7 Plugin Allows Arbitrary Plugin Activation Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Unauthenticated Reflected XSS Vulnerability in YIKES, Inc. Easy Forms for Mailchimp Plugin (<= 6.8.8) Chain of Trust Vulnerability in SkyBridge MB-A200 and SkyBridge BASIC MB-A130 Firmware Buffer Overflow Vulnerability in Milesight UR32L v32.3.0.5 uhttpd Login Functionality Allows Remote Code Execution SAML Configuration File Upload Vulnerability Unauthenticated Remote Execution of Critical Functions in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier Arbitrary File Read Vulnerability in Milesight VPN v2.0.2 Improper Access Control Vulnerability in 3rd Generation Intel Xeon Scalable Processors Information Disclosure Vulnerability in Intel(R) Trace Analyzer and Collector Software Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 up to 4.3.5-3 Privilege Escalation via Out-of-Bounds Write in Intel(R) Trace Analyzer and Collector Software E2E Encryption Bypass Vulnerability in Chat Room Group Key Change Remote Code Execution Vulnerability in EdgeRouters and UniFi Security Gateways HSTS Failure in Serial Requests Vulnerability in curl <v7.88.0 Parallel Requests HSTS Cache Overwrite Vulnerability Unlimited Resource Allocation Vulnerability in curl <v7.88.0 Prototype Pollution Vulnerability in Rocket.Chat Server <5.2.0 Allows Remote Code Execution (RCE) and Admin Account Takeover Privilege Escalation Vulnerability in Node.js Experimental Permissions OpenSSL Error Stack Leakage Vulnerability in Node.js Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Untrusted Search Path Vulnerability in Node.js Allows for Potential Loading of ICU Data Cross-Site Scripting (XSS) Vulnerability in Moodle's ReturnURL Parameter Cross-Site Scripting (XSS) Vulnerability in Moodle Blog Search Unrestricted Access to Restricted Functionality in Moodle Arbitrary Object Unserialize and Remote Code Execution in Dompdf 2.0.1 Regular Expression Denial of Service (reDOS) Vulnerability in Switcher Client SDK XML External Entity (XXE) Vulnerability in APOC Core Plugin of Neo4j Graph Database Cross-Site Scripting (XSS) Vulnerability in Craft CMS Quick Post Widget Insecure HS256 Signature Validation in reason-jose Insecure Refresh Token Validity in vantage6 Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Vulnerability: Security Issue with Default Serialization in vantage6 Versions Prior to 4.0.0 Vulnerability: Mutable Objects in Cipher.update_into Crash Vulnerability in OpenDDS Exposed to Untrusted RTPS Network Traffic OpenSearch Anomaly Detection Plugin Unauthorized Data Access Vulnerability Vulnerability: Cookie Parsing Issue in Werkzeug Insecure Personal Message Tag Count Display in Discourse CRLF Injection Vulnerability in Undici Library Unvalidated File Content-Type Upload Vulnerability in Pimcore Cross-Site Scripting (XSS) Vulnerability in Tuleap Tracker Administration Insecure Temporary File Creation in Azure/setup-kubectl GitHub Action Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface (CVE-2021-XXXX) Missing `finalize_keccak` call in `is_valid_eth_signature` allows impersonation vulnerability in OpenZeppelin Contracts for Cairo Inconsistent Amount and Item List Vulnerability in SwagPayPal Integration Unsanitized QML Labels in Nextcloud Desktop Client Prior to 3.6.3 Allow JavaScript Injection Nextcloud Mail App Vulnerability: Internal Service and Server Scanning Cleartext Password Storage Vulnerability in Nextcloud Mail App Path Traversal Vulnerability in Git's `git apply` Command Improper Authorization Bug in Argo CD Allows Unauthorized Access to Cluster Secrets SQL Injection Vulnerability in ownCloud Android App Client-Side Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface CRLF Injection Vulnerability LDAP Attribute Enumeration Vulnerability Command Injection Vulnerability in Advanced Secure Gateway and Content Analysis Elevation of Privilege Vulnerability in Advanced Secure Gateway and Content Analysis Stored Cross-Site Scripting Vulnerability in Advanced Secure Gateway and Content Analysis Server-Side Request Forgery Vulnerability in Advanced Secure Gateway and Content Analysis Client-Side Code Execution Vulnerability Vulnerability: Unauthenticated User Can Manipulate 'next' Query Parameter in Symantec Identity Portal 14.4 Hash Leak Vulnerability in Symantec Protection Engine (prior to 9.1.0) Cross-Site Scripting (XSS) Vulnerability in Netgear SRX5308 Web Management Interface Denial-of-Service Vulnerability in Django's Accept-Language Header Parsing Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Mobile Comparison Website 1.0 Unrestricted Upload of Dangerous File Type in WooRockets Corsa Stored XSS Vulnerability in CodePeople WP Time Slots Booking Form Plugin Stored XSS Vulnerability in Smplug-in Social Like Box and Page by WpDevArt Plugin CSRF Vulnerability in a3rev Software Contact Us Page – Contact People Plugin <= 3.7.0 CSRF Vulnerability in Fullworks Quick Event Manager Plugin: Registration Actions Unrestricted Access to Functionality in Metagauss RegistrationMagic Stored Cross-Site Scripting (XSS) Vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments Plugin <= 1.6.1 Sensitive Information Exposure in SwitchWP WP Client Reports Plugin Unauthenticated Stored XSS Vulnerability in Fullworks Quick Event Manager Plugin (<= 9.7.4) Reflected Cross-Site Scripting in Icegram Engage WordPress Plugin MailOptin Popup Builder Team MailOptin Plugin <= 1.2.54.0 - Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in QuantumCloud Conversational Forms for ChatBot Plugin <= 1.1.6 Stored Cross-Site Scripting (XSS) Vulnerability in WPGear.Pro WPFrom Email Plugin <= 1.8.8 CSRF Vulnerability in wpdevart Responsive Vertical Icon Menu Plugin Allows Theme Deletion CSRF Vulnerability in Wow-Company Bubble Menu Plugin Leads to Form Deletion Unauthenticated Access to Quiz Maker in Quiz Maker Team Stored Cross-Site Scripting (XSS) Vulnerability in WPEverest User Registration Plugin <= 2.3.0 Unauthenticated Access to Joseph C Dolson My Tickets Cross-site Scripting (XSS) vulnerability in Metagauss RegistrationMagic Unfiltered User Input Vulnerability in QuBot WordPress Plugin Privilege Escalation Vulnerability in Redirection for Contact Form 7: from n/a through 2.7.0 SQL Injection vulnerability in WPdevelop / Oplugins Booking Calendar CSRF Vulnerability in AutomatorWP Plugin Allows Object Deletion CSRF Vulnerability in LionScripts IP Blocker Lite Plugin Marcel Bootsman Auto Hide Admin Bar Plugin <= 1.6.1 - Stored XSS Vulnerability Stored XSS Vulnerability in TinyMCE Custom Styles Plugin <= 1.1.2 Stored XSS Vulnerability in ProfilePress Membership Team ProfilePress Plugin CSRF Vulnerability in Dave Jesch Database Collation Fix Plugin <= 1.2.7 Stored XSS Vulnerability in VikRentCar Car Rental Management System Plugin Stored Cross-Site Scripting (XSS) Vulnerability in MonsterInsights Plugin <= 8.14.0 User Vault Data Leakage Vulnerability SQL Injection vulnerability in GamiPress gamipress allows unauthorized database access Stored XSS Vulnerability in Yannick Lefebvre Modal Dialog Plugin <= 3.5.9 Stored Cross-Site Scripting (XSS) Vulnerability in WPdevart YouTube Embed, Playlist and Popup Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Timersys WP Popups – WordPress Popup Plugin <= 2.1.4.8 Stored Cross-Site Scripting (XSS) Vulnerability in WPdevart Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 Stored Cross-Site Scripting (XSS) Vulnerability in Winwar Media Inline Tweet Sharer Plugin Cross-Site Scripting (XSS) Vulnerability in WP Terms Popup Plugin <= 2.6.0 CSRF Vulnerability in TheOnlineHero - Tom Skroza Admin Block Country Plugin CSRF Vulnerability in yonifre Maspik – Spam Blacklist Plugin <= 0.7.8 Reflected Cross-site Scripting (XSS) Vulnerability in Wpazure Themes Upfrontwp Theme <= 1.1 Stored Cross-Site Scripting Vulnerability in QuBot WordPress Plugin Heap-Based Buffer Overflow in Delta Electronics' CNCSoft-B DOPSoft Versions 1.0.0.4 and Prior Authenticated User Exploits Null Name Vulnerability to Partially Disable Reports Section Uncontrolled Search Path Element Vulnerability in Intel(R) Quartus(R) Prime Pro and Standard Edition Software for Linux Stack-based Buffer Overflow in libzebra.so.0.0.0 security_decrypt_password Functionality of Milesight UR32L v32.3.0.5 Stack-based Buffer Overflow in Milesight UR32L v32.3.0.5: Exploiting the urvpn_client http_connection_readcb Functionality Reflected Cross-Site Scripting Vulnerability in Photo Gallery Slideshow & Masonry Tiled Gallery Plugin for WordPress Snap One Wattbox WB-300-IP-3 Brute Force Login Vulnerability Vulnerability: ModSecurity File Uploads '\0' Byte Handling Issue Hardcoded SSH Credentials in Baicells Nova LTE TDD eNodeB Devices BLUFFS: Bluetooth Vulnerability Allowing Man-in-the-Middle Attacks and Key Discovery Universal Forgeries of Digital Signatures via Template Side-Channel Attack in CRYSTALS-DILITHIUM Algorithm XSS Vulnerability in MISP 2.4.167 via Event-Graph Preview Payload Cross-Site Scripting (XSS) Vulnerability in MISP 2.4.167 via app/webroot/js/action_table.js Incorrect Access Control in MISP 2.4.167's ACLComponent.php for Decaying Import Function Privilege Escalation Vulnerability in WS_FTP Server before 8.8 Open Redirect Vulnerability in Zimbra Collaboration Suite through 9.0 and 8.8.15 Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration (ZCS) 9.0 and 8.8.15 Local Privilege Escalation (LPE) Vulnerability in Zimbra Collaboration Suite through 9.0 and 8.8.15 SDP Format Type Check Vulnerability in Samsung Exynos Modem Chipsets Catastrophic Backtracking Vulnerability in HTML-StripScripts Module Stack-based Buffer Overflow in ParseColors in libXm in Common Desktop Environment 1.6 Stored Cross-Site Scripting Vulnerability in CRM and Lead Management by vcita Plugin for WordPress Arbitrary Printer Name Injection Vulnerability in Common Desktop Environment 1.6 Path Traversal Vulnerability in LightFTP 2.2 via Malformed FTP Request Host Header Injection Vulnerability in Plesk Obsidian Login Page User File Download Vulnerability in Dataiku DSS 11.2.1 Arbitrary Command Execution Vulnerability in Connectize AC21000 G6 641.139.1.1256 Weak Hashing Algorithm in Connectize AC21000 G6 641.139.1.1256: A Critical Credential Management Vulnerability CSRF Vulnerability in Connectize AC21000 G6 641.139.1.1256: Unauthorized Device Control via /man_password.htm Vulnerability: Privilege Escalation via Poor Credential Management on Connectize AC21000 G6 641.139.1.1256 Cross-Site Request Forgery Vulnerability in CRM and Lead Management by vcita Plugin for WordPress Cross Site Scripting (XSS) Vulnerability in Connectize AC21000 G6 641.139.1.1256 Admin Panel Client Side Rate Limit Bypass Vulnerability in Connectize AC21000 G6 641.139.1.1256 Unauthenticated Password Change Vulnerability in Connectize AC21000 G6 641.139.1.1256 KeePass XML Configuration File Write Access Vulnerability Unbounded String Expansion Vulnerability in pkgconf through 1.9.3 Arbitrary Directory Extraction Vulnerability in HL7 FHIR Core Libraries User Impersonation Vulnerability in Booked Scheduler 2.5.5 and LabArchives Scheduler (Sep 6, 2022 Feature Release) Critical Vulnerability in Grand Theft Auto V for PC Enables Remote Code Execution and File Modification Stored Cross-Site Scripting Vulnerability in Event Registration Calendar and Online Payments Plugins for WordPress Server-Side Request Forgery (SSRF) Vulnerability in Haven 5d15944 Stored XSS Vulnerability in NOSH 4a5cfdb: Execution of JavaScript Payload via Create User Page Insecure Modification of Conversation Attachments in Signal Desktop Insecure Attachment Handling in Signal Desktop Cross-Site Request Forgery Vulnerability in Event Registration Calendar By vcita and Online Payments Plugins for WordPress Cross-Site Scripting (XSS) Vulnerability in MISP 2.4.167 via Referer Field in authkey_add FuguHub v8.1 and Earlier Remote Code Execution Vulnerability Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 (VDB-227702) Unrestricted Password Reset Endpoint Allows Brute Force Attacks in Chamberlain myQ v5.222.0.32277 (iOS) Stored XSS Vulnerabilities in Redrock Software TutorTrac before v4.2.170210 SQL Injection Vulnerability in ChiKoi v1.0 via load_file Function Reflected Cross-Site Scripting (XSS) Vulnerability in SLIMS v9.5.2 via /customs/loan_by_class.php?reportView Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Authentication Bypass Vulnerability in H3C A210-G A210-GV100R005 Denial of Service (DoS) Vulnerability in MikroTik RouterOS v6.40.5 Bridge2 Component Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Bypassing Domain Restrictions in Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 Code Execution Backdoor in Hour of Code Python 2015 Commit 520929797b9ca43bb818b2e8f963fb2025459fa3 via Request Package Code Execution Backdoor in MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 via Request Package Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 (VDB-227705) Remote Code Execution (RCE) Vulnerability in Typecho 1.1/17.10.30 via install.php Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Critical SQL Injection Vulnerability in SourceCodester AC Repair and Services System 1.0 Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Stack Overflow Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Command Injection Vulnerability in Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Unauthenticated Modification of Data and Code Injection in Online Booking & Scheduling Calendar for WordPress by vcita Plugin Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Hard-coded Telnet Password Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Hard-coded Root Password Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Vulnerability: Unauthorized Data Modification and Denial of Service in vcita WordPress Plugin Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu via Crafted MQTT Packet Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu: Arbitrary Command Execution via Crafted MQTT Packet Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu: Exploiting MQTT Packet Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu's recvSlaveCloudCheckStatus Function Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu via slaveIpList Parameter in setUpgradeFW Function Hard-coded Telnet Password Vulnerability in TOTOLINK T8 V4.1.5cu Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu MQTT Packet Handling Command Injection Vulnerability in TOTOLINK T8 V4.1.5cu: Remote Code Execution via MQTT Packet Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Cross-Site Request Forgery Vulnerability in vcita WordPress Plugin Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Command Injection Vulnerability in TOTOLINK CA300-PoE V6.2c.884 Dromara Hutool v5.8.11 Deserialization Vulnerability in XmlUtil.readObjectFromXml Parameter Arbitrary Code Execution via Aviator Template Engine in Dromara Hutool v5.8.11 Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/FUN_000c2318 Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/initIpAddrInfo Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/formWifiBasicSet Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/add_white_node Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/FUN_0007343c Unquoted Search Path Vulnerability in ks-soft Advanced Host Monitor Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19 via /goform/fromSetWirelessRepeat Insufficiently Random Values Vulnerability in Konga 2.8.3 Login API (VDB-227715) Integer Overflow in Libelfin v0.3's load function at elf/mmap_loader.cc Allows for Denial of Service (DoS) via Crafted ELF File Reflected Cross-Site Scripting (XSS) Vulnerability in LuCI openwrt-22.03 branch git-22.361.69894-438c598 Stored Cross-Site Scripting (XSS) Vulnerability in LuCI openwrt-22.03 branch git-22.361.69894-438c598 via /system/sshkeys.js Command Injection Vulnerability in TOTOLink A7100RU V7.4cu.2313_B20191024 XML External Entity (XXE) Vulnerability in ureport v2.2.9 Allows Arbitrary Code Execution via Crafted XML File Upload Directory Traversal Vulnerability in uReport v2.2.9 Allows Arbitrary File Deletion XML External Entity (XXE) Vulnerability in urule v2.1.7 Allows Arbitrary Code Execution via Crafted XML File Upload Unrestricted Upload Vulnerability in Zhong Bang CRMEB 4.6.0 (VDB-227716) Cross-Site Scripting (XSS) Vulnerability in Online Food Ordering System v2 via signup.php Cross-Site Scripting (XSS) Vulnerability in Online Food Ordering System v2 Cross-Site Scripting (XSS) Vulnerability in Online Food Ordering System v2 via navbar.php's page parameter Cross-Site Scripting (XSS) Vulnerability in Online Food Ordering System v2 SQL Injection Vulnerability in Online Food Ordering System v2 via id parameter at view_order.php Multiple SQL Injection Vulnerabilities in Raffle Draw System v1.0 SQL Injection Vulnerability in Raffle Draw System v1.0 Critical SQL Injection Vulnerability in MLECMS 3.0 (CVE-2021-XXXX) SQL Injection Vulnerability in Raffle Draw System v1.0 SQL Injection Vulnerability in Raffle Draw System v1.0 Local File Inclusion Vulnerability in Raffle Draw System v1.0 Arbitrary Code Execution via Cross Site Scripting in SourceCodester Simple Customer Relationship Management System v1.0 Arbitrary Code Execution via SQL Injection in SourceCodester Simple Customer Relationship Management System v1.0 Remote Code Execution Vulnerability in Clash for Windows v0.20.12 via Configuration File Overwrite SQL Injection Vulnerability in Davinci v0.3.0-rc via copyDisplay Function Cross-Site Scripting (XSS) Vulnerability in Control iD RHiD 23.3.19.0 Stack Overflow Vulnerability in Tenda AX3 V16.03.12.11 via timeType function at /goform/SetSysTimeCfg Local File Inclusion Vulnerability in AgileBio Electronic Lab Notebook v4.234 SQL Injection Vulnerability in LuckyframeWEB v3.5 via dataScope Parameter at /system/UserMapper.xml Keycloak Server Vulnerability: Unauthorized Access via mTLS Authentication SQL Injection Vulnerability in LuckyframeWEB v3.5 via dataScope Parameter SQL Injection Vulnerability in LuckyframeWEB v3.5 via dataScope Parameter at /system/DeptMapper.xml Command Injection in DrayTek Vigor2960 v1.5.1.4 (Unsupported Version) Denial-of-Service Vulnerability in Rockwell Automation Armor PowerFlex Device Stored XSS Vulnerability in Formwork v1.12.1: Arbitrary Code Execution via Page Title Parameter Stored XSS Vulnerability in Inventory Management System v1's Categories Name Parameter Stored XSS Vulnerability in Inventory Management System v1's Product Name Parameter Stored XSS Vulnerability in Inventory Management System v1: Arbitrary Code Execution via Client Name Parameter Stored XSS Vulnerability in Inventory Management System v1's Brand Name Parameter Command Injection Vulnerability in TOTOlink A7100RU(V7.4cu.2313_B20191024) Command Injection Vulnerability in TOTOlink A7100RU(V7.4cu.2313_B20191024) Unrestricted Upload Vulnerability in DedeCMS 5.7.106 (VDB-227750) SQL Injection Vulnerability in Forget Heart Message Box v1.1 Server-Side Request Forgery (SSRF) Vulnerability in CData RSB Connect v22.0.8336 Arbitrary File Upload Vulnerability in Laravel-Admin v1.8.19 Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Student Information System 1.0 Cross-Site Scripting (XSS) Vulnerability in WangEditor v5 via /dist/index.js Component SQL Injection Vulnerability in Domotica Labs srl Ikon Server v2.8.6 and earlier Path Traversal Privilege Escalation Vulnerability in com.nextev.datastatistic Component of NIO EC6 Aspen SQL Injection Vulnerability in SPIP v4.1.5 and Earlier via _oups Parameter Out-of-range Pointer Offset Vulnerability in vim/vim (prior to 9.0.1499) Arbitrary Code Execution Vulnerability in GL.iNET GL-E750 Mudi Arbitrary Code Execution via File Upload in Textpattern v4.8.8 Plugin Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.13 Command Injection Vulnerability in TOTOlink A7100RU(V7.4cu.2313_B20191024) Squidex before 7.4.0 - squid.svg Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Open Networking Foundation ONOS API Documentation Dashboard Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.13 Arbitrary Code Execution via Crafted Ringtone File in Poly Trio 8800 7.2.2.1094 Improper Access Control in GitHub Repository: thorsten/phpmyfaq (prior to 3.1.13) Buffer Overflow Vulnerability in Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 Arbitrary Code Execution Vulnerability in SoftMaker FlexiPDF v3.0.3.0 Missing Lock in io_cqring_event_overflow() in Linux Kernel: A Local Privilege Escalation Vulnerability Arbitrary Code Execution Vulnerability in IrfanView v4.60 PDF.dll Plugin Memory Vulnerability in PDF-XChange Editor 9.3 Allows Code Execution via Crafted PDF File Kubelet Vulnerability: Bypassing Seccomp Profile Enforcement Arbitrary File Upload Vulnerability in Judging Management System 1.0 via edit_organizer.php Unauthenticated Command Execution Vulnerability in Axcora POS #0~gitf77ec09 Reflected Cross-Site Scripting (XSS) Vulnerability in mojoPortal v2.7.0.0 FileDialog.aspx Component Authenticated XML External Entity (XXE) Injection Vulnerability in Mojoportal v2.7 Bypassing Blocklisting Methods in urllib.parse Component of Python Stored Cross-Site Scripting Vulnerability in YARPP Plugin for WordPress (up to version 5.30.3) Command Injection Vulnerability in D-Link DIR-882 Firmware Version DIR882A1_FW130B06 Command Injection Vulnerability in D-Link DIR-816 Firmware v1.10CNB04 Stack Overflow Vulnerability in Tenda AC6 Firmware Version US_AC6V5.0re_V03.03.02.01_cn_TDC01 Stack Overflow Vulnerability in Tenda AC21 Firmware US_AC21V1.0re_V16.03.08.15_cn_TDC01 Arbitrary Command Execution Vulnerability in Tenda AC23 Firmware US_AC23V1.0re_V16.03.07.45_cn_TDC01 Vulnerability: Unauthorized Data Loss in Nested Pages WordPress Plugin Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Local File Inclusion Vulnerability in Blog-in-Blog WordPress Plugin (Versions up to 1.1.1) Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 Stack Overflow Vulnerability in D-Link N300 WI-FI Router DIR-605L v2.13B01 via /goform/formWPS Parameter Stored Cross-Site Scripting Vulnerability in Blog-in-Blog WordPress Plugin (Versions up to 1.1.1) SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0's Admin Panel Arbitrary File Download Vulnerability in rConfig v6.8.0 UJCMS v4.1.3 Cross-Site Scripting (XSS) Vulnerability in Add New Articles Function Authentication Bypass Vulnerability in UserPro WordPress Plugin (CVE-2023-2448) Stored XSS Vulnerability in USB Memory Direct Simple Custom Author Profiles Plugin Hidden Field Manipulation Vulnerability in WpDevArt Booking Calendar, Appointment Booking System Stored Cross-Site Scripting (XSS) Vulnerability in Photon WP Material Design Icons for Page Builders Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Nico Graff WP Simple Events Plugin <= 1.0 CSRF Vulnerability in Ecwid Ecommerce Shopping Cart Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Codeat Glossary Plugin <= 2.1.27 Path Traversal Vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates Cross-Site Request Forgery (CSRF) Vulnerability in UserPro WordPress Plugin CSRF Vulnerability in Simple Wp Sitemap Plugin Stored Cross-Site Scripting (XSS) Vulnerability in NsThemes Advanced Social Pixel Plugin <= 2.1.1 CSRF Vulnerability in Photon WP Material Design Icons for Page Builders Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Namaste! LMS Plugin <= 2.5.9.1 CSRF Vulnerability in WpDevArt Organization Chart Plugin Stored Cross-Site Scripting (XSS) Vulnerability in David Lingren Media Library Assistant Plugin <= 3.11 Stored XSS Vulnerability in Karishma Arora AI Contact Us Form Plugin <= 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in WPdevart Organization Chart Plugin <= 1.4.4 CSRF Vulnerability in WpDevArt Booking Calendar Plugin Stored XSS Vulnerability in brandiD Social Proof (Testimonial) Slider Plugin <= 2.2.3 Stored Cross-Site Scripting Vulnerability in UserPro WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WeSecur Security Plugin <= 1.2.1 Stored XSS Vulnerability in Spider Teams ApplyOnline Plugin <= 2.5 Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Full Width Banner Slider WP Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Sk. Abul Hasan Animated Number Counters Plugin <= 1.6 Stored XSS Vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions CSRF Vulnerability in Contact Form 7 Redirect & Thank You Page Plugin Stored XSS Vulnerability in VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 Reservation.Studio Widget Plugin <= 1.0.11 - Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in EZP Coming Soon Page Plugin <= 1.0.7.3 OceanWP Ocean Extra Plugin <= 2.1.2 - Stored Cross-Site Scripting (XSS) Vulnerability UserPro WordPress Plugin Cross-Site Request Forgery Vulnerability Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA Plugin XSS Vulnerability Stored XSS Vulnerability in Davidsword Mobile Call Now & Map Buttons Plugin <= 1.5.0 Cross-Site Scripting (XSS) Vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar Plugin WP For The Win bbPress Voting Plugin <= 2.1.11.0 - Authenticated Stored XSS Vulnerability VryaSage Marketing Performance Plugin XSS Vulnerability CSRF Vulnerability in Contact Form 7 – PayPal & Stripe Add-on Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Muneeb ur Rehman Simple PopUp Plugin <= 1.8.6 Stored Cross-Site Scripting (XSS) Vulnerability in Ecwid Ecommerce Shopping Cart Plugin Unauthenticated Reflected XSS Vulnerability in WP Responsive Tabs Plugin (<= 1.1.15) SQL Injection Vulnerability in Fluent Forms Contact Form Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Kerry Kline BNE Testimonials Plugin <= 2.0.7 Stored XSS Vulnerability in Web-Settler Image Social Feed Plugin <= 1.7.6 Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution WordPress Vertical Image Slider Plugin CSRF Vulnerability in RoboSoft Photo Gallery Plugin CSRF Vulnerability in QuantumCloud AI ChatBot Plugin Arne Franken All In One Favicon Path Traversal Vulnerability CSRF Vulnerability in tiggersWelt.Net Worthy Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider Plus Plugin <= 3.2 CSRF Vulnerability in Formidable Forms Plugin (<= 5.5.6) Stored XSS Vulnerability in GitLab CE/EE Versions 15.11 - 15.11.7 and 16.0 - 16.0.2 Unauthenticated Reflected XSS Vulnerability in Zestard Technologies Admin Side Data Storage for Contact Form 7 Plugin (<= 1.1.1) CSRF Vulnerability in WP Engine PHP Compatibility Checker Plugin Sandbox Bypass Vulnerability in Jenkins Script Security Plugin CSRF Vulnerability in Jenkins Gerrit Trigger Plugin Allows Unauthorized Rebuilding of Previous Builds Session Invalidation Vulnerability in Jenkins OpenId Connect Authentication Plugin Jenkins Kubernetes Credentials Provider Plugin Unauthorized Access Vulnerability Session Persistence Vulnerability in Jenkins Azure AD Plugin Session Invalidation Vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and Earlier Jenkins Bitbucket OAuth Plugin CSRF Vulnerability: User Account Hijacking Unrestricted Execution and Path Parsing Vulnerability in Jenkins Semantic Versioning Plugin Insecure Cipher Vulnerability in Rockwell Automation ThinManager Product XML External Entity (XXE) Vulnerability in Jenkins Semantic Versioning Plugin 1.14 and Earlier Jenkins Orka by MacStadium Plugin 1.31 and Earlier: Credential Enumeration Vulnerability Jenkins Orka by MacStadium Plugin 1.31 CSRF Vulnerability: Unauthorized Credential Capture Jenkins Orka by MacStadium Plugin 1.31 and Earlier: Missing Permission Checks Allow Unauthorized Access to HTTP Server CSRF Vulnerability in Jenkins GitHub Pull Request Builder Plugin Allows Unauthorized Credential Capture Vulnerability: Unauthorized Access to Jenkins Credentials via GitHub Pull Request Builder Plugin Credential Enumeration Vulnerability in Jenkins GitHub Pull Request Builder Plugin Jenkins JIRA Pipeline Steps Plugin CSRF Vulnerability Jenkins JIRA Pipeline Steps Plugin Vulnerability: Unauthorized URL Connection and Credential Capture Unencrypted Storage of Private Keys in Jenkins JIRA Pipeline Steps Plugin Cross Site Request Forgery Vulnerability in Rockwell Automation's FactoryTalk Vantagepoint Private Key Exposure in Jenkins JIRA Pipeline Steps Plugin XML External Entity (XXE) Vulnerability in Jenkins MSTest Plugin 1.0.0 and Earlier Unencrypted Storage of GitHub and Sonar Credentials in Jenkins Global Configuration File Vulnerability: XML External Entity (XXE) Attack in Jenkins TestComplete Support Plugin Session Persistence Vulnerability in Jenkins OpenID Plugin Open Redirect Vulnerability in Jenkins OpenID Plugin Jenkins OpenID Plugin CSRF Vulnerability: Account Hijacking via Login Manipulation Jenkins RabbitMQ Consumer Plugin CSRF Vulnerability Jenkins RabbitMQ Consumer Plugin 2.8 and Earlier: Missing Permission Check Allows Unauthorized Connection File Path Disclosure Vulnerability in Jenkins PWauth Security Realm Plugin Improper Access Control in Subscriptions Folder Path Filter in Devolutions Server 2023.1.1 and Earlier Unencrypted Password Storage in Jenkins View-Cloner Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Cisco Spark Notifier Plugin CSRF Vulnerability in Jenkins TestQuality Updater Plugin 1.3 and Earlier Allows Unauthorized URL Connections Jenkins TestQuality Updater Plugin 1.3 and Earlier: Unauthorized URL Connection Vulnerability Unencrypted Storage of TestQuality Updater Password in Jenkins Controller Configuration File File Path Disclosure Vulnerability in Jenkins visualexpert Plugin Session Invalidation Vulnerability in Jenkins Keycloak Authentication Plugin Jenkins Keycloak Authentication Plugin CSRF Vulnerability: Account Hijacking via Login Impersonation Jenkins BearyChat Plugin CSRF Vulnerability Unauthenticated Remote URL Connection Vulnerability in Jenkins BearyChat Plugin Sensitive Information Disclosure in UserPro WordPress Plugin (Versions up to 5.1.1) Privilege Escalation Vulnerability in Intel(R) GPA Software Installers Improper Certificate Validation Vulnerability in BIG-IP Edge Client Improper Input Validation in Intel Thunderbolt DCH Drivers for Windows: Potential Information Disclosure Vulnerability Stored Cross-Site Scripting Vulnerability in Buffalo Network Devices Null Pointer Reference Vulnerability in OpenHarmony Wi-Fi Subsystem Vulnerability: Broken Access Control in Advanced Authentication Critical Cross-Site Scripting Vulnerability in ArcSight Logger Prior to 7.3.0 Cross-Site Request Forgery (CSRF) Vulnerability in UserPro WordPress Plugin XML External Entity Injection in ArcSight Logger versions prior to 7.3.0 Access Control Vulnerability in Debug Functionality Allows Unauthorized Information Retrieval Denial of Service Vulnerability in OpenImageIO Project OpenImageIO v2.4.7.1 Information Disclosure Vulnerability in OpenImageIO Project OpenImageIO v2.4.7.1 Experion Server Heap Overflow Vulnerability Intel(R) Server Board BMC Firmware Information Disclosure Vulnerability Local Traffic Recording Vulnerability Session Invalidation Vulnerability in Guardian/CMC Versions Before 22.6.2 Insufficiently Random Values in Intel Agilex Software: Potential Information Disclosure Vulnerability Authentication Bypass Vulnerability in Yifan YF325 v1.0_20221108's httpd nvram.cgi Functionality UserPro Plugin for WordPress Arbitrary Shortcode Execution Vulnerability Stack Overflow Vulnerability in Controller: Decoding Server Message DoS Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Local Privilege Escalation Vulnerability SEH-based Buffer Overflow Vulnerability in COMOS Cache Validation Service Privilege Escalation Vulnerability on Citrix Virtual Apps and Desktops Windows VDA Unauthorized Log File Write Vulnerability Privilege Escalation Vulnerabilities in Citrix Workspace App Enable SYSTEM-Level Access Local User Privilege Escalation Vulnerability in Citrix Workspace app for Linux Critical Arbitrary File Read Vulnerability in Citrix ADC and Citrix Gateway Cross-Site Scripting Vulnerability in Citrix ADC and Citrix Gateway Remote Code Execution Vulnerability in Customer-Managed ShareFile Storage Zones Controller UserPro WordPress Plugin Unauthorized Password Reset Vulnerability Unauthorized Desktop Launch Vulnerability Privilege Escalation Vulnerability in Citrix Secure Access Client for Windows Remote Code Execution Vulnerability in Citrix Secure Access Client for Ubuntu Formula Injection Vulnerability in Tenable.sc Allows Arbitrary Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in Tenable.sc Tenable.sc Server Side Request Forgery (SSRF) Vulnerability Arbitrary JavaScript Code Injection through XSS in Milesight VPN v2.0.2 Arbitrary JavaScript Code Injection via Cross-Site Scripting (XSS) in Milesight VPN v2.0.2 Authentication Bypass Vulnerability in Switch Web Server Privacy Breach: Butterfly Button Plugin Exposes User Activity, Posing Risks to Domestic Privacy Stored Cross-Site Scripting Vulnerability in FiboSearch - AJAX Search for WooCommerce Plugin for WordPress Electra Central AC Unit Vulnerability: Unauthorized Firmware Loading via Adjacent Attack Critical Security Vulnerability: Hardcoded Credentials in Electra Central AC Unit Critical Security Flaw: Electra Central AC Unit Vulnerable to Easily Exploitable AP Password Electra Central AC Unit Vulnerability: Unauthorized Firmware Loading via Adjacent Attack Electra Central AC Unit Vulnerability: Unauthorized Update Server Connection Unspecified Request Vulnerability in Milesight NCR/Camera Version 71.8.0.6-r5 Unspecified Request Exposes Credentials in Milesight NCR/Camera Version 71.8.0.6-r5 Insecure File Upload Vulnerability in AgilePoint NX v8.0 SU2.2 & SU2.3 Remote Shell Code Exploitation via HTTP Command Injections in Baicells Nova LTE TDD eNodeB Devices Privilege Escalation Vulnerability in Arista EOS with Redundant Supervisor Modules Critical SQL Injection Vulnerability in SourceCodester Online DJ Management System 1.0 (VDB-227795) Denial of Service Vulnerability in EOS DHCP Relay Agent Memory Leak Vulnerability in Arista EOS SNMPd Process Arbitrary Configuration Update Vulnerability in Arista EOS with Enabled Streaming Telemetry Agent and gNMI Access Denial of Service Vulnerability in Arista CloudEOS Software Forwarding Engine Visual Console Module in Pandora FMS v767 and prior versions is vulnerable to Cross-site Scripting (XSS) leading to session hijacking and phishing attacks. Server-Side Request Forgery (SSRF) vulnerability in Pandora FMS API checker allows unauthorized access to internal files Pandora FMS Special Days Component XSS Vulnerability Arbitrary Command Execution through Unrestricted File Upload in Pandora FMS File Manager CSRF Vulnerability in Pandora FMS Version 767 and Earlier OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Exploiting vtysh_ubus toolsh_excute.constprop.1 and Ping Utility Stored Cross-Site Scripting Vulnerability in Advanced Woo Search Plugin for WordPress OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Exploiting vtysh_ubus toolsh_excute.constprop.1 and trace tool utility Unauthenticated User Session Manipulation in SAP NetWeaver AS ABAP (BSP Framework) Unauthenticated User Session Manipulation Vulnerability in SAP NetWeaver AS ABAP Privilege Escalation via Crafted ConfigureOutsideDiscovery Request in SAP Host Agent (Start Service) - Versions 7.21, 7.22 SAP S/4 HANA Map Treasury Correspondence Format Data Privilege Escalation Vulnerability SAP CRM WebClient UI - Cross-Site Scripting (XSS) Vulnerability Unauthenticated Privilege Escalation in SAP NetWeaver Application Server Java Unauthenticated Access to SAP NetWeaver AS Java for Deploy Service Sensitive Data Exposure in SAP Fiori Travel Management App Reflected Cross-Site Scripting (XSS) Vulnerability in BSP Application (CRM_BSP_FRAME) Arbitrary File Inclusion Vulnerability in PHPFusion Remote Code Execution Vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC) CVE-2023-24531 Vulnerability: Incorrect Result in ScalarMult and ScalarBaseMult Methods of P256 Curve Vulnerability: Incorrect Multiplication of Unreduced P-256 Scalars Denial of Service Vulnerability in HTTP and MIME Header Parsing Panic Vulnerability in Parsing Invalid Messages Denial of Service Vulnerability in Multipart Form Parsing Infinite Loop Vulnerability Caused by Integer Overflow in Parse Functions with Large Line Numbers Improper Handling of Backticks in Template Literals Allows Arbitrary Code Injection CSS Injection via Unexpected HTML Injection PostgreSQL Vulnerability: Arbitrary Code Execution via Schema_Element Improper Sanitization of Whitespace Characters in JavaScript Templates Unquoted search path vulnerability in Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 Improper Access Control Vulnerability in Buffalo Network Devices Denial of Service Vulnerability in Arista CloudEOS Software Forwarding Engine Improper Access Controls in Arista CloudVision Portal: Expanding Data Access Vulnerability BGP Password Logging Vulnerability in Arista MOS Vulnerability: Egress Port Packet Forwarding Issue in Arista EOS with VXLAN Configuration Stack-based Buffer Overflow in Solid Edge SE2022 and SE2023 Vulnerability: Inconsistent Application of Row Security Policies in PostgreSQL Heap-based Buffer Overflow in Solid Edge SE2022 and SE2023 Heap-Based Buffer Underflow in Solid Edge SE2022 and SE2023 Out-of-Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 Out-of-Bounds Write Vulnerability in Solid Edge SE2022 and SE2023 Uninitialized Pointer Access Vulnerability in Solid Edge SE2022 and SE2023 Uninitialized Pointer Access Vulnerability in Solid Edge SE2022 and SE2023 Uninitialized Pointer Access Vulnerability in Solid Edge SE2022 and SE2023 Memory Corruption Vulnerability in Solid Edge SE2022 and SE2023 (ZDI-CAN-19069) Out-of-Bounds Read Vulnerability in Solid Edge STL File Parsing (ZDI-CAN-19428) Stack-based Buffer Overflow in Solid Edge SE2022 and SE2023 (ZDI-CAN-19472) Dell NetWorker Version Disclosure Vulnerability: Exploiting RabbitMQ for Targeted Attacks Dell NetWorker Rabbitmq Port Vulnerability: Disallowing Replacement of CA Signed Certificates Local Privilege Escalation Vulnerability in Dell Alienware Command Center Heap Corruption Vulnerability in ChromeOS Audio Server Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Arbitrary Folder Delete Vulnerability in Dell Command | Integration Suite for System Center Arbitrary Folder Deletion Vulnerability in Dell Command | Monitor Uncontrolled Resource Consumption Vulnerability in Dell Enterprise SONiC OS Authentication Component Local Privilege Escalation Vulnerability in Dell E525w Printer Driver and Software Suite Unauthenticated Remote Code Execution Vulnerability in EMC NetWorker Client Execution Service Privilege Escalation Vulnerability in McAfee Total Protection DLL Sideloading Vulnerability in McAfee Total Protection prior to 16.0.49 Allows Privilege Escalation Uninstallation Exploit in McAfee Total Protection Prior to 16.0.51 Use After Free Vulnerability in ChromeOS Camera Denial-of-Service Vulnerability in Django Multipart Request Parser Use-After-Free Vulnerability in Solid Edge SE2022 and SE2023 (ZDI-CAN-19425) OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Arbitrary Command Execution via Network Request OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Arbitrary Command Execution via UDP Packet Buffer Overflow Vulnerability in Controller 6000 Diagnostic Web Interface Upload Feature Out-of-Bounds Write Vulnerability in Weston Embedded uC-HTTP v3.01.01 Cleartext Storage of Sensitive Information in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier Denial of Service Vulnerability in Intel(R) Optane(TM) SSD Firmware Intel Optane SSD Firmware Vulnerability: Unauthorized Access to Sensitive Information Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows Bypassing Permission Restrictions in Prompts in Google Chrome Format String Vulnerability in Gallagher Controller 6000's Diagnostic Web Interface Uncontrolled Search Path Vulnerability in Intel(R) Binary Configuration Tool Software Path Traversal Vulnerability in Intel(R) oneAPI Toolkits and Component Software (Before Version 2023.1) Allows Privilege Escalation via Local Access Undisclosed Traffic Vulnerability in SSL Profile Configuration OS Command Injection Vulnerability in Milesight UR32L v32.3.0.5 Unauthenticated Loading of Remote Resources in OX App Suite Email Printing Information Leakage in Distribution List Handling in OX App Suite ID Confusion Vulnerability in OX App Suite Allows Unauthorized Appointment Changes Bypassing File Access Checks via Crafted HTML Page in Google Chrome Extensions Bypassing Access Controls in OX App Suite: Unauthorized Reading of Contacts Cross-Site Scripting (XSS) Vulnerability in OX App Suite before frontend 7.10.6-rev24 Cross-Site Scripting (XSS) Vulnerability in OX App Suite Tumblr Portal Widget Unrestricted Data Download Vulnerability in OX App Suite Unrestricted Header Length Vulnerability in OX App Suite Lack of Two-Factor Authentication Enforcement in OX App Suite Denial of Service Vulnerability in Qt SQL ODBC Driver Plugin Length-Subtraction Integer Overflow in TLS 1.3 Server: Matrix SSL and Rambus TLS Toolkit Vulnerability Use After Free Vulnerability in Google Chrome on ChromeOS Arbitrary Code Execution Vulnerability in NOSH 4a5cfdb's Practice Logo Upload Feature Command Injection Vulnerability in PdfBook Extension for MediaWiki Remote Code Execution Vulnerability in Array Networks AG Series and vxAG Cleartext AWS Credentials Disclosure in Redpanda (CVE-2022-XXXX) Remote Code Execution Vulnerability in Prompts in Google Chrome XML Entity Expansion Attack in YamlBeans YamlReader Untrusted Deserialization Vulnerability in Esoteric YamlBeans Insufficiently Restrictive Regular Expression in isInList Function Leads to SSRF Vulnerability SSRF Vulnerability in Paranoidhttp before 0.3.0 Insecure Direct Object Reference (IDOR) Vulnerability in Faveo 5.0.1 Privilege Escalation via SIGHUP Signal in GNU Screen Omnibox Content Hiding Vulnerability in Google Chrome on Android Origin Spoofing Vulnerability in Picture-in-Picture Feature in Google Chrome SQL Injection Vulnerability in Judging Management System v1.0 via sid Parameter at /php-jms/updateview.php SQL Injection Vulnerability in Judging Management System v1.0 via sid Parameter at /php-jms/updateTxtview.php SQL Injection Vulnerability in Judging Management System v1.0 via sid Parameter at /php-jms/updateBlankTxtview.php Arbitrary File Upload Vulnerability in Food Ordering System v2.0 SQL Injection Vulnerability in Food Ordering System v2.0 via Email Parameter Cross-Site Scripting (XSS) Vulnerability in Zstore v6.6.0 via /index.php Component CORS Implementation Vulnerability in Google Chrome: Cross-Origin Data Leakage SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0's Request a Quote Function SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0: Profile Update Function SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0's Create Ticket Function Reflected Cross-Site Scripting (XSS) Vulnerability in phpIPAM v1.6 Spoofing Vulnerability in Prompts in Google Chrome Bypassing Permissions Restrictions in Prompts on Google Chrome for Android Unquoted Service Path Vulnerability in VX Search v13.8 and v14.7 Bludit CMS v.4.0.0 Local Privilege Escalation via role:admin Parameter BluditCMS v.3.14.1 Cross Site Scripting Vulnerability in Categories Friendly URL Arbitrary Code Execution Vulnerability in ProcessWire 3.0.210 via download_zip_url Parameter Denial of Service (DoS) Vulnerability in Centralite Pearl Thermostat 0x04075010 via Crafted Zigbee Message Obfuscation of Security UI in Picture-in-Picture in Google Chrome SQL Injection Vulnerability in ChurchCRM v4.5.3 and Below via EID Parameter at GetText.php SQL Injection Vulnerability in ChurchCRM v4.5.3 and Below: Event Attendance Reports Module Arbitrary Code Execution Vulnerability in ChurchCRM v4.5.3 and Below via CSV Import Stored Cross-Site Scripting (XSS) Vulnerability in Mojoportal v2.7.0.0 Company Info Settings Component Unauthenticated User Registration Bypass in Mojoportal v2.7.0.0 CSS File Disclosure Vulnerability in Mojoportal v2.7.0.0 and Below Stored Cross-Site Scripting (XSS) Vulnerability in ChurchCRM 4.5.3 and Below at /api/public/register/family Directory Traversal Vulnerability in Foswiki v2.1.7 and Below Cross-Site Scripting (XSS) Vulnerability in Add to Feedly WordPress Plugin Denial of Service Vulnerability in Paradox Security Systems IPR512 Reflected Cross-Site Scripting Vulnerability in Sendinblue WordPress Plugin with WPML Integration Arbitrary Code Execution via Crafted EPUB File Upload in readium-js v0.32.0 Cross-Site Scripting (XSS) Vulnerability in LiveAction LiveSP v21.1.2 Stored XSS Vulnerability in SAS 9.4 Admin Console User Management Module SQL Injection Vulnerability in Art Gallery Management System v1.0 via viewid Parameter SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 Inefficient Algorithmic Complexity in Dreamer CMS UserController.java (VDB-227860) SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 SQL Injection Vulnerability in Simple Customer Relationship Management System v1.0 Reflected XSS Vulnerability in PMB v7.4.6 via /admin/convert/export_z3950_new.php Arbitrary Code Execution via Image File Upload in PMB v7.4.6 Open Redirect Vulnerability in PMB v7.4.6 via /opac_css/pmb.php Component Remote Code Execution Vulnerability in PMB v7.4.6 via /sauvegarde/restaure_act.php Reflected Cross-Site Scripting (XSS) Vulnerability in PMB v7.4.6 via /admin/convert/export_z3950.php Cross-Site Request Forgery Vulnerability in Rebuild 3.2 (VDB-227866) Arbitrary Code Execution via Cross Site Scripting (XSS) in Rediker Software AdminPlus 6.1.91.00 Cross-Site Scripting (XSS) Vulnerability in Jfinal CMS v5.1 via /system/dict/list Component Cross-Site Scripting (XSS) Vulnerability in Dromara J2eeFAST up to 2.6.0 NULL Pointer Dereference in libde265 v1.0.10's mc_chroma Function at motion.cc NULL Pointer Dereference Vulnerability in libde265 v1.0.10's ff_hevc_put_hevc_epel_pixels_8_sse Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's ff_hevc_put_weighted_pred_avg_8_sse Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's put_weighted_pred_8_fallback Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's ff_hevc_put_unweighted_pred_8_sse Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's put_unweighted_pred_16_fallback Function NULL Pointer Dereference Vulnerability in libde265 v1.0.10's ff_hevc_put_weighted_pred_avg_8_sse Function Cross-Site Scripting (XSS) Vulnerability in Dromara J2eeFAST up to 2.6.0 Privilege Escalation Vulnerability in Ofcms v.1.1.4 OS Command Injection Vulnerability in D-Link DIR-867 Firmware 1.30B07 SQL Injection Vulnerability in Xen Forum for PrestaShop (Versions up to 2.13.0) Stored Cross-Site Scripting (XSS) Vulnerability in Changedetection.io Cross-Site Scripting (XSS) Vulnerability in Funadmin up to 3.2.3 (CVE-2021-227869) SQL Injection Vulnerability in Funadmin v3.2.0 via id parameter at /databases/database/list SQL Injection Vulnerability in Funadmin v3.2.0 via selectFields Parameter in \controller\auth\Auth.php SQL Injection Vulnerability in Funadmin v3.2.0 via selectFields Parameter in \member\Member.php Remote Code Execution (RCE) Vulnerability in Funadmin v3.2.0 via \controller\Addon.php SQL Injection Vulnerability in Funadmin v3.2.0 via id parameter at /databases/table/list Unauthorized User Exploits GraphQL Endpoint to Attach Malicious Runner in GitLab SQL Injection Vulnerability in Funadmin v3.2.0 via id Parameter at /databases/table/columns SQL Injection Vulnerability in Funadmin v3.2.0 via selectFields Parameter in \member\MemberLevel.php SQL Injection Vulnerability in Funadmin v3.2.0 via id Parameter at /databases/database/edit Denial of Service Vulnerability in Giorgio Tani PeaZip v9.0.0 SQL Injection Vulnerability in NotrinosERP v0.7 via OrderNumber Parameter Authenticated SQL Injection Vulnerability in JEECG-Boot v3.4.4 via Building Block Report Component OS Command Injection in GitHub Repository Appium/Appium-Desktop (Prior to v1.22.3-4) Title: Critical Command Execution Vulnerability in JHR-N916R Router Firmware (<=21.11.1.1483) Remote Code Execution Vulnerability in Vinga WR-AC1200 81.102.1.4370 and Earlier via Password Parameter Stack Overflow Vulnerability in D-Link DIR882 Router (Model DIR882A1_FW110B02) Allows for DoS and Arbitrary Code Execution Stack Overflow Vulnerability in D-Link DIR878 DIR_878_FW120B05 Router Stack Overflow Vulnerability in D-Link DIR878 DIR_878_FW120B05: Exploiting sub_48AF78 Function Elevation of Privilege Vulnerability in M-Files Client Stack Overflow Vulnerability in D-Link DIR878 DIR_878_FW120B05: Potential DoS and Code Execution Incomplete Fix for Path Traversal Vulnerability in ownCloud Android App Remote Code Execution Vulnerability in CUPS-Filters Backend Error Handler (BEH) Regular Expression Denial of Service (ReDoS) Vulnerability in Undici HTTP/1.1 Client Denial of Service (DOS) Vulnerability in PDFio Parser (Versions prior to 1.1.0) Buffer Overflow Vulnerability in NetHack 3.6.2 - 3.6.6 Buffer Clearing Vulnerability in sli_se_opaque_import_key Arbitrary JavaScript Execution Vulnerability in Misskey's `miauth` Authentication Cross Site Scripting Vulnerability in Misskey URL Preview Function SQL Injection Vulnerability in Misskey's note search API by tag (notes/search-by-tag) Arbitrary URL and Protocol Calling Vulnerability in Dompdf Unfiltered Server Environment Variable Injection in TYPO3 Vert.x-Web: Exfiltration of Class Path Resources via Wildcard Mount Point on Windows Command Injection Vulnerability in IPython.utils.terminal.set_term_title Integer Underflow and Out-of-Bounds Access Vulnerability in RIOT-OS Network Stack NULL Pointer Dereference in RIOT-OS Network Stack Leads to Denial of Service Out-of-Bounds Write and Arbitrary Code Execution Vulnerability in RIOT-OS Network Stack SQL Injection Vulnerability in Responsive CSS EDITOR WordPress Plugin Denial of Service Vulnerability in RIOT-OS Network Stack Out-of-Bounds Write Denial of Service Vulnerability in RIOT-OS Network Stack Denial of Service Vulnerability in RIOT-OS Network Stack Type Confusion Vulnerability in RIOT-OS Network Stack Quadratic Complexity Vulnerability in cmark-gfm Leading to Denial of Service NULL Pointer Dereference Vulnerability in RIOT-OS Network Stack Uninitialized Object Denial of Service Vulnerability in RIOT-OS Network Stack Password Disclosure Vulnerability in Syft v0.69.0 and v0.69.1 Insecure Access Token and Password Reset Key Generation in Onedev Apache IoTDB Incorrect Authorization Vulnerability Improper Authentication Vulnerability in Apache IoTDB Web Workbench Apache IoTDB Grafana Connector Improper Authentication Vulnerability Null Pointer Dereference Vulnerability in Hermes Runtime Use-after-free vulnerability in BigIntPrimitive addition in Hermes VM Improper Access Control in WisdomGarden Tronclass Allows Unauthorized File Access Code Injection Vulnerability in Softnext Technologies Corp.’s SPAM SQR Allows Remote Attackers to Execute Arbitrary Commands Path Traversal Vulnerability in SUNNET CTMS File Upload Function Insufficient Filtering in HGiga PowerStation Remote Management Function Allows Arbitrary Command Execution Title: HGiga PowerStation Information Leakage Vulnerability Enables Remote Code Execution Insufficient Filtering in HGiga MailSherlock Allows for Reflected XSS Attack Time-Based SQL Injection Vulnerability in Active Directory Integration Plugin for WordPress Insufficient Validation in HGiga MailSherlock Mail Query Function Allows SQL Injection Insufficient Filtering in HGiga MailSherlock Query Function Allows Remote Code Execution Insufficient Access Control in HGiga MailSherlock Allows Unauthorized Access to User Mail Content Transient Denial of Service (DoS) Vulnerability in Modem during 5G Cell Camping Hardware Protected Address Range Vulnerability in Access Control Core Library Vulnerability: Insufficient Blocking of Data Forwarding in RUGGEDCOM Devices Transient Denial of Service Vulnerability in Modem DSM Item Allocation VoLTE Call Vulnerability: Information Disclosure in Data Modem FMTP Line Parsing Vulnerability in SDP Message Leads to Information Disclosure Privilege Escalation Vulnerability in GitLab CE/EE Versions 14.1 to 16.0.2 KeyMaster Trusted Application Vulnerability: Memory Corruption during Cryptographic Key Import WLAN HOST Memory Corruption Vulnerability Secure Memory Access Vulnerability in Core during Modem Image Loading HLOS Memory Corruption Vulnerability during Key Provisioning Notify Registration WLAN HOST Memory Corruption Vulnerability in QMI WLAN Firmware Response Parsing Modem Memory Corruption Vulnerability during AS Security Exchange Configuration Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Microsoft Printer Driver Information Disclosure Vulnerability Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class IKE Extension Denial of Service Vulnerability Microsoft Defender DoS Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Windows Secure Channel DoS Vulnerability Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability in Microsoft PostScript and PCL6 Class Drivers Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer RPC Runtime RCE Vulnerability Sensitive Information Exposure in Smackcoders Export All Posts, Products, Orders, Refunds & Users Plugin Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class BlueBleed: Windows Bluetooth Service Remote Code Execution Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Reflected Cross-Site Scripting Vulnerability in Stop Spammers Security WordPress Plugin Exploiting Windows SmartScreen Security Feature Bypass Vulnerability Exposed Data: Microsoft Teams Information Disclosure Vulnerability Unsecured Data Exposure in Microsoft OneDrive for Android Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Print Nightmare: Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Stored Cross-Site Scripting Vulnerability in Stop Spammers Security WordPress Plugin iOS OneDrive Security Feature Bypass Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Edge (Chromium-based) Webview2 Spoofing Vulnerability Exposes Users to Phishing Attacks Code Execution Vulnerability in Visual Studio Code Remote Access .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable by Remote Attackers Exploiting Dynamics 365 Finance Spoofing Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability: A Critical Security Flaw Exploitable by Remote Attackers Windows SMB Service Disruption Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Fernando Briano UserAgent-Spy Plugin <= 1.3.1 Windows NTLM Information Disclosure Vulnerability Windows NFS Portmapper Information Disclosure Vulnerability Exposes Sensitive Data Windows Kernel Win32k Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Installer Privilege Escalation Vulnerability Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Microsoft Printer Driver Information Disclosure Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer RPC Runtime RCE Vulnerability Print Nightmare: Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Driver Arbitrary Command Execution Vulnerability in Emacs org-babel-execute:latex Function Windows Graphics Component Privilege Escalation Vulnerability Printer Driver Information Disclosure Vulnerability in Microsoft PostScript and PCL6 Class Windows Graphics Component Privilege Escalation Vulnerability Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Windows Kernel Win32k Elevation of Privilege Vulnerability Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) SQL Injection Vulnerability in QueryWall WordPress Plugin Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Unveiling Sensitive Data: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Unsecured Data Exposure in Microsoft OneDrive for Android Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer Print Driver Remote Code Execution Vulnerability in Microsoft PostScript and PCL6 Class Printer SQL Injection Vulnerability in All In One Redirection WordPress Plugin MacOS Elevation of Privilege Vulnerability in Microsoft OneDrive Windows Secure Channel DoS Vulnerability BootGuard Bypass Vulnerability Exploiting Microsoft Defender Security Feature Bypass Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Elevated Privilege Vulnerability in .NET Framework and Visual Studio Windows CryptoAPI Denial of Service Vulnerability: Disrupting Cryptographic Operations Windows CryptoAPI Denial of Service Vulnerability: Exploiting Weaknesses in Cryptographic Services NFS Server Denial of Service Vulnerability Unauthenticated Modification of Data Vulnerability in Go Pricing - WordPress Responsive Pricing Tables Plugin Windows PGM Denial of Service Vulnerability Windows Network File System RCE Vulnerability RPC Runtime DoS Vulnerability PGM Remote Code Execution Vulnerability in Windows Windows Bluetooth Driver Data Exposure Vulnerability Windows iSCSI Target Service Information Disclosure Vulnerability Exposes Sensitive Data Windows Backup Service Privilege Escalation Vulnerability BlueBleed: Exploiting the Windows Bluetooth Driver for Remote Code Execution BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Windows Kernel Privilege Escalation Vulnerability Unauthenticated Access and CSRF Vulnerability in Greeklish-permalink WordPress Plugin Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server SharePoint Server Remote Code Execution Vulnerability SQL Injection Vulnerability in Forget Heart Message Box v1.1 Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 18.0.0.0 - 22.0.2 IBM TS7700 Management Interface Privilege Escalation and Remote Code Execution Vulnerability IBM InfoSphere Information Systems 11.7 Host System and Environment Configuration Exposure Vulnerability Arbitrary File Upload Vulnerability in Go Pricing - WordPress Responsive Pricing Tables Plugin Directory Traversal Vulnerability in IBM InfoSphere Information Server 11.7 Local User Information Disclosure in IBM InfoSphere Information Server 11.7 Unrestricted Access Vulnerability in IBM Aspera Faspex 5.0.5 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Cross-Site Request Forgery and PHP Object Injection Vulnerability in UserPro WordPress Plugin Denial of Service Vulnerability in IBM B2B Advanced Communications and IBM Multi-Enterprise Integration Gateway HTTP Header Injection Vulnerability in IBM Spectrum Symphony 7.3 Apache InLong Out-of-bounds Read Vulnerability Uninitialized Pointer Access Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19788) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19789) Stored Cross-Site Scripting Vulnerability in Go Pricing - WordPress Responsive Pricing Tables Plugin Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19790) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19791) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19804) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19805) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19806) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19807) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19808) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19809) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19810) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19811) Authentication Bypass Vulnerability in RegistrationMagic WordPress Plugin Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19812) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19813) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19814) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19815) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19816) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19817) Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation (ZDI-CAN-19818) Apache InLong Deserialization of Untrusted Data Vulnerability Unlimited File Upload DoS Vulnerability in Apache Commons FileUpload Vulnerability: Unauthorized Destruction of Secret IDs in HashiCorp Vault's AppRole Auth Method PHP Object Injection Vulnerability in Go Pricing - WordPress Responsive Pricing Tables Plugin Cache-timing vulnerability in HashiCorp Vault's Shamir's secret sharing implementation Use-After-Free Vulnerability in Autodesk Navisworks 2023 and 2022 via Malicious SKP File Use-After-Free Vulnerability in Autodesk Products via Malicious SKP File Out-of-Bound Read/Write Vulnerability in Autodesk AutoCAD 2023 and Maya 2022 Integer Overflow Vulnerabilities in Autodesk Products Boundary Read Vulnerability in Autodesk InfraWorks DLL Parsing Use-After-Free Exploit: Code Execution via Malicious USD File Uninitialized Pointer Vulnerability in USD File Parsing Out-of-Bounds Read Vulnerability in USD File Parsing Leading to Code Execution Out-of-Bounds Write Vulnerability in USD File Parsing Uninitialized Variable Exploitation in USD File Parsing Privilege Escalation Vulnerability in PC Settings Tool Use-After-Free Vulnerability in Linux Kernel's HID-Bigbenff Driver Unauthenticated User Password Manipulation in TYPO3 femanager Extension Unauthenticated User Deletion Vulnerability in femanager Extension CSRF Vulnerability in Clockwork Web before 0.1.2 with Rails before 5.2 Information Disclosure Vulnerability in Couchbase Server Incorrect Authorization Vulnerability in RIFARTEK IOT Wall Insufficient Filtering in RIFARTEK IOT Wall Transportation Function Allows for Reflected XSS Attack Premio Chaty Plugin <= 3.0.9 Unauthenticated Reflected XSS Vulnerability Unauthenticated Stored XSS Vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in FareHarbor for WordPress Plugin <= 3.6.6 Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Watu Quiz Plugin <= 3.3.8 Saleswonder.Biz Webinar Ignition Plugin <= 2.14.2 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Icegram Collect Plugin <= 1.3.8 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in Chetan Gole WP-CopyProtect Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Chained Quiz Plugin <= 1.3.2.5 Stored XSS Vulnerability in chuyencode CC Custom Taxonomy Plugin <= 1.0.1 CSRF Vulnerability in utahta WP Social Bookmarking Light Plugin Reflected Cross-Site Scripting Vulnerability in 10Web Social Post Feed WordPress Plugin CVE-2023-25030 Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter Plugin <= 2.7.1 Stored Cross-Site Scripting (XSS) Vulnerability in Print, PDF, Email by PrintFriendly Plugin <= 5.5.1 CSRF Vulnerability in Sumo Social Share Boost Plugin CSRF Vulnerability in BoLiQuan WP Clean Up Plugin CSRF Vulnerability in akhlesh-nagar Social Media Icons Widget Plugin CSRF Vulnerability in 984.Ru For the Visually Impaired Plugin <= 0.58 Missing Authorization vulnerability in CodePeople Google Maps CP Hard-coded Credentials Vulnerability in Firmware Images Stored Cross-Site Scripting (XSS) Vulnerability in Shortcodes Ultimate Plugin <= 5.12.6 Unauthenticated Reflected XSS Vulnerability in Cththemes Monolit Theme <= 2.0.6 Stored Cross-Site Scripting (XSS) Vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers Plugin <= 2.3.0 Incorrect Authorization vulnerability in Supsystic Data Tables Generator Stored XSS Vulnerability in Sumo Social Share Boost Plugin <= 4.4 SQL Injection vulnerability in David F. Carr RSVPMaker Podlove Podcast Publisher Plugin <= 3.8.2 - Authenticated Stored XSS Vulnerability SQL Injection Vulnerability in David F. Carr RSVPMaker rsvpmaker Stored XSS Vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress Plugin <= 3.3.4 CSRF Vulnerability in Product Upload Functionality Path Traversal Vulnerability in Shortcodes Ultimate Plugin Allows Absolute Path Traversal CSRF Vulnerability in Denishua Comment Reply Notification Plugin <= 1.4 Stored XSS Vulnerability in Teplitsa Yandex.News Feed Plugin Code Injection Vulnerability in David F. Carr RSVPMaker CSRF Vulnerability in Amit Agarwal Google XML Sitemap for Videos Plugin CSRF Vulnerability in SlickRemix Feed Them Social Plugin <= 3.0.2 Unauthorized Access to Sensitive Information in Libsyn Publisher Hub CSRF Vulnerability in Brainstorm Force Schema Plugin Stored Cross-Site Scripting (XSS) Vulnerability in avalex GmbH avalex – Automatically Secure Legal Texts Plugin <= 3.0.3 Stored Cross-Site Scripting (XSS) Vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 Stored XSS Vulnerability in PINPOINT.WORLD Pinpoint Booking System Plugin <= 2.9.9.2.8 Stored XSS Vulnerability in Anadnet Quick Page/Post Redirect Plugin <= 5.2.3 Stored XSS Vulnerability in Matteo Candura WP htpasswd Plugin <= 1.7 CSRF Vulnerability in ShapedPlugin WP Tabs Plugin CSRF Vulnerability in FolioVision FV Flowplayer Video Player Plugin Improper Access Control Privilege Escalation Vulnerability in TXOne StellarOne Remote Code Execution via CleverTap Cordova Plugin Deeplinks Cleartext Transmission Vulnerability in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier Denial of Service Vulnerability in Intel(R) Arc(TM) & Iris(R) Xe Graphics Drivers Weak Credentials Vulnerability in SkyBridge MB-A100/110 Firmware Ver. 4.2.0 and Earlier: Remote Password Decryption in WebUI Improper Access Control in Intel(R) DSA Software: Potential Denial of Service Vulnerability Privilege Escalation in Command Centre Server Allows Unauthorized Access to Competencies Unquoted Search Path Vulnerability in Intel Server Configuration Utility Software Buffer Overflow Vulnerability in SNIProxy 0.6.0-2 and Master Branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba) Allows Arbitrary Code Execution Arbitrary Script Injection in EC-CUBE Authentication Key Settings Heap Overflow Vulnerability in Server or Console Station CSRF Vulnerability in PaperCutNG Mobility Print Version 1.0.3512 Information Disclosure Vulnerability in Intel(R) Distribution of OpenVINO Toolkit Software Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Specially Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Cross-Site Scripting (XSS) Vulnerability in ADM, LooksGood, and SoundsGood Apps Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_qos Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerability in set_ike_profile Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerability in set_gre Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_gre Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_gre Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in set_gre Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerability in set_l2tp Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerability in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Requests Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Integer Overflow Vulnerability in FormData API Implementation Buffer Overflow Vulnerability in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerability in set_ike_profile Function of Milesight UR32L v32.3.0.5 Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Buffer Overflow Vulnerabilities in vtysh_ubus Binary of Milesight UR32L v32.3.0.5: Arbitrary Code Execution via Crafted HTTP Request Use-After-Free Vulnerability in Linux Kernel's ext4 Filesystem Default Password Vulnerability in PowerPanel Business Software Unrestricted File Upload Vulnerability in PowerPanel Business Software Privilege Escalation Vulnerability in PowerPanel Business Software Vulnerability: Arbitrary Modification of McAfee COM Component in Windows Registry vBulletin Deserialization Remote Code Execution Vulnerability Double-Free Vulnerability in OpenSSH Server (sshd) 9.1 Allows Remote Code Execution Buffer Overflow in sprintf in glibc 2.37 with Correct Buffer Size Exposing Database Credentials in Mattermost Server Initialization Logs Out of Bounds Read Vulnerability in Parasolid and Solid Edge Critical Injection Vulnerability in Apache Sling JCR Base < 3.1.12 with Old JDK Versions Uncontrolled Search Path Element Vulnerability in Trend Micro Apex One Server Installer Allows Remote Code Execution Improper Access Control Vulnerability in Trend Micro Apex One Agent Allows Local Privilege Escalation and Arbitrary Directory Creation Privilege Escalation Vulnerability in Trend Micro Apex One Agent Scanning Function Trend Micro Apex One Agent File Replacement Vulnerability Vulnerability: Bypassing Protection in Trend Micro Apex One Agent via Crafted DLL Privilege Escalation Vulnerability in Trend Micro Apex One Privilege Escalation Vulnerability in TimescaleDB 2.8.0 - 2.9.2 Privilege Escalation Vulnerability in Mattermost Nextcloud Office App (Collabora Integration) File Access Vulnerability Denial-of-Service Vulnerability in OpenTelemetry-Go v0.38.0 Wings Server Control Plane Vulnerability: Unauthorized File and Directory Creation Unbounded File Read Vulnerability in containerd Unvalidated URL in Misskey prior to 13.5.0 allows remote code execution Integer Overflow Vulnerability in Redis Server Lack of Rate Limits in Kiwi TCMS Login Page Allows Brute-Force Attacks Vulnerability: Misuse of OGC Filter Expression Language in GeoServer SQL Injection Vulnerabilities in GeoTools JDBCDataStore Implementations Unauthenticated Access to Watermark-Free Previews in Nextcloud Server and Nextcloud Office Stored Cross-site Scripting (XSS) Vulnerability in Teampass prior to 3.0.7 Mailbox Access Vulnerability in Nextcloud Mail Missing Rate Limiting on Password Reset Functionality in Nextcloud Server and Nextcloud Enterprise Server Server-side Request Forgery (SSRF) Vulnerability in Nextcloud Server and Nextcloud Enterprise Server Argo CD Repository Access Credentials Leakage Vulnerability Sensitive values stored in process.env variable are exposed in plaintext in index.js file in TinaCMS CLI versions >= 1.0.0 && < 1.0.9 Information Disclosure via getHostByName in Helm Templates Denial of Service Vulnerability in formula Parser Regular Expression Denial of Service in Discourse Wings Server Control Plane File Deletion Vulnerability User Data Leakage in Discourse Yearly Review Plugin Cross-Site Request Forgery (CSRF) Vulnerability in Metform Elementor Contact Form Builder Plugin for WordPress PrestaShop CSRF Token Bypass Vulnerability Lack of Rate Limits in Kiwi TCMS Prior to v12.0 Allows Denial-of-Service Attacks on Password Reset Page Cross-Site Scripting (XSS) Vulnerability in Discourse Improper Supplementary Group Setup in containerd Runtime Improper Access Control in Intel Chipset Driver Software: Potential Privilege Escalation Vulnerability Information Disclosure Vulnerability in Intel(R) Server Board BMC Firmware Out-of-Bounds Read Vulnerability in OpenHarmony v3.2.4 and Prior Versions Allows Local Information Leak Stack-Based Buffer Overflow in Delta Electronics' CNCSoft-B DOPSoft Versions 1.0.0.4 and Prior Remote Code Execution Vulnerability in Controller Firmware Denial of Service Vulnerability in Intel(R) Unite(R) Android Application Reflected Cross-Site Scripting Vulnerability in Easy Forms for Mailchimp WordPress Plugin Heap-based Buffer Overflow in Weston Embedded uC-HTTP v3.01.01 HTTP Server Functionality Uncontrolled Search Path Element Vulnerability in Intel(R) Unite(R) Client Software for Mac Arbitrary Command Execution Vulnerability in Snap One OvrC Pro Versions Prior to 7.2 Weak Credentials Vulnerability in Seiko Solutions SkyBridge and SkySpider Series Privilege Escalation Vulnerability in NOKIA Airscale ASIKA Single RAN Devices Directory Path Traversal Vulnerability in Nokia Airscale ASIKA Single RAN Devices Default SSH Keys Vulnerability on NOKIA Airscale ASIKA Single RAN Devices Unauthenticated Access to Nokia Airscale ASIKA Single RAN BTS Baseband Unit via AaShell Critical SQL Injection Vulnerability in Caton CTP Relay Server 1.2.9 Password Disclosure Vulnerability in AMI MegaRAC SPX Devices through Redfish User Enumeration Vulnerability in AMI MegaRAC SPX Devices through Redfish HarfBuzz O(n^2) Growth Vulnerability in hb-ot-layout-gsubgpos.hh Apache Kafka Connect API Vulnerability: Unrestricted Deserialization and Remote Code Execution (RCE) Apache Fineract: Server-Side Request Forgery (SSRF) Vulnerability SQL Injection Vulnerability in Apache Fineract SQL Injection Vulnerability in Apache Fineract Reflected XSS Vulnerability in MT Safeline X-Ray X3310 Webserver Version NXG 19.05 Critical Command Injection Vulnerability in Caton Prime 2.1.2.51.e8d7225049(202303031001) HTML Injection Vulnerability in MT Safeline X-Ray X3310 Webserver Version NXG 19.05 Arbitrary Code Execution via Crafted Script Upload in MultiTech Conduit AP MTCAP2-L4E1 SQL Injection Vulnerability in PrestaShop ws_productreviews < 3.6.2 Critical SQL Injection Vulnerability in PrestaShop dpdfrance <6.1.3 via ajax.php Cross-Site Scripting (XSS) Vulnerability in NEXTU NEXT-7004N 3.0.1 Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 Firmware Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 Firmware Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 Firmware Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Remote Code Execution and DoS Critical Remote Command Injection Vulnerability in Chengdu VEC40G 3.0 Stack Overflow Vulnerability in Tenda AC5 US_AC5V1.0RTL_V15.03.06.28: Potential DoS and Code Execution Heap-Buffer-Overflow Vulnerability in Libde265 v1.0.10's derive_spatial_luma_vector_prediction Function Heap-based Buffer Overflow Vulnerability in GNU LibreDWG v0.12.5 SQL Injection Vulnerability in CRMEB <=1.3.4 via /api/admin/user/list Unrestricted File Upload Vulnerability in Weaver E-Office 9.5 (VDB-228014) Server-Side Request Forgery (SSRF) Vulnerability in Loonflow R2.0.14 Buffer Overflow Vulnerability in Tenda Router W30E V1.0.1.25(633) - fromRouteStatic Function Buffer Overflow Vulnerability in Tenda AC500 V2.0.1.9(1307) via Parameters entrys and mitInterface Buffer Overflow Vulnerability in Tenda AC500 V2.0.1.9(1307) via fromAddressNat Parameters Buffer Overflow Vulnerability in Tenda AC500 V2.0.1.9(1307) - formOneSsidCfgSet Function Critical Remote Code Execution Vulnerability in Control iD RHiD 23.3.19.0 Arbitrary Code Execution Vulnerability in pimCore v10.5.15 due to Improper SameSite Attribute Reflected Cross-Site Scripting (XSS) Vulnerability in bgERP v22.31 via Search Parameter Cross-Site Request Forgery Vulnerability in Easy Google Maps Plugin for WordPress (up to version 1.11.7) Local File Inclusion Vulnerability in Stimulsoft Designer (Web) 2023.1.3 Remote Code Execution in Stimulsoft Designer and Viewer Server Side Request Forgery (SSRF) vulnerability in Stimulsoft Designer (Web) 2023.1.3 allows for data exfiltration and outbound traffic Static Secret Used for Connection String Decryption in Stimulsoft Designer (Desktop) 2023.1.5 and 2023.1.4 Authentication Bypass Vulnerability in Docmosis Tornado Directory Traversal Vulnerability in Docmosis Tornado <= 2.9.4 Arbitrary Remote Code Execution (RCE) via Office Directory Setting in Docmosis Tornado Stack-based Buffer Overflow in GFI Kerio Connect 9.4.1 Patch 1 Webmail Component's 2FASetup Function SQL Injection Vulnerability in Integration for Contact Form 7 and Zoho CRM, Bigin WordPress Plugin D-Link DIR820LA1_FW105B03 Privilege Escalation via OS Command Injection Vulnerability Cross-Site Request Forgery Vulnerability in Contact Form by Supsystic Plugin for WordPress D-Link DIR820LA1_FW105B03 Privilege Escalation via OS Command Injection Stack Overflow Vulnerability in D-Link DIR-820L Router's pingV4Msg Component Heap Overflow Vulnerability in D-Link DIR-820L Router Firmware (Version 1.06B02) Stack Overflow Vulnerability in D-Link DIR-820L A1 Firmware 1.06B02 Virtualreception Digital Receptie Directory Traversal Vulnerability Unsanitized SVG Uploads in Enable SVG Uploads WordPress Plugin: XSS Vulnerability Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, leading to Privilege Escalation and Information Disclosure via GO_LANGUAGE Cookie Cross Site Scripting (XSS) Vulnerability in GRUEN eVEWA3 Community 31-53 Login Panel Orchestration Service Privilege Escalation: Remote Code Execution Vulnerability Directory Traversal Vulnerability in ATLauncher <= 3.4.26.0 Allows Arbitrary File Creation Prism Launcher <= 6.1 Directory Traversal Vulnerability PolyMC Launcher <= 1.4.3 Directory Traversal Vulnerability Directory Traversal Vulnerability in MultiMC Launcher <= 0.6.16 Directory Traversal Vulnerability in Nothub Mrpack-Install v0.16.2 XSS Vulnerability in Fetlife Rollout-UI v0.5: Arbitrary Code Execution via Crafted URL Excessive Authentication Attempts Vulnerability in AzuraCast Repository OS Injection Vulnerability in AVideo Version Before 12.4: Arbitrary Code Execution via Video Link Field XSS Vulnerability in World Wide Broadcast Network AVideo Allows Information Disclosure CSRF Vulnerability in PaperCut NG/MF Allows Unauthorized Changes and Code Execution Mybatis Plus SQL Injection Vulnerability in Versions Below 3.5.3.1 Improper Authorization Vulnerability in OTRS AG OTRS 8: Unauthorized User Tracking and Data Leakage Directory Traversal Vulnerability in Ladle Dev Server 2.5.1 and Earlier Allows Unauthorized File Access Arbitrary Code Execution Vulnerability in swig-templates and swig Arbitrary File Read Vulnerability in Swig-Templates and Swig Reflected Cross-Site Scripting (XSS) Vulnerability in ChurchCRM 4.5.3 Stored XSS Vulnerability in ChurchCRM 4.5.3: Arbitrary Script Injection via EventEditor.php Title Input Field CSV Injection Vulnerability in ChurchCRM 4.5.3: Arbitrary Code Execution via Crafted Excel File SQL Injection Vulnerability in Faveo Helpdesk 1.0-1.11.1 Privilege Escalation via Insecure Permissions in CoreDial sipXcom 21.04 Arbitrary Command Injection and Remote Code Execution in CoreDial sipXcom 21.04 Remote Code Execution Vulnerability in WebKitGTK's RenderLayer::addChild Remote Code Execution Vulnerability in WebKitGTK's WebCore::RenderLayer::renderer Remote Code Execution Vulnerability in WebKitGTK's RenderLayer::setNextSibling Remote Code Execution Vulnerability in WebKitGTK's RenderLayer::repaintBlockSelectionGaps Remote Code Execution Vulnerability in WebKitGTK's RenderLayer::updateDescendantDependentFlags HTML Injection and XSS Vulnerability in Opswat Metadefender Core Arbitrary Code Execution via Cross Site Scripting (XSS) Vulnerability in October CMS v3.2.0 with .mp3 File Type Insecure SCPI Interface in Siglent SDS 1104X-E Exposes Web Password Remote Code Execution (RCE) Vulnerability in Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS Incorrect Access Control Vulnerability in Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS Denial of Service Vulnerability in Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS BMC TLS Private Key Exposure Vulnerability Allegro Tech BigFlow <1.6 Vulnerability: Missing SSL Certificate Validation Race Condition in Videostream macOS App Updater Script Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Router MSI Repair Functionality Privilege Escalation Vulnerability in Caphyon Advanced Installer 20.0 and Below Memory Leak Vulnerability in Py_FindObjects() Function in scipy commit 8627df31ab Unrestricted File Upload Vulnerability in CleverStupidDog yf-exam 1.8.0 Authentication Bypass Vulnerability in CleverStupidDog yf-exam v 1.8.0 Vulnerability: Incorrect Access Control in Aten PE8108 2.4.232 Vulnerability: Incorrect Access Control in Aten PE8108 2.4.232 Unauthenticated Remote Information Disclosure in KNIME Business Hub CSRF Vulnerability in Aten PE8108 2.4.232 Vulnerability: Unauthenticated Access to Telnet and SNMP Credentials in Aten PE8108 2.4.232 Denial of Service (DOS) Vulnerability in Aten PE8108 2.4.232 Vulnerability: Unauthenticated Access to Event Notification Configuration in Aten PE8108 2.4.232 DLL Hijacking Vulnerability in Soft-o Free Password Manager 1.1.20 Allows Arbitrary DLL Creation and Code Execution XSS Vulnerability in Online Reviewer Management System v1.0 via course-update.php SQL Injection Vulnerability in Online Reviewer Management System v1.0 Buffer Overflow Vulnerability in libtiff 4.5.0 via tiffcrop.c:8499 Buffer Overflow Vulnerability in libtiff 4.5.0: extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215 Buffer Overflow Vulnerability in libtiff 4.5.0: extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753 Cleartext Password Exposure in vTech VCS754 Version 1.1.1.A to 1.1.1.H Arbitrary Code Execution and Privilege Escalation Vulnerability in Genomedics MilleGP5 5.9.2 Stored Cross Site Scripting (XSS) Vulnerability in Square Pig FusionInvoice 2023-1.0 Authorization Bypass Vulnerability in UPV PEIX: Unauthorized Access to User Information via pdf_curri_new.php Stored Cross Site Scripting (XSS) Vulnerability in CiviCRM 5.59.alpha1: Arbitrary Code Execution in First/Second Name Field Marcel Pol Zeno Font Resizer Plugin <= 1.7.9 - Authenticated Stored XSS Vulnerability CSRF Vulnerability in Wow-Company Button Generator Plugin Unrestricted File Upload Vulnerability in JS Help Desk Plugin CSRF Vulnerability in Inkthemescom ColorWay Theme <= 4.2.3 CSRF Vulnerability in Eric Teubert Archivist – Custom Archive Templates Plugin CSRF Vulnerability in cformsII Plugin <= 15.0.4 Feather Login Page Plugin for WordPress: Unauthorized Access and Privilege Escalation Vulnerability CSRF Vulnerability in GiveWP Donation Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WPChill CPO Content Types Plugin <= 1.1.0 Stored XSS Vulnerability in CMS Press Plugin <= 0.2.3 Unauthenticated Reflected XSS Vulnerability in Ian Sadovy WordPress Tables Plugin (<= 1.3.9) Stored Cross-Site Scripting (XSS) Vulnerability in Klaviyo Plugin <= 3.0.7 Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider Stored XSS Vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa Plugin <= 2.0.3 Stored XSS Vulnerability in Postsnippets Post Snippets Plugin <= 4.0.2 Authentication Bypass Vulnerability in WP User Switch Plugin CodeSolz Easy Ad Manager Plugin <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in namithjawahar Wp-Insert Plugin <= 2.5.0 Stored Cross-Site Scripting (XSS) Vulnerability in WP htaccess Control Plugin <= 3.5.1 CSRF Vulnerability in Gopi Ramasamy WP Tell a Friend Popup Form Plugin <= 7.1 Stored XSS Vulnerability in StreamWeasels Twitch Player Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Gopi Ramasamy WP Tell a Friend Popup Form Plugin <= 7.1 Unauthenticated Reflected XSS Vulnerability in Mahlamusa Who Hit The Page – Hit Counter Plugin (<= 1.4.14.3) CSRF Vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus Plugin <= 1.3 CSRF Vulnerability in Reservation.Studio Widget Plugin Vulnerability: Unauthorized Data Loss in Feather Login Page Plugin for WordPress CSRF Vulnerability in Anton Skorobogatov Rus-To-Lat Plugin <= 0.3 Unauthenticated Reflected XSS Vulnerability in Webcodin WCP OpenWeather Plugin <= 2.5.0 CSRF Vulnerability in Podlove Podcast Publisher Plugin CSRF Vulnerability in Miro Mannino Flickr Justified Gallery Plugin <= 3.5 CSRF Vulnerability in Csaba Kissi About Me 3000 Widget Plugin CSRF Vulnerability in Smart YouTube PRO Plugin <= 4.3 Unauthenticated Reflected XSS Vulnerability in Ezoic AmpedSense – AdSense Split Tester Plugin (<= 4.68) Stored Cross-Site Scripting (XSS) Vulnerability in Yotuwp Video Gallery Plugin <= 1.3.12 CSRF Vulnerability in Jason Rouet Weather Station Plugin Podlove Subscribe Button Plugin <= 1.3.7 - Authenticated Stored XSS Vulnerability Insecure Direct Object References in RegistrationMagic WordPress Plugin: User-Controlled Access Exploitation CSRF Vulnerability in BoldGrid Post and Page Builder Plugin CSRF Vulnerability in Podlove Subscribe Button Plugin <= 1.3.7 CSRF Vulnerability in Mike Martel WP Tiles Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Easy Coming Soon Plugin <= 2.3 Stored XSS Vulnerability in Simple Yearly Archive Plugin <= 2.1.8 Stored Cross-Site Scripting (XSS) Vulnerability in Bernhard Kux JSON Content Importer Plugin <= 1.3.15 CSRF Vulnerability in Pixelgrade PixTypes Plugin <= 1.4.14 Stored Cross-Site Scripting (XSS) Vulnerability in Duc Bui Quang WP Default Feature Image Plugin <= 1.0.1.1 CSRF Vulnerability in Jeff Sherk Update Theme and Plugins from Zip File Plugin Vulnerability Title: Cross-Site Request Forgery in Feather Login Page WordPress Plugin (Versions 1.0.7 - 1.1.1) Stored XSS Vulnerability in Eric Teubert Archivist – Custom Archive Templates Plugin (<= 1.7.4) Title: Critical Stored XSS Vulnerability in Samuel Marshall JCH Optimize Plugin <= 3.2.2 Format String Injection Vulnerability in XCC Web User Interface API Local Privilege Escalation Vulnerability in BIOS Update Tool Driver Local Privilege Escalation Vulnerability in BIOS of Desktop, Smart Edge, and ThinkStation Products LDAP Client Password Disclosure Vulnerability Lenovo Driver Manager Privilege Escalation Vulnerability Information Disclosure Vulnerability in Vaadin Versions 10.0.0 - 24.1.0.beta1 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.13 RPC Response Information Disclosure Vulnerability in Vaadin Server-Side Request Forgery Vulnerability in Apache Superset NVIDIA DGX-1 BMC AMI MegaRAC IPMI Handler Buffer Overflow Vulnerability Preconditioned Heap Access Beyond Buffer in NVIDIA DGX-1's AMI SBIOS Arbitrary Command Injection Vulnerability in NVIDIA DGX-1 BMC's SPX REST API Arbitrary File Upload and Download Vulnerability in NVIDIA DGX-1 BMC Critical Vulnerability in NVIDIA DGX-1 SBIOS Allows Code Execution, DoS, and Privilege Escalation Remote File Inclusion Vulnerability in unilogies/bumsys prior to 2.1.1 NULL Pointer Dereference in cuobjdump: Limited Denial of Service Vulnerability Division-by-Zero Vulnerability in NVIDIA CUDA Toolkit's cuobjdump Vulnerability in NVIDIA CUDA Toolkit: Out-of-Bounds Memory Read in cuobjdump Vulnerability in NVIDIA CUDA Toolkit: Out-of-Bounds Read in cuobjdump Vulnerability in NVIDIA CUDA Toolkit: Out-of-Bounds Read in cuobjdump Vulnerability in NVIDIA GPU Display Driver for Windows and Linux: Potential Code Execution and Data Tampering Integer Overflow Vulnerability in NVIDIA GPU Display Driver for Linux Unauthorized Resource Control Vulnerability in NVIDIA vGPU Software Vulnerability in NVIDIA Jetson CBoot Allows Arbitrary Memory Access Privilege Escalation Vulnerability in NVIDIA ConnectX Host Firmware for BlueField Data Processing Unit CSRF Vulnerability in GitHub Repository unilogies/bumsys prior to 2.1.1 Denial of Service Vulnerability in NVIDIA Jetson Linux Driver Package's nvbootctrl Unauthenticated Privilege Escalation in NVIDIA DGX A100/A800 SBIOS Improper Input Validation in NVIDIA DGX A100/A800 SBIOS Configuration NVIDIA CUDA Toolkit: Denial of Service Vulnerability in nvdisasm Binary Authentication Token Exposure in NVIDIA Omniverse Workstation Launcher Vulnerability in NVIDIA Cumulus Linux Forwarding of VxLAN-Encapsulated IPv6 Packets Vulnerability in NVIDIA Cumulus Linux: Denial of Service via Crafted Packet Injection Vulnerability in NVIDIA DGX H100 BMC Host KVM Daemon Allows Arbitrary Kernel Code Execution and Privilege Escalation NVIDIA DGX H100 BMC Web Server Plugin Stack Overflow Vulnerability Timing-based Session Token Leak in NVIDIA DGX BMC Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository unilogies/bumsys prior to 2.2.0 Vulnerability in NVIDIA DGX H100 BMC KVM Service: Improper Input Validation Critical Vulnerability in NVIDIA DGX H100 BMC IPMI: Credential Protection Insufficiency Insufficient Credential Protection in NVIDIA DGX H100 BMC IPMI Vulnerability: NVIDIA DGX H100 BMC Web UI Input Validation Vulnerability Vulnerability in NVIDIA DGX H100 BMC IPMI: Multiple Security Risks Critical Local Privilege Escalation Vulnerability in Dell SupportAssist Installer (Versions Prior to 3.13.2.19) Certificate Management Vulnerability in Dell PowerScale OneFS 9.4.0.x Out of Bounds Write Vulnerability in Dell PowerEdge 14G and Dell Precision BIOS Dell NetWorker 19.6.1.2 OS Command Injection Vulnerability Arbitrary File Path Manipulation in GitHub Repository unilogies/bumsys prior to 2.2.0 Arbitrary File Overwrite Vulnerability in Dell PowerScale OneFS 9.4.0.x Improper Installation Permissions Vulnerability in Dell Trusted Device Agent Dell Power Manager Privilege Escalation Vulnerability Dell NetWorker Apache Tomcat Version Disclosure Vulnerability Buffer Overflow Vulnerability in Intel(R) Server Board BMC Firmware Title: Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Allows Unauthorized Package Upload and Installation Title: Unauthorized Access to Device Credentials in StruxureWare Data Center Expert (V7.9.2 and prior) Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Unauthenticated Modification of Data in WPCS WordPress Currency Switcher Professional Plugin Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) via Improper Control of Code Generation Cross-Site Scripting (XSS) Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Unauthorized Access and Control Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Cross-site Scripting (XSS) Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) OS Command Injection Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) OS Command Injection Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) Vulnerability: Weak Authentication in KNX Installation Improper URL Construction in DataHub Frontend Proxy Allows Request Rerouting (GHSL-2022-076) Unsafe Deserialization in DataHub Frontend with SSO Authentication (GHSL-2022-086) Case-insensitive header name vulnerability in DataHub allows for unauthorized user impersonation (GHSL-2022-079) Vulnerability: Unauthorized Deletion of Custom Currency Switcher in WPCS WordPress Plugin DataHub: Authentication Bypass and System Compromise Vulnerability (GHSL-2022-080) Authentication Bypass Vulnerability in DataHub Authentication Bypass Vulnerability in DataHub (GHSL-2022-083) GSS-NTLMSSP Plugin Out-of-Bounds Read Denial-of-Service Vulnerability Memory Corruption Vulnerability in GSS-NTLMSSP Plugin (CVE-XXXX-XXXX) Incorrect Free in GSS-NTLMSSP Plugin Prior to 1.2.0 Allows Denial of Service Memory Leak Vulnerability in GSS-NTLMSSP Plugin Out-of-Bounds Read Vulnerability in GSS-NTLMSSP Plugin Arbitrary Memory Allocation Vulnerability in Boxo's Bitswap Server Unauthenticated User Role Assignment Vulnerability in Apollo Configuration Management System Unauthenticated Arbitrary Custom Drop-Down Currency Switcher Modification Vulnerability in WPCS WordPress Currency Switcher Professional Plugin Unauthenticated Access to Apollo Configservice and Apollo Adminservice Cross-Site Scripting (XSS) Vulnerability in Backstage Software Catalog Cross-Site Scripting (XSS) Vulnerability in react-admin's `<RichTextField>` Improper Access Control Vulnerability in Metersphere's File Download API Disclosure of Secured Resource Properties in API Platform Core Denial of Service Vulnerability in @fastify/multipart Plugin Denial of Service Vulnerability in Werkzeug's Multipart Form Data Parser Denial of Service (DoS) Vulnerability in Starlite ASGI Framework Path Traversal and Data Overwrite Vulnerability in Nextcloud Server Stored Cross-Site Scripting Vulnerability in WPCS – WordPress Currency Switcher Professional Plugin OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Exploiting VLAN Configuration Management OS Command Injection Vulnerabilities in Milesight UR32L v32.3.0.5: Exploiting VLAN Configuration Management Out-of-Bounds Read Vulnerability in Binutils' parse_module Function Uninitialized Field Vulnerability in Binutils Leads to Application Crash and Local Denial of Service Uninitialized Variable Vulnerability in Binutils' bfd_init_section_decompress_status Function Uninitialized Field in Binutils' bfd_mach_o_get_synthetic_symtab Function Leads to Application Crash and Local Denial of Service Arbitrary User Creation Vulnerability in ClearPass Policy Manager ClearPass OnGuard Linux Agent Privilege Escalation Vulnerability ClearPass Policy Manager Web Interface Information Disclosure Vulnerability ClearPass Policy Manager Web Interface Reflected XSS Vulnerability ClearPass Policy Manager Web Interface Reflected XSS Vulnerability ClearPass Policy Manager Web Interface Privilege Escalation Vulnerability ClearPass OnGuard Ubuntu Agent Local Information Disclosure Vulnerability ClearPass Policy Manager: Administrative Privilege Vulnerability Unauthenticated File Download Vulnerability in Mitel MiCollab Mitel MiVoice Connect Conferencing Component Reflected XSS Vulnerability Mitel MiVoice Connect Conferencing Component Reflected XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in jja8 NewBingGoGo up to 2023.5.5.2 (VDB-228167) InsydeH2O EFI Variable Tampering Vulnerability Improper Authentication in Apache DolphinScheduler's Python Gateway Stack-based Buffer Overflow in Fortinet FortiWeb: Unauthorized Code Execution via Crafted Command Arguments Permissive Cross-Domain Policy Vulnerability in Fortinet FortiADC and FortiDDoS Fortinet FortiGuest 1.0.0 Local Attacker Access to Plaintext Passwords in RADIUS Logs Vulnerability Improper Access Control Vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1: Unauthorized Actions via Crafted HTTP Requests Path Traversal Vulnerability in FortiAnalyzer and FortiManager Management Interface OS Command Injection Vulnerability in Fortinet Products Incomplete Filtering of Special Elements Vulnerability in FortiAP-W2, FortiAP-C, FortiAP, and FortiAP-U Server-side Request Forgery (SSRF) Vulnerability in FortiManager and FortiAnalyzer GUI Unauthenticated Modification of Galleries in Gallery Metabox Plugin for WordPress CSV Formula Injection Vulnerability in Fortinet FortiAnalyzer LDAP Injection Vulnerability in Apache Kerby LdapIdentityBackend Unauthenticated Code Injection Vulnerability in SAP NetWeaver AS ABAP (BSP Framework) SAP ABAP Input Sanitization Vulnerability SAP Business Objects Business Intelligence Platform (CMC) Code Injection Vulnerability Remote Command Execution Vulnerability in SAP Business Object (Adaptive Job Server) Denial of Service Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform Modbus TCP Denial of Service Vulnerability Unauthenticated Access Vulnerability in Gallery Metabox for WordPress Denial of Service Vulnerability in Controller due to Improper Check for Unusual or Exceptional Conditions Privilege Escalation through i18n Dictionary Manipulation in Apache Sling Cross-Site Request Forgery Vulnerability in WordPress Contact Forms by Cimatti Plugin Vulnerability: Bypassing Browser Unlock Function in Android Mobile Whale Browser App via 'Open in Whale' Feature OS Command Injection in scanservjs prior to v2.27.0 Buffer Overflow Vulnerability in ZTE Mobile Internet Products Command Injection Vulnerability in ZTE Mobile Internet Products Insufficient Validation of Web Interface Parameter in ZTE Mobile Internet Products: Denial of Service Vulnerability ZTE AndroidTV STBs Vulnerability: Unauthorized Access and Data Loss Risk CVE-2023-25646 Improper Access Control in ZTE Mobile Phones Allows Unauthorized Monitoring of Touch Events ZTE ZXCLOUD iRAI Weak Folder Permission Vulnerability Allows Privilege Escalation Command Injection Vulnerability in ZTE Mobile Internet Product Cross-Site Scripting (XSS) Vulnerability in SourceCodester Multi Language Hotel Management Software 1.0 Arbitrary File Download Vulnerability in ZXCLOUD iRAI SQL Injection Vulnerability in ZTE Mobile Internet Products Allows for Information Leak Git apply --reject Path Traversal Vulnerability Denial-of-Service (DoS) vulnerability in ECC operations in node-jose prior to version 2.2.0 Remote Code Execution (RCE) Vulnerability in baserCMS Management System File Upload Vulnerability in baserCMS Prior to Version 4.7.5 Excessive Memory Usage Vulnerability in notation-go Remote Code Execution Vulnerability in Nautobot Versions Earlier than 1.5.7 Out of Bounds Read Vulnerability in TensorFlow's GRUBlockCellGrad Stack Out-of-Bounds Read Vulnerability in TensorFlow's DynamicStitch Function Stored Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.1 Null Pointer Dereference in TensorFlow's Print Function Denial of Service Vulnerability in TensorFlow's Convolution3DTranspose Layer Integer Overflow Vulnerability in TensorFlow's EditDistance Null Pointer Dereference Vulnerability in TensorFlow Versions 2.12.0 and 2.11.1 Heap Buffer Overflow in TAvgPoolGrad in TensorFlow versions prior to 2.12.0 and 2.11.1 Null Pointer Error in TensorFlow's SparseSparseMaximum with Invalid Sparse Tensors Inputs Floating Point Exception in AudioSpectrogram: Vulnerability in TensorFlow Versions 2.12.0 and 2.11.1 Integer Overflow Vulnerability in TensorFlow Versions 2.12.0 and 2.11.1 Heap Memory Access Vulnerability in TensorFlow Versions Prior to 2.12.0 and 2.11.1 Floating Point Exception in TensorFlow's AvgPoolGrad Function SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Arbitrary SQL Query Execution Null Point Error in QuantizedMatMulWithBiasAndDequantize with MKL Enabled in TensorFlow Versions Prior to 2.12.0 and 2.11.1 Out-of-Bounds Access Vulnerability in TensorFlow 2.12.0 and 2.11.1 Vulnerability: NPE in tf.raw_ops.LookupTableImportV2 when handling scalars in the values parameter Floating Point Exception in TensorListSplit with XLA in TensorFlow versions prior to 2.12.0 and 2.11.1 Null Pointer Error in RandomShuffle with XLA Enabled in TensorFlow Versions Prior to 2.12.0 and 2.11.1 Segfault vulnerability in TensorFlow's `tf.raw_ops.Bincount` with XLA Null Pointer Dereference Vulnerability in TensorFlow's `tf.raw_ops.ParallelConcat` Reflected Cross-Site Scripting Vulnerability in Photo Gallery by Ays WordPress Plugin Insufficient Credential Protection in IBM Robotic Process Automation 21.0.1 through 21.0.5 LDAP Users on IBM Spectrum Virtualize 8.5 Can Bypass Multifactor Authentication on CIM Interface Local Information Disclosure Vulnerability in IBM Sterling B2B Integrator Information Disclosure Vulnerability in IBM PowerVM Hypervisor SQL Injection Vulnerability in IBM Security Guardium Key Lifecycle Manager Clear Text Storage of User Credentials in IBM Security Guardium Key Lifecycle Manager Information Disclosure Vulnerability in IBM Security Guardium Key Lifecycle Manager Directory Traversal Vulnerability in IBM Security Guardium Key Lifecycle Manager Directory Traversal Vulnerability in IBM Security Guardium Key Lifecycle Manager CWE-787: Out-of-Bounds Write Vulnerability in Foxboro.sys Driver HTTP Request Smuggling Vulnerability in Apache HTTP Server versions 2.4.0 through 2.4.55 Unvalidated Input vulnerability in Apache Airflow Google Provider Unvalidated Input vulnerability in Apache Airflow Google Provider Unvalidated Input Vulnerability in Apache Airflow Sqoop Provider Sensitive Information Disclosure in Apache Airflow Unvalidated Input vulnerability in Apache Airflow Hive Provider CVE-2023-25697 CSRF Vulnerability in Studio Wombat Shoppable Images Plugin OS Command Injection vulnerability in VideoWhisper Live Streaming Integration CWE-129: Improper Validation of Array Index in Foxboro.sys Driver SQL Injection Vulnerability in Themeum Tutor LMS Privilege Escalation Vulnerability in WatchTowerHQ: Improper Privilege Management Stored XSS Vulnerability in Fullworks Quick Paypal Payments Plugin Stored XSS Vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Go Prayer WP Prayer Plugin <= 1.9.6 CSRF Vulnerability in Pagup WordPress Robots.Txt Optimization Plugin CSRF Vulnerability in VikBooking Hotel Booking Engine & PMS Plugin CSRF Vulnerability in Rextheme WP VR Plugin CSRF Vulnerability in Plainware Locatoraid Store Locator Plugin Reflected Cross-Site Scripting Vulnerability in Quiz Maker WordPress Plugin Stored XSS Vulnerability in DIGITALBLUE Click to Call or Chat Buttons Plugin <= 1.4.0 Unauthenticated Reflected XSS Vulnerability in WPGlobus Translate Options Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WP-Buddy Google Analytics Opt-Out Plugin <= 2.3.4 Unauthenticated Stored XSS Vulnerability in Fullworks Quick Paypal Payments Plugin (<= 5.7.25) Missing Authorization vulnerability in GamiPress plugin Stored Cross-Site Scripting (XSS) Vulnerability in gqevu6bsiz Announce from the Dashboard Plugin <= 1.5.1 Ruckus Wireless Admin Remote Code Execution Vulnerability Executable File Tampering Vulnerability in ConnectWise Control Reflected Data and Code Injection Vulnerability in ConnectWise Control Reflected Cross-Site Scripting Vulnerability in Survey Maker WordPress Plugin (<= 3.4.7) Proxy Credential Exposure in Veracode Scan Jenkins Plugin Credential-leak vulnerability in Veracode products before 2023-03-27 HTTP Request Smuggling Vulnerability in HAProxy XSS Vulnerability in phpMyAdmin Drag-and-Drop Interface Child iframe URI leakage vulnerability in Firefox, Thunderbird, and Firefox ESR Insecure Permission Prompts for External Schemes in Firefox and Thunderbird Command Injection Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices Infinite Fullscreen Mode Vulnerability URL Query Parameter Overwrite in Firefox < 110 Out-of-Bounds Memory Write Vulnerability in XPCOM Encoding Null Pointer Dereference Vulnerability in gfx::SourceSurfaceSkia::Map() in Firefox < 110 Windows URL Shortcut Remote Path Vulnerability Use-after-free vulnerability in Cross-Compartment Wrappers in Firefox, Thunderbird, and Firefox ESR Invalid Downcast Vulnerability in Firefox < 110 Invalid Downcast Vulnerability in Firefox, Thunderbird, and Firefox ESR Printer Device Driver Validation Bypass in Firefox on Windows Use-after-free vulnerability in ScriptLoadContext Command Injection Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices Remote Path Disclosure and NTLM Credential Leakage in Firefox for Windows (Version < 110) Cross-Origin Image Size Leakage in Firefox < 110 SPKI RSA Public Key Import Vulnerability Firefox Focus Vulnerability: Fullscreen Mode Spoofing via Missing In-App Notification Critical Memory Safety Vulnerabilities in Firefox 109 and Firefox ESR 102.7 Memory Corruption Vulnerability in Firefox < 110: Potential Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Firefox ESR and Thunderbird Use-after-free vulnerability in libaudio fixed in Firefox for Android < 110.1.0 Firefox for Android Long Description Prompt Spoofing Vulnerability Unpatched Vulnerability in Firefox for Android Allows Unauthorized App Launch Stack-based Buffer Overflow Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices ServiceWorker Offline Cache Leakage in Firefox < 111 JIT Code Overwrite Vulnerability in Firefox and Thunderbird Out-of-Bounds Byte Count Vulnerability in Firefox and Thunderbird SSRF Vulnerability in Apache ShenYu 2.5.1 at /sandbox/proxyGateway Endpoint Privilege Context Switching Error in Apache Airflow Memory Buffer Overflow Vulnerability in Screen Creator Advance 2 Ver.0.1.1.4 Build01A and Earlier BIOS Firmware Vulnerability in Intel Processors Enables Privilege Escalation via Adjacent Access Privilege Escalation Vulnerability in Intel(R) Unison(TM) Software Vulnerability: Man-in-the-Middle Attack on Onekey Touch and Onekey Mini Devices TripleData Reporting Engine OS Command Injection Vulnerability Vulnerability: Unauthorized Removal of CODEOWNERS Rules and Merging to Protected Branch in GitLab Vulnerability: Unauthorized Password Modification in Tripleplay Platform Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins JUnit Plugin Jenkins Pipeline: Build Step Plugin XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Email Extension Plugin 2.93 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Email Extension Plugin Arbitrary Code Execution Vulnerability in Jenkins Email Extension Plugin Jenkins Azure Credentials Plugin: Enumeration of Credentials IDs Vulnerability Jenkins Azure Credentials Plugin CSRF Vulnerability: Unauthorized Server Connection Unauthenticated Remote Code Execution in Jenkins Azure Credentials Plugin Uncontrolled Resource Consumption in Intel Thunderbolt DCH Drivers: Potential Denial of Service Vulnerability Buffer Overflow Vulnerability in Controller Leads to Denial of Service (DoS) Improper Access Control in Intel(R) NUC BIOS Firmware: Potential Denial of Service via Local Access Denial of Service Vulnerability in Intel(R) Retail Edge Mobile Android Application Privilege Escalation Vulnerability in Intel(R) Unite(R) Hub Software Installer SoftEther VPN 5.02 Denial-of-Service Vulnerability in vpnserver ConnectionAccept() Functionality Improper Access Control in Intel Ethernet Controller RDMA Driver for Linux: Potential Privilege Escalation via Network Access Information Disclosure Vulnerability in Intel(R) Server Board BMC Firmware Improper Access Control in Intel Thunderbolt DCH Drivers for Windows: Potential Privilege Escalation via Local Access Uncontrolled Search Path Element Vulnerability in Intel Thunderbolt DCH Drivers for Windows Stored Cross-Site Scripting Vulnerability in Buy Me a Coffee WordPress Plugin Insufficient Authentication Vulnerability in Status PowerBPM Allows Unauthorized User Substitution Sebastian Krysmanski Upload File Type Settings Plugin <= 1.1 Stored XSS Vulnerability Authentication Bypass Vulnerability in Second2none Service Area Postcode Checker Plugin <= 2.0.8 Stored Cross-Site Scripting (XSS) Vulnerability in Alex Moss FireCask Like & Share Button Plugin <= 1.1.5 Stored Cross-Site Scripting (XSS) Vulnerability in Bon Plan Gratos Sticky Ad Bar Plugin Missing Authorization vulnerability in WP Post Rating Plugin allows Functionality Misuse Stored Cross-Site Scripting (XSS) Vulnerability in Thom Stark Eyes Only: User Access Shortcode Plugin <= 1.8.2 Stored Cross-Site Scripting (XSS) Vulnerability in Wbolt team WP资源下载管理 Plugin <= 1.3.9 CSRF Vulnerability in Saphali Saphali Woocommerce Lite Plugin <= 1.8.13 Stored Cross-Site Scripting (XSS) Vulnerability in Tapfiliate Plugin <= 3.0.12 Stored Cross-Site Scripting Vulnerability in InventoryPress WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WoodMart 7.0.4 and Earlier XiaoMac WP Open Social Plugin <= 5.0 Authenticated Stored XSS Vulnerability Stored XSS Vulnerability in George Pattihis Link Juice Keeper Plugin <= 2.0.2 Cross-Site Scripting (XSS) Vulnerability in Mighty Digital Nooz Plugin <= 1.6.0 Cross-Site Scripting (XSS) Vulnerability in WP-master.Ir Feed Changer & Remover Plugin <= 0.2 Stored Cross-Site Scripting (XSS) Vulnerability in Include WP BaiDu Submit Plugin <= 1.2.1 Stored XSS Vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Olevmedia Shortcodes Plugin CVE-2023-25799 Stored Cross-Site Scripting Vulnerability in AI Engine WordPress Plugin SQL Injection Vulnerability in Themeum Tutor LMS Vulnerability: Improper Parameter Validation in TensorFlow's Fractional Pooling Operations Directory Traversal Vulnerability in Roxy-WI 6.3.6.0 and earlier Directory Traversal Vulnerability in Roxy-WI (Versions prior to 6.3.5.0) Path Traversal Vulnerability in Roxy-WI (Versions prior to 6.3.5.0) Command Injection Vulnerability in versionn Software (CVE-2021-XXXX) Authentication Response Time Discrepancy in OpenSearch Security Plugin DataEase Dashboard Code Execution Vulnerability Vulnerability: Privilege Escalation in rootless runc Persistent XSS Vulnerability in Uptime Kuma Status Page (Versions prior to 1.20.0) Persistent XSS Vulnerability in Uptime Kuma Prior to 1.20.0 Minio Vulnerability: Bypass Governance Retention Allows Incorrect Deletion SQL Injection Vulnerability in Sequelize ORM (Versions prior to 6.19.1) Arbitrary File Read Vulnerability in Metersphere 2.7.0 and earlier Vulnerability: Unauthorized Localization Message Injection in Git for Windows Uncontrolled Resource Consumption in Nextcloud Versions 25.0.0 - 25.0.2 Privilege Escalation Vulnerability in Nextcloud Server Versions 24.0.0 - 24.0.9 Password Reset Token Brute Force Vulnerability in Nextcloud Server Metadata Leakage Vulnerability in Discourse Prototype Pollution XSS Vulnerability in Strikingly CMS Brute Force Password Vulnerability in Nextcloud Server and Nextcloud Enterprise Server Improper Access Control in Nextcloud Versions 24.0.4 and 25.0.0 Unstable Database and Reporting in ReportPortal Due to Exceeded ltree Field Type Indexing Limit Use of Hard-coded Credentials in Gradio's Share Links Denial of Service Vulnerability in Mod_gnutls TLS Module Cross-site Scripting Vulnerability in ZoneMinder Command Injection Vulnerability in OpenTSDB's Legacy HTTP Query API Reflected XSS Vulnerability in OpenTSDB's Legacy HTTP Query API and Logging Endpoint Authenticated Remote Code Execution (RCE) Vulnerability in Pluck CMS Albums Module Unvalidated Redirect Vulnerability in Esri Portal for ArcGIS: Facilitating Phishing Attacks Code Injection Vulnerability in jsreport/jsreport (prior to 3.11.3) Reflected XSS Vulnerability in Esri Portal for ArcGIS Versions 10.9.1, 10.8.1, and 10.7.1 Reflected XSS Vulnerability in Esri Portal for ArcGIS Versions 10.9.1, 10.8.1, and 10.7.1 Cross-Site Request Forgery Vulnerability in Esri Portal for ArcGIS Versions 11.0 and Below HTML Injection Vulnerability in Esri Portal for ArcGIS Versions 11.0 and Below Incomplete User Permission Changes in Portal for ArcGIS 10.9.1 and Below: Potential Unauthorized Content Access Stored Cross-site Scripting Vulnerability in Esri Portal for ArcGIS Enterprise Sites Cross-site Scripting Vulnerability in Esri Portal Sites (Versions 10.8.1 – 10.9) High-Privilege Cross-Site Scripting Vulnerability in Esri ArcGIS Enterprise Sites SQL Injection Vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise SQL Injection Vulnerability in Esri ArcGIS Insights Desktop 2022.1 Stored Cross-Site Scripting Vulnerability in PixelYourSite WordPress Plugin High-Privilege Cross-Site Scripting Vulnerability in ArcGIS Server 10.8.1 – 11.1 Stored Cross-site Scripting Vulnerability in Esri ArcGIS Server Versions 10.8.1 – 11.0 Information Disclosure Vulnerability in ArcGIS Enterprise Server 11.0 and Below Device Authorization Grant Vulnerability in Keycloak Arbitrary Code Execution via Improper Input Validation in Adobe Illustrator Unauthenticated Device Registration Vulnerability in Teltonika Remote Management System Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Arbitrary Code Execution via Improper Input Validation in Adobe Substance 3D Stager Out-of-Bounds Write Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Arbitrary Code Execution via Improper Input Validation in Adobe Substance 3D Stager Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Code Execution Cross-Site Scripting (XSS) Vulnerability in Teltonika Remote Management System Out-of-Bounds Write Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager Allows Memory Disclosure Arbitrary Code Execution Vulnerability in Adobe Dimension 3.4.7 and Earlier Remote Code Execution via Teltonika Remote Management System Cloud Proxy Arbitrary Code Execution Vulnerability in Adobe Dimension Versions 3.4.7 and Earlier Arbitrary Code Execution Vulnerability in Adobe Dimension 3.4.7 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Adobe Dimension Out-of-Bounds Read Vulnerability Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability GitLab EE Vulnerability: Bypassing IP Restrictions on Cloned Repositories Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Heap-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution GitHub Repository answerdev/answer Prior to Version 1.0.9: Missing Authorization Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Arbitrary Code Execution Vulnerability in Adobe Dimension 3.4.7 and Earlier Adobe Dimension Out-of-Bounds Read Vulnerability Integer Overflow or Wraparound Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution via Malicious File Adobe Dimension Out-of-Bounds Read Vulnerability Arbitrary Code Execution Vulnerability in Adobe Dimension Versions 3.4.7 and Earlier Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Arbitrary File Upload Vulnerability in HGiga OAKlouds File Uploading Function Cross-site Scripting (XSS) Vulnerability in GitHub Repository nilsteampassnet/teampass prior to 3.0.7 Remote Code Execution Vulnerability in SIMATIC PCS 7, S7-PM, and STEP 7 V5 OS Command Injection Vulnerability in Danfoss AK-EM100 Web Applications Danfoss AK-EM100 Web Report Generation Vulnerability Exposes Sensitive Information Authentication Flaw Exposes Sensitive Information: Internal IP Addresses, Usernames, and More XML Interface File Retrieval Vulnerability Arbitrary Command Execution Vulnerability SQL Injection Vulnerability in FormCraft WordPress Plugin File Upload Vulnerability in IBM Security Guardium Key Lifecycle Manager File Upload Vulnerability in IBM Security Guardium Key Lifecycle Manager Incorrect Authorization Vulnerability in IBM Security Guardium Key Lifecycle Manager Improper Authorization in IBM Security Guardium Key Lifecycle Manager Arbitrary Command Execution in IBM Security Guardium Key Lifecycle Manager XML External Entity Injection (XXE) Vulnerability in IBM Security Guardium Key Lifecycle Manager Webseald Process Crash Vulnerability in IBM Security Verify Access 10.0.0 - 10.0.5 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.1 and 11.2 Db2 Server Denial of Service Vulnerability Password Vulnerability in Medtronic's Pelvic Health Clinician Apps on Smart Programmer Device Type Confusion Vulnerability in TypedArray Allows Arbitrary Code Execution in Hermes Improper Verification of Cryptographic Signature in DELL ECS Prior to 3.8.0.2 Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Dell BIOS Vulnerability: Unauthorized UEFI Variable Modification Critical SQL Injection Vulnerability in SourceCodester Food Ordering Management System 1.0 Improper Link Resolution Vulnerability in Dell PowerScale OneFS 9.5.0.0 Elevation of Privilege Vulnerability in Dell PowerScale OneFS Versions 8.2.x-9.5.0.x Uncontrolled Resource Consumption Vulnerability in Dell PowerScale OneFS Versions 8.2.x-9.4.x Uncontrolled Search Path Vulnerability in Intel(R) VCUST Tool Software Vulnerability in Intel(R) OFU Software Allows Privilege Escalation via Local Access Qrio Lock (Q-SL2) Firmware Authentication Bypass Vulnerability Null Pointer Reference Vulnerability in OpenHarmony-v3.1.4 and Prior Versions: Exploiting DoS Attack via Malicious HAP Package Installation Server Configuration Data Exposure Vulnerability Denial of Service Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools Critical SQL Injection Vulnerability in SourceCodester Billing Management System 1.0 (VDB-228397) HTTP Request/Response Smuggling Vulnerability in HAProxy 2.7.0 and 2.6.1-2.6.7: Remote Request Alteration and Potential DoS Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi Software Denial of Service Vulnerability in Intel(R) Arc(TM) & Iris(R) Xe Graphics Drivers Drive Explorer for macOS: Code Injection Vulnerability Improper Intent Handling in KYOCERA, UTAX/TA, and Olivetti Mobile Print Apps XML External Entity (XXE) Vulnerability in National Land Numerical Information Data Conversion Tool Sensitive Information Disclosure in Error Messages Mendix SAML Authentication Bypass Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Justin Saad Simple Tooltips Plugin <= 2.1.4 Critical SQL Injection Vulnerability in SourceCodester Online Reviewer System 1.0 (CVE-2021-XXXX) SQL Injection Vulnerability in Zendrop – Global Dropshipping Unauthenticated Reflected XSS Vulnerability in Catch Themes Darcie Theme <= 1.1.5 Biplob Adhikari Accordion Plugin <= 2.3.0 - Stored XSS Vulnerability Stored XSS Vulnerability in JoomSky JS Job Manager Plugin <= 2.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in Design Extreme We’re Open! Plugin <= 1.46 Unauthorized Access to Sensitive Information in mbbhatti Upload Resume CSRF Vulnerability in PeepSo Community Plugin CSRF Vulnerability in Cozmoslabs Client Portal Plugin Buffer Overflow Vulnerability in Eclipse Openj9 Unrestricted File Upload Vulnerability in Zendrop Zendrop – Global Dropshipping FixBD Educare Plugin <= 1.4.1 - Cross-Site Request Forgery (CSRF) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in IKSWEB WordPress Старт Plugin <= 3.7 CSRF Vulnerability in Lucian Apostol Auto Affiliate Links Plugin Stored XSS Vulnerability in Psicosi448 WP2Syslog Plugin <= 1.0.5 CSRF Vulnerability in Frédéric Sheedy Etsy Shop Plugin <= 3.0.3 CSRF Vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin Plugin Stored XSS Vulnerability in 9seeds.Com CPT – Speakers Plugin <= 1.1 Stored Cross-Site Scripting (XSS) Vulnerability in Nate Reist Protected Posts Logout Button Plugin <= 1.4.5 Stored Cross-Site Scripting (XSS) Vulnerability in Video Gallery by Total-Soft Video Gallery Plugin <= 1.7.6 Linux Kernel Local Privilege Escalation via io_uring Buffer Registration Flaw CSRF Vulnerability in CAGE Web Design Plugin Stored Cross-Site Scripting (XSS) Vulnerability in ThemeKraft Post Form Plugin <= 2.8.1 Stored Cross-Site Scripting (XSS) Vulnerability in Eirudo Simple YouTube Responsive Plugin <= 2.5 CSV Injection vulnerability in WPOmnia KB Support Stored Cross-Site Scripting (XSS) Vulnerability in Rigorous & Factory Pattern Dovetail Plugin <= 1.2.13 CSRF Vulnerability in WordPress Tooltips Plugin CSRF Vulnerability in WattIsIt PayGreen Plugin CSRF Vulnerability in Aleksandar Urošević's YouTube Channel Plugin CSRF Vulnerability in Multiple Meks Plugins Allowing Popup Dismissal Active Directory Integration Plugin for WordPress: Cross-Site Request Forgery and Time-Based SQL Injection Vulnerability SQL Injection Vulnerability in Themeum Tutor LMS RegistrationMagic Plugin CSRF Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in CreativeMindsSolutions CM Answers Plugin <= 3.1.9 CSRF Vulnerability in Alex Benfica Publish to Schedule Plugin <= 4.4.2 Stored Cross-Site Scripting Vulnerability in Custom Base Terms WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ajay D'Souza Top 10 – Popular Posts Plugin for WordPress Plugin <= 3.2.4 Privilege Escalation Vulnerability in Houzez Login Register Plugin SQL Injection Vulnerability in wpbrutalai WordPress Plugin Stored XSS Vulnerability in WPMobile.App Plugin <= 11.18 Versions CSRF Vulnerability in Tim Eckel Read More Excerpt Link Plugin <= 1.6 Stored XSS Vulnerability in Denzel Chia | Phire Design Custom Login Page Plugin <= 2.0 Stored Cross-Site Scripting (XSS) Vulnerability in WPChill Strong Testimonials Plugin <= 3.0.2 CSRF Vulnerability in Tim Eckel Minify HTML Plugin <= 2.1.7 SQL Injection Vulnerability in MapPress Maps for WordPress Stored XSS Vulnerability in Tauhidul Alam Simple Portfolio Gallery Plugin <= 0.1 BlueGlass Jobs for WordPress Plugin <= 2.5.10.2 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Memory Exhaustion Vulnerability in libcap's pthread_create() Function SQL Injection Vulnerability in Crafter Studio Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Sensitive Information Exposure in Planning Analytics Cartridge for Cloud Pak for Data 4.0 Logs Insecure Network Communication Vulnerability in IBM Planning Analytics on Cloud Pak for Data 4.0 Sensitive Information Exposure in Planning Analytics Cartridge for Cloud Pak for Data 4.0 Logs Integer Overflow Vulnerability in libcap_strdup() Function Vulnerability: Privilege Escalation in Apache Hadoop Container-Executor Binary SQL Injection via Malicious JWT Token in ZoneMinder SQL Injection Vulnerability in Gentoo Soko Leads to Denial of Service SQL Injection vulnerability in ZoneMinder allows for unauthorized data access and remote code execution Unauthenticated Remote Code Execution via Missing Authorization in ZoneMinder Local File Inclusion (Untrusted Search Path) Vulnerability in ZoneMinder SQL Injection Vulnerability in ZoneMinder Local File Inclusion (Untrusted Search Path) Vulnerability in ZoneMinder OS Command Injection in ZoneMinder versions prior to 1.36.33 and 1.37.33 via daemonControl() Reflected Cross-Site Scripting Vulnerability in Team Circle Image Slider With Lightbox WordPress Plugin (Versions up to 1.0.17) Cross-Site Scripting Vulnerability in Discourse 3.1.0.beta2 - 3.1.0.beta3 Unexpired Messages Disclosure Vulnerability in Nextcloud Talk Arbitrary HTML Injection Vulnerability in Part-DB XML External Entity (XXE) Injection in GeoNode's Style Upload Functionality Allows Arbitrary File Read DoS vulnerability in ReactPHP's HTTP server component Arbitrary Code Execution via Path Traversal in NodeBB teler-waf HTML Entities Bypass Vulnerability teler-waf v0.2.0 Bypass Attack Vulnerability Jetty Multipart Request OutOfMemoryError Vulnerability Jetty Nonstandard Cookie Parsing Vulnerability Reflected Cross-Site Scripting Vulnerability in wpbrutalai WordPress Plugin Sensitive Information Exposure in Saleor GraphQL API Unauthenticated API Error Message Disclosure in Saleor Vulnerability: Collision Attack on Long IDs for PGP Keys in Gradle Dependency Verification Credentials Leakage in BuildKit when Building from Git URLs Code Injection Vulnerability in XWiki Commons User Impersonation Vulnerability in XWiki Platform XXE Vulnerability in Nokia NetAct Configuration Dashboard XXE Vulnerability in Nokia NetAct Performance Manager Stored XSS Vulnerability in Nokia NetAct Site Configuration Tool Stored Cross-Site Scripting Vulnerability in WP Brutal AI WordPress Plugin Client-side Template Injection Vulnerability in Nokia NetAct Cross-Site Scripting (XSS) Vulnerability in Nokia NetAct Nokia Web Element Manager Vulnerability: Unauthorized Administrative Access from Internal BTS Management Network Incompatible Type Vulnerability in Lexmark Devices Lexmark Devices: Out-of-bounds Write Vulnerability Lexmark Devices Integer Overflow Vulnerability Lexmark Devices Vulnerability: Improper Validation of Array Index Input Validation Vulnerability in Lexmark Devices Lexmark Devices Input Validation Vulnerability Lexmark Devices Input Validation Vulnerability Time-Based SQL Injection Vulnerability in Multiple Page Generator Plugin for WordPress Lexmark Devices Input Validation Vulnerability Observable Response Discrepancy Vulnerability in MCUBO ICT 10.12.4 Heap-based Buffer Overflow in 5G MM Message Codec: Emergency Number List Decoding Vulnerability Heap-based Buffer Overflow in 5G MM Message Codec: Insufficient Parameter Validation in Decoding Extended Emergency Number List Heap-based Buffer Overflow in 5G MM Message Codec Intra-Object Overflow in 5G MM Message Codec: Insufficient Parameter Validation in Service Area List Decoding Intra-Object Overflow in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos: Insufficient Parameter Validation in 5G SM Message Codec Insecure Permissions Vulnerability in Atera Agent on Windows Atera Agent 1.8.4.4 and Prior Privilege Escalation Vulnerability Multiple Page Generator Plugin for WordPress: Cross-Site Request Forgery and Time-Based SQL Injection Vulnerability Autofill Vulnerability in Epiphany (GNOME Web) Allows Password Exfiltration GPU Kernel Driver Memory Leak Vulnerability Improper Initialization in armv8_dec_aes_gcm_full() API Leads to Man-in-the-Middle Attack Improper Length Check in Arm NN Android-NN-Driver: Out-of-Bounds Read and Write Vulnerability Arbitrary File Deletion and Privilege Escalation Vulnerability in Malwarebytes (before 4.5.23) Authentication Bypass in European Chemicals Agency IUCLID 6.x NULL Pointer Dereference Vulnerability in vim/vim Cross-Site Scripting (XSS) Vulnerability in TYPO3 frp_form_answers Extension Server-side Template Injection in Liima before 1.17.28 HQL Injection Vulnerability in Liima before 1.17.28 Crash Vulnerability in ASQ Analysis of Crafted SIP Packets in Stormshield Network Security (SNS) Unrestricted Unauthorized Actions Vulnerability in Telindus Apsal 3.14.2022.235 b Arbitrary Code Execution Vulnerability in Telindus Apsal 3.14.2022.235 b Open Document Feature Insecure Consultation Permission in Telindus Apsal 3.14.2022.235 b Integer Overflow or Wraparound in Vim prior to 9.0.1532 Reflected XSS Vulnerability in Flowmon before 12.2.0 Flowmon Packet Investigator Path Traversal Vulnerability Prototype Pollution in rangy-core.js extend() function Regular Expression Denial of Service (ReDoS) in deno before 1.31.0 Denial of Service (DoS) Vulnerability in lite-web-server Package Prototype Pollution via the _mix function in all versions of the package utilities Prototype Pollution in dot-lens package via set() function in index.js Arbitrary Code Injection Vulnerability in sketchsvg Package Information Exposure via StreamableFile Pipe Buffer Overflow Vulnerability in node-bluetooth-serial-port Package's findSerialPortChannel Method Hidden Root-Level User with Unchangeable Password in Advantech R-SeeNet 2.4.22 Buffer Overflow Vulnerability in node-bluetooth's findSerialPortChannel Method Directory Traversal Vulnerability in @nubosoftware/node-static Vulnerability: Regular Expression Denial of Service (ReDoS) in configobj package's validate function Prototype Pollution in Collection.js before 6.8.1 via extend function in extend.js Missing Origin Validation in WebSockets Handshakes in code-server Regular Expression Denial of Service (ReDoS) vulnerability in word-wrap package Regular Expression Denial of Service (ReDoS) in angular.copy() Utility Function Angular $resource Service Regular Expression Denial of Service (ReDoS) Vulnerability Angular 1.4.9: Regular Expression Denial of Service (ReDoS) Vulnerability in <input type=url> Element Remote Code Execution (RCE) Vulnerability in net.sourceforge.htmlunit:htmlunit Versions 0 to 3.0.0 via XSTL Race Condition in Shiftfs File System Leads to Kernel Deadlock HTML Injection Vulnerability in com.xuxueli:xxl-job Prototype Pollution in safe-eval's safeEval Function Sandbox Bypass and Remote Code Execution Vulnerability in safe-eval Package Cross-site Scripting (XSS) vulnerability in raysan5/raylib before 4.5.0 when compiled for PLATFORM_WEB Improper Input Validation in github.com/gin-gonic/gin before 1.9.0 allows cache poisoning via X-Forwarded-Prefix header Directory Traversal Vulnerability in m.static Package Command Injection Vulnerability in n158 Package Command Injection Vulnerability in keep-module-latest Package Command Injection Vulnerability in bwm-ng Package CRLF Injection in yhirose/cpp-httplib before 0.12.4 Cross-site Scripting (XSS) Vulnerability in Algernon Engine and Themes Prototype Pollution in dottie package (versions before 2.0.4) via set() function and current variable in dottie.js Prototype Pollution in progressbar.js via extend() function in utils.js Command Injection in git-commit-info Package Prototype Pollution in flatnest's nest() function Prototype Pollution in tough-cookie package before 4.1.3 due to improper handling of Cookies in rejectPublicSuffixes=false mode HTTP Response Splitting Vulnerability in drogonframework/drogon CRLF Injection Vulnerability in drogonframework/drogon Package Prototype Pollution in underscore-keypath's setProperty() function via name argument DOM-based Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Cross-site Scripting (XSS) Vulnerability in @excalidraw/excalidraw Package Denial of Service (DoS) Vulnerability in sidekiq Versions before 7.1.3 HTTP Response Splitting Vulnerability in crow Package Arbitrary Argument Injection in blamer's blameByFile() API GraphQL Package Denial of Service (DoS) Vulnerability in OverlappingFieldsCanBeMergedRule.ts Command Injection Vulnerability in pydash.objects.invoke() Cross-site Scripting (XSS) Vulnerability in ithewei/libhv HTTP Response Splitting Vulnerability in ithewei/libhv CRLF Injection Vulnerability in ithewei/libhv Package Cross-site Scripting (XSS) vulnerability in quill-mention before 4.0.0 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 Improper Authentication in asyncua Package Versions Before 0.9.96 Denial of Service (DoS) Vulnerability in asyncua Package Versions before 0.9.96 Directory Traversal Vulnerability in static-server Package Command Injection Vulnerability in geokit-rails before 2.5.0 Insufficient Entropy in AES-256-CBC Key Generation Command Injection Vulnerability in node-qpdf Package Command Injection Vulnerability in chromedriver Out-of-Bounds Read Vulnerability in libredwg before 0.12.5.6384 Vulnerability: Prototype Pollution in mockjs package via Util.extend function Improper Input Validation in follow-redirects Package Allows for URL Manipulation and Redirection Cross-site Scripting (XSS) Vulnerability in pimcore/pimcore GitHub Repository Null Pointer Dereference in OpenCV wechat_qrcode Module (CVE-2021-XXXX) OpenCV wechat_qrcode Module Memory Leak Vulnerability Critical SQL Injection Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 (CVE-2021-XXXX) Webhook URL Manipulation Vulnerability in GitLab CE/EE Hard-coded Credentials Vulnerability in FortiNAC-F and FortiNAC Versions Plaintext Password Storage Vulnerability in FortiSIEM Privilege Escalation Vulnerability in FortiADC Automation Feature Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiNAC Sensitive Information Exposure via Log Files in Fortinet FortiOS and FortiProxy Excessive Authentication Attempts Vulnerability in Fortinet FortiAuthenticator 6.4.x and Earlier Excessive Authentication Attempts Vulnerability in Fortinet FortiDeceptor 3.1.x and Earlier Arbitrary File Write Vulnerability in McFeeder Server OS Command Injection in Fortinet FortiADCManager and FortiADC OS Command Injection Vulnerability in Barracuda CloudGen WAN Private Edge Gateway Devices Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO BusinessConnect UI Component TIBCO EBX Add-ons Server Component File Read Vulnerability File Upload Vulnerability in TIBCO EBX Add-ons Server Component Arbitrary SQL Execution Vulnerability in TIBCO EBX Add-ons TIBCO Nimbus Web Client Reflected XSS Vulnerability Hawk Console and Agent Log Credential Disclosure Vulnerability Unauthorized File Access via InspectSetup RPC Endpoint Stored Cross Site Scripting (XSS) Vulnerability in Spotfire Library Component Spotfire Connectors Component Vulnerability: Crafted Analyst File Exploit Stored XSS Vulnerability in TIBCO EBX and TIBCO Product and Service Catalog Information Disclosure Vulnerability in KiviCare WordPress Plugin Deserialization Vulnerability in JD-GUI 1.6.6 via UIMainWindowPreferencesProvider.singleInstance Cross-Site Scripting (XSS) Vulnerability in JD-GUI 1.6.6 via InterProcessCommunicationUtil.java Local Privilege Escalation Vulnerability in WatchGuard EPDR 8.0.21.0002 Bypassing Defensive Capabilities in WatchGuard EPDR 8.0.21.0002 via Registry Key Addition Vulnerability: Unauthorized Control of Defensive Capabilities in WatchGuard EPDR 8.0.21.0002 Weak Password Check Vulnerability in WatchGuard EPDR 8.0.21.0002 Reflected Cross-Site Scripting Vulnerability in KiviCare WordPress Plugin Integer Overflow in afu_mmio_region_get_by_offset Information Leak in Hyundai Gen5W_L In-Vehicle Infotainment System Allows Unauthorized Firmware Modification and Remote Control Vulnerability: Digital Signature Bypass in Hyundai Gen5W_L Infotainment System Vulnerability: Unauthorized Firmware Installation in Hyundai Gen5W_L In-Vehicle Infotainment System Vulnerability: Digital Signature Bypass in Hyundai Gen5W_L In-Vehicle Infotainment System Amplification and Denial of Service Vulnerability in Knot Resolver before 5.6.0 Command Injection Vulnerability in CoreTec 4 Web User Interface Gluster GlusterFS 11.0: Stack-Based Buffer Over-read in fuse-bridge.c Unauthenticated Path Traversal Vulnerability in STAGIL Navigation for Jira - Menu & Themes Plugin Unauthenticated Path Traversal Vulnerability in STAGIL Navigation for Jira - Menu & Themes Plugin Memory Leak in dlt-daemon through 2.18.8 Authentication Bypass Vulnerability in Arcserve UDP 9.0.6034 OpenThread Border Router Authentication Bypass Vulnerability Session Hijacking Vulnerability in OXID eShop 6.2.x and 6.5.x Blind XPath Injection Vulnerability in UBIKA WAAP Gateway/Cloud 6.10 Unrestricted Language File Upload Vulnerability in Sitecore XP/XM 10.3 XML External Entity (XXE) Vulnerability in Talend Data Catalog XML External Entity (XXE) Vulnerability in Talend Data Catalog Insufficient Sanitization of Path Arguments in Borg Theme for Backdrop CMS CmpLog Component Code Execution Vulnerability in AFL++ 4.05c Arbitrary File Read Vulnerability in php-saml-sp Shared Mutable Environment Vulnerability in Apache CouchDB Design Documents Unauthenticated JMX Management Service in Apache James Server 3.7.3 and Earlier Arbitrary User Addition and Settings Manipulation in KiviCare WordPress Plugin Arbitrary Code Execution via Angular Template Injection in IBM Guardium Cloud Key Manager (GCKM) 1.10.3 Inadequate Account Lockout Setting in IBM Guardium Cloud Key Manager (GCKM) 1.10.3 Sensitive Information Disclosure in IBM Guardium Cloud Key Manager (GCKM) 1.10.3 Hazardous Input Validation Vulnerability in IBM QRadar SIEM 7.5.0 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.5.0 Weak Cryptographic Algorithms in IBM QRadar SIEM 7.5.0: A Potential Threat to Sensitive Data Privilege Escalation Vulnerability in IBM QRadar WinCollect Agent 10.0 - 10.1.3 Elevation of Privileges Vulnerability in IBM QRadar WinCollect Agent 10.0 through 10.1.3 Improper Encoding Vulnerability in IBM QRadar WinCollect Agent 10.0 through 10.1.7 CSRF Vulnerability in KiviCare WordPress Plugin Allows Unauthorized Actions Denial of Service Vulnerability in IBM HTTP Server 8.5 Privilege Escalation Vulnerability in IBM Watson CP4D Data Stores Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 9.0 Improper Access Controls in IBM MQ Certified Container 9.3.0.1-9.3.0.3 and 9.3.1.0-9.3.1.1 IBM MQ 9.2 and 9.3 Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in IBM AIX Runtime Services Library CSV Injection Vulnerability in pimcore/customer-data-framework prior to 3.3.9 Cross-site Scripting (XSS) Vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal and Web Security Portal Cross-site Scripting (XSS) Vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal and Web Security Portal Cross-site Scripting (XSS) Vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal and Web Security Portal Arbitrary Code Execution via Path Traversal in TIA Portal HP Device Manager Command Injection and Privilege Escalation Vulnerability HP Device Manager Command Injection and Privilege Escalation Vulnerability HP Device Manager Command Injection and Privilege Escalation Vulnerability HP Device Manager Command Injection and Privilege Escalation Vulnerability HP Device Manager Command Injection and Privilege Escalation Vulnerability TOCTOU Vulnerability in HP PC Products with AMI UEFI Firmware: Arbitrary Code Execution Risk Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.21 HP PC BIOS Vulnerability: Privilege Escalation Risk HP LaserJet Pro Print Products Vulnerable to Elevation of Privilege and Information Disclosure Command Line Interface Denial of Service Vulnerability in markdown-it-py (before v2.2.0) Null Assertion Denial of Service Vulnerability in markdown-it-py (before v2.2.0) Critical Remote Code Execution Vulnerability in OnePlus Store App's WebView Component Unauthenticated Remote URL Connection Vulnerability in Jenkins Code Dx Plugin Command Injection Vulnerability in Outdated Mobile Phone Backup App OPPO Store App: Critical Remote Code Execution Vulnerability in Webview Component Arbitrary Code Execution Vulnerability in Mono Package Xiaomi Cloud Service Application XSS Vulnerability Xiaomi Router Command Injection Vulnerability: Remote Code Execution and Device Compromise Classic Buffer Overflow Vulnerability in Xiaomi Router Allows Overflow Buffers Command Injection Vulnerability in Xiaomi Xiaomi Router Unencrypted Storage of Code Dx Server API Keys in Jenkins Code Dx Plugin Command Injection Vulnerability in Xiaomi Xiaomi Router Authenticated SQL Injection Vulnerability in ReviewX WordPress Plugin's 'rx_export_review' Action Unauthenticated Insecure Deserialization Vulnerability in BuddyForms WordPress Plugin Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Arbitrary Code Execution Vulnerability in Adobe Dimension Versions 3.4.7 and Earlier Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Code Dx Plugin for Jenkins Exposes API Keys on Configuration Form Arbitrary Code Execution Vulnerability in Adobe Dimension Versions 3.4.7 and Earlier Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Access of Uninitialized Pointer Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Stack-based Buffer Overflow Vulnerability in Adobe Dimension 3.4.7 and Earlier: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Stored Cross-Site Scripting Vulnerability in Get your number WordPress Plugin Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Dimension Access of Uninitialized Pointer Vulnerability Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Improper Access Control Vulnerability in Adobe ColdFusion Allows Unauthenticated Administration Endpoint Access Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Use After Free Vulnerability in Adobe Dimension Allows Memory Disclosure Stored Cross-Site Scripting Vulnerability in Call Now Accessibility Button WordPress Plugin Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Untrusted Search Path Vulnerability in Adobe Creative Cloud 5.9.1 and Earlier Deserialization of Untrusted Data Vulnerability in Adobe ColdFusion: Arbitrary Code Execution SQL Injection Vulnerability in AN_GradeBook WordPress Plugin Arbitrary Code Execution Vulnerability in Adobe ColdFusion Versions 2018 Update 15 and 2021 Update 5 Adobe ColdFusion Path Traversal Vulnerability Allows Arbitrary File System Read Improper Input Validation Vulnerability in @adobe/css-tools (<=4.3.0) Allows for Denial of Service Arbitrary File System Read Vulnerability in Adobe Commerce Arbitrary File System Read Vulnerability in Adobe Commerce Out-of-Bounds Read Vulnerability in Adobe InCopy: Remote Code Execution Out-of-Bounds Write Vulnerability in Acrobat Reader Versions 23.003.20284 and Earlier Privilege Escalation via Hard-Coded Cryptographic Key in Rockwell Automation's FactoryTalk System Services Adobe Photoshop Uninitialized Pointer Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Write Vulnerability in Adobe Dimension 3.4.8 and Earlier Out-of-Bounds Write Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability FactoryTalk System Services Vulnerability: Unauthorized Loading of Malicious Backup Archives Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Stack-based Buffer Overflow in Adobe Substance 3D Stager v2.0.1 and earlier Use After Free Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Access of Uninitialized Pointer Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Access of Uninitialized Pointer Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Arbitrary Code Execution via Improper Input Validation in Adobe Substance 3D Stager Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Unauthenticated Remote Access to FactoryTalk Policy Manager in Rockwell Automation's FactoryTalk System Services Stack-based Buffer Overflow in Adobe Substance 3D Stager v2.0.1 and Earlier Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Use After Free Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Substance 3D Stager v2.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Adobe Acrobat Reader Privilege Escalation via Creation of Temporary File Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Substance 3D Designer Privileged Extended Attributes Vulnerability in Ubuntu Kernels Adobe Dimension Out-of-Bounds Read Vulnerability Adobe Dimension Out-of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Substance 3D Stager 2.0.1 and Earlier Adobe Dimension Out-of-Bounds Read Vulnerability Arbitrary Code Execution via Improper Input Validation in Adobe Acrobat Reader Arbitrary Code Execution via Improper Access Control in Adobe Acrobat Reader