-
2023-09-25 16:15:14
An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. National Vulnerability Database
-
2023-09-25 16:15:13
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.
This issue affects Docker Desktop: before 4.12.0.National Vulnerability Database
-
2023-09-25 16:15:13
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.National Vulnerability Database
-
2023-09-25 16:15:13
A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. National Vulnerability Database
-
2023-09-25 16:15:13
An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. National Vulnerability Database
-
2023-09-25 16:15:13
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.
This issue affects Docker Desktop: before 4.12.0.National Vulnerability Database
-
2023-09-25 16:15:13
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.National Vulnerability Database
-
2023-09-25 16:15:13
A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. National Vulnerability Database
-
2023-09-25 15:15:10
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, National Vulnerability Database
-
2023-09-25 14:15:10
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.National Vulnerability Database
-
2023-09-25 13:15:11
Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.National Vulnerability Database
-
2023-09-25 13:15:11
Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.National Vulnerability Database
-
2023-09-25 13:15:11
Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.National Vulnerability Database
-
2023-09-25 13:15:11
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.National Vulnerability Database
-
2023-09-25 13:15:10
Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.National Vulnerability Database
-
2023-09-25 12:15:11
An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.National Vulnerability Database
-
2023-09-25 12:15:11
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.National Vulnerability Database
-
2023-09-25 12:15:11
Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.National Vulnerability Database
-
2023-09-25 12:15:11
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.National Vulnerability Database
-
2023-09-25 12:15:10
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.National Vulnerability Database
-
2023-09-25 12:15:10
Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.National Vulnerability Database
-
2023-09-25 11:15:12
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.National Vulnerability Database
-
2023-09-25 09:15:10
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.National Vulnerability Database
-
2023-09-25 09:15:10
The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.National Vulnerability Database
-
2023-09-25 03:15:09
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code ofNational Vulnerability Database
-
2023-09-25 03:15:09
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the filNational Vulnerability Database
-
2023-09-25 02:15:10
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function oNational Vulnerability Database
-
2023-09-25 02:15:10
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functiNational Vulnerability Database
-
2023-09-25 02:15:10
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000 up to 20151231. National Vulnerability Database
-
2023-09-25 02:15:09
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <=Â 7.2.4 versions.National Vulnerability Database
-
2023-09-25 01:15:19
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. National Vulnerability Database
-
2023-09-25 01:15:19
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. National Vulnerability Database
-
2023-09-25 01:15:19
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the fiNational Vulnerability Database
-
2023-09-23 08:15:10
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the infoNational Vulnerability Database
-
2023-09-23 05:15:31
The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, National Vulnerability Database
-
2023-09-23 00:15:20
SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.National Vulnerability Database
-
2023-09-23 00:15:20
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.National Vulnerability Database
-
2023-09-23 00:15:20
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.National Vulnerability Database
-
2023-09-22 20:15:09
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql componentNational Vulnerability Database
-
2023-09-22 19:15:11
dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.National Vulnerability Database
-
2023-09-22 18:15:12
TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, National Vulnerability Database
-
2023-09-22 17:15:14
Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, National Vulnerability Database
-
2023-09-22 15:15:12
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.National Vulnerability Database
-
2023-09-22 15:15:10
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would National Vulnerability Database
-
2023-09-22 14:15:47
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. National Vulnerability Database
-
2023-09-22 06:15:11
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, National Vulnerability Database
-
2023-09-22 06:15:11
The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, National Vulnerability Database
-
2023-09-22 06:15:10
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. National Vulnerability Database
-
2023-09-22 00:15:11
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.National Vulnerability Database
-
2023-09-22 00:15:11
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.National Vulnerability Database
-
2023-09-22 00:15:11
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.National Vulnerability Database
-
2023-09-22 00:15:09
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.logNational Vulnerability Database
-
2023-09-21 23:15:13
Delta Electronics DIAScreen may write past the end of an allocated
buffer while parsing a specially crafted input file. This could allow an
attacker to execute code in the context of the current proNational Vulnerability Database
-
2023-09-21 23:15:12
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters.National Vulnerability Database
-
2023-09-21 23:15:11
A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a National Vulnerability Database
-
2023-09-21 23:15:09
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injecNational Vulnerability Database
-
2023-09-21 21:15:10
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdSNational Vulnerability Database
-
2023-09-21 21:15:09
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. National Vulnerability Database
-
2023-09-21 20:15:10
Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.National Vulnerability Database
-
2023-09-21 20:15:10
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.National Vulnerability Database
-
2023-09-21 19:15:11
mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.National Vulnerability Database
-
2023-09-21 19:15:11
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, Safari 16.6.1. Processing web content may lead to arbitrary code execution.National Vulnerability Database
-
2023-09-21 19:15:11
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be abNational Vulnerability Database
-
2023-09-21 19:15:11
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. National Vulnerability Database
-
2023-09-21 18:15:12
Dreamer CMS 4.1.3 is vulnerable to SQL Injection.National Vulnerability Database
-
2023-09-21 18:15:12
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7National Vulnerability Database
-
2023-09-21 17:15:23
Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branchNational Vulnerability Database
-
2023-09-21 17:15:23
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed iNational Vulnerability Database
-
2023-09-21 17:15:22
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as sourNational Vulnerability Database
-
2023-09-21 17:15:16
SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.National Vulnerability Database
-
2023-09-21 15:15:10
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally National Vulnerability Database
-
2023-09-21 14:15:11
As noted in the “VTPM.md� file in the eve documentation, “VTPM is a server listening on port
8877 in EVE, exposing limited functionality of thNational Vulnerability Database
-
2023-09-21 14:15:10
Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.National Vulnerability Database
-
2023-09-21 14:15:10
On boot, the Pillar eve container checks for the existence and content of
“/config/authorized_keys�.
If the file is present, and contains a supported public keyNational Vulnerability Database
-
2023-09-21 14:15:10
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially National Vulnerability Database
-
2023-09-21 13:15:10
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.National Vulnerability Database
-
2023-09-21 13:15:10
D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.National Vulnerability Database
-
2023-09-21 13:15:10
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.National Vulnerability Database
-
2023-09-21 13:15:10
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.National Vulnerability Database
-
2023-09-21 13:15:10
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.National Vulnerability Database
-
2023-09-21 13:15:10
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.National Vulnerability Database
-
2023-09-21 13:15:10
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.National Vulnerability Database
-
2023-09-21 13:15:09
D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.National Vulnerability Database
-
2023-09-21 10:15:09
OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local attackers can crash liteos-a kernel by the error input National Vulnerability Database
-
2023-09-21 09:15:10
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.National Vulnerability Database
-
2023-09-21 07:15:19
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authenticatNational Vulnerability Database
-
2023-09-21 07:15:18
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface withoNational Vulnerability Database
-
2023-09-21 07:15:14
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. National Vulnerability Database
-
2023-09-21 06:15:13
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. National Vulnerability Database
-
2023-09-21 06:15:12
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. National Vulnerability Database
-
2023-09-21 06:15:12
Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.National Vulnerability Database
-
2023-09-21 06:15:10
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.National Vulnerability Database
-
2023-09-20 22:15:13
SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.National Vulnerability Database
-
2023-09-20 22:15:13
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain National Vulnerability Database
-
2023-09-20 22:15:13
Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. National Vulnerability Database
-
2023-09-20 22:15:12
SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCaNational Vulnerability Database
-
2023-09-20 22:15:12
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.National Vulnerability Database
-
2023-09-20 22:15:12
Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.National Vulnerability Database
-
2023-09-20 21:15:11
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.National Vulnerability Database
-
2023-09-20 21:15:11
In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMINNational Vulnerability Database
-
2023-09-20 21:15:11
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.National Vulnerability Database
-
2023-09-20 21:15:11
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.National Vulnerability Database
-
2023-09-20 21:15:11
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, National Vulnerability Database
-
2023-09-20 21:15:11
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, National Vulnerability Database
-
2023-09-20 20:15:12
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.National Vulnerability Database
-
2023-09-20 20:15:12
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, National Vulnerability Database
-
2023-09-20 20:15:12
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.National Vulnerability Database
-
2023-09-20 20:15:11
Skyworth 3.0 OS is vulnerable to Directory Traversal.National Vulnerability Database
-
2023-09-20 20:15:11
An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.National Vulnerability Database
-
2023-09-20 20:15:11
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.National Vulnerability Database
-
2023-09-20 20:15:11
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component.National Vulnerability Database
-
2023-09-20 20:15:11
IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.National Vulnerability Database
-
2023-09-20 20:15:11
An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.National Vulnerability Database
-
2023-09-20 20:15:11
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.National Vulnerability Database
-
2023-09-20 20:15:11
A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.National Vulnerability Database
-
2023-09-20 20:15:11
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leadiNational Vulnerability Database
-
2023-09-20 20:15:11
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.National Vulnerability Database
-
2023-09-20 20:15:11
An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.National Vulnerability Database
-
2023-09-20 19:15:12
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, aNational Vulnerability Database
-
2023-09-20 19:15:12
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.National Vulnerability Database
-
2023-09-20 19:15:12
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into thNational Vulnerability Database
-
2023-09-20 19:15:12
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotarNational Vulnerability Database
-
2023-09-20 19:15:12
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.National Vulnerability Database
-
2023-09-20 19:15:11
An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.National Vulnerability Database
-
2023-09-20 19:15:11
IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.National Vulnerability Database
-
2023-09-20 19:15:11
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.National Vulnerability Database
-
2023-09-20 18:15:12
An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.National Vulnerability Database
-
2023-09-20 18:15:12
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.National Vulnerability Database
-
2023-09-20 18:15:12
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.National Vulnerability Database
-
2023-09-20 18:15:12
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' funcNational Vulnerability Database
-
2023-09-20 17:15:12
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.National Vulnerability Database
-
2023-09-20 17:15:12
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-speciNational Vulnerability Database
-
2023-09-20 17:15:12
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attackerNational Vulnerability Database
-
2023-09-20 17:15:11
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), National Vulnerability Database
-
2023-09-20 17:15:11
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), National Vulnerability Database
-
2023-09-20 17:15:11
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), National Vulnerability Database
-
2023-09-20 17:15:11
Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build histoNational Vulnerability Database
-
2023-09-20 17:15:11
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissiNational Vulnerability Database
-
2023-09-20 17:15:11
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able National Vulnerability Database
-
2023-09-20 17:15:11
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, National Vulnerability Database
-
2023-09-20 17:15:11
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permisNational Vulnerability Database
-
2023-09-20 17:15:11
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', National Vulnerability Database
-
2023-09-20 16:15:12
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote National Vulnerability Database
-
2023-09-20 16:15:12
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an
unauthenticated attacker to perform a CSRF attack on an instance
administrator to configure the clients host (in the "confNational Vulnerability Database
-
2023-09-20 16:15:12
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28National Vulnerability Database
-
2023-09-20 15:15:12
In EVE OS, the “measured boot� mechanism prevents a compromised device from accessing
the encrypted data located in the vault.
As per the “meNational Vulnerability Database
-
2023-09-20 15:15:11
Vault Key Sealed With SHA1 PCRs
The measured boot solution implemented in EVE OS leans on a PCR locking mechanism.
Different parts of the system update different PCR values in the TPM, resultinNational Vulnerability Database
-
2023-09-20 15:15:11
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, National Vulnerability Database
-
2023-09-20 15:15:11
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, National Vulnerability Database
-
2023-09-20 15:15:11
PCR14 is not in the list of PCRs that seal/unseal the “vault� key, National Vulnerability Database
-
2023-09-20 14:15:15
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, National Vulnerability Database
-
2023-09-20 14:15:14
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.National Vulnerability Database
-
2023-09-20 14:15:14
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.National Vulnerability Database
-
2023-09-20 14:15:14
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. National Vulnerability Database
-
2023-09-20 14:15:14
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commanNational Vulnerability Database
-
2023-09-20 14:15:14
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.National Vulnerability Database
-
2023-09-20 14:15:14
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manuaNational Vulnerability Database
-
2023-09-20 14:15:14
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands vNational Vulnerability Database
-
2023-09-20 14:15:13
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.National Vulnerability Database
-
2023-09-20 14:15:13
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.National Vulnerability Database
-
2023-09-20 14:15:13
D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.National Vulnerability Database
-
2023-09-20 14:15:13
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.National Vulnerability Database
-
2023-09-20 14:15:12
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.National Vulnerability Database
-
2023-09-20 14:15:12
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.National Vulnerability Database
-
2023-09-20 14:15:12
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.National Vulnerability Database
-
2023-09-20 14:15:12
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichaNational Vulnerability Database
-
2023-09-20 13:15:12
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. National Vulnerability Database
-
2023-09-20 13:15:12
The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system calNational Vulnerability Database
-
2023-09-20 13:15:11
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically creatNational Vulnerability Database
-
2023-09-20 13:15:11
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), National Vulnerability Database
-
2023-09-20 13:15:11
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; dependiNational Vulnerability Database
-
2023-09-20 12:15:12
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.National Vulnerability Database
-
2023-09-20 10:15:15
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.National Vulnerability Database
-
2023-09-20 10:15:14
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. National Vulnerability Database
-
2023-09-20 10:15:11
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f� parameter is not properly checNational Vulnerability Database
-
2023-09-20 09:15:17
Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. National Vulnerability Database
-
2023-09-20 09:15:16
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. National Vulnerability Database
-
2023-09-20 09:15:12
An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive informatioNational Vulnerability Database
-
2023-09-20 08:15:15
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, National Vulnerability Database
-
2023-09-20 08:15:15
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.National Vulnerability Database
-
2023-09-20 08:15:10
** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is loggedNational Vulnerability Database
-
2023-09-20 06:15:10
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.National Vulnerability Database
-
2023-09-20 06:15:10
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.National Vulnerability Database
-
2023-09-20 06:15:10
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.National Vulnerability Database
-
2023-09-20 06:15:10
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.National Vulnerability Database
-
2023-09-20 06:15:10
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.National Vulnerability Database
-
2023-09-20 06:15:10
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe
code paths being incorrectly marked as safe, resulting in arbitrary read/writNational Vulnerability Database
-
2023-09-20 06:15:10
An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.National Vulnerability Database
-
2023-09-20 05:15:39
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large quNational Vulnerability Database
-
2023-09-20 03:15:14
The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, National Vulnerability Database
-
2023-09-20 03:15:14
The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, National Vulnerability Database
-
2023-09-20 03:15:13
Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to exeNational Vulnerability Database
-
2023-09-20 02:15:21
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privNational Vulnerability Database
-
2023-09-20 02:15:20
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privilegesNational Vulnerability Database
-
2023-09-20 02:15:20
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer componenNational Vulnerability Database
-
2023-09-20 02:15:19
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges National Vulnerability Database
-
2023-09-20 02:15:19
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges National Vulnerability Database
-
2023-09-20 02:15:18
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, informatioNational Vulnerability Database
-
2023-09-20 01:15:56
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functionsNational Vulnerability Database
-
2023-09-20 01:15:56
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.National Vulnerability Database
-
2023-09-20 01:15:56
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, National Vulnerability Database
-
2023-09-20 01:15:55
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, National Vulnerability Database
-
2023-09-20 01:15:55
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, eNational Vulnerability Database
-
2023-09-20 01:15:55
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial oNational Vulnerability Database
-
2023-09-20 01:15:54
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.National Vulnerability Database
-
2023-09-20 01:15:54
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial National Vulnerability Database
-
2023-09-20 01:15:54
NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code eNational Vulnerability Database
-
2023-09-20 01:15:53
NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted netwoNational Vulnerability Database
-
2023-09-20 01:15:53
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepanNational Vulnerability Database
-
2023-09-20 01:15:53
NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial ofNational Vulnerability Database
-
2023-09-20 01:15:52
NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit maNational Vulnerability Database
-
2023-09-20 01:15:52
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead toNational Vulnerability Database
-
2023-09-20 01:15:51
NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may bNational Vulnerability Database
-
2023-09-20 00:15:11
A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.National Vulnerability Database
-
2023-09-20 00:15:10
File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.National Vulnerability Database
-
2023-09-20 00:15:09
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).National Vulnerability Database
-
2023-09-19 23:15:10
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter senNational Vulnerability Database
-
2023-09-19 23:15:10
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commandNational Vulnerability Database
-
2023-09-19 23:15:10
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the National Vulnerability Database
-
2023-09-19 23:15:09
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /National Vulnerability Database
-
2023-09-19 20:15:09
The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, National Vulnerability Database
-
2023-09-19 20:15:09
The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, National Vulnerability Database
-
2023-09-19 17:15:08
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8National Vulnerability Database
-
2023-09-19 17:15:08
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possibleNational Vulnerability Database
-
2023-09-19 17:15:08
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configurationNational Vulnerability Database
-
2023-09-19 16:15:13
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, National Vulnerability Database
-
2023-09-19 16:15:13
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, National Vulnerability Database
-
2023-09-19 16:15:12
MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.National Vulnerability Database
-
2023-09-19 16:15:12
MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.National Vulnerability Database
-
2023-09-19 16:15:12
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, National Vulnerability Database
-
2023-09-19 16:15:11
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack.National Vulnerability Database
-
2023-09-19 16:15:11
MiniTool Power Data Recovery 11.5 contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack.National Vulnerability Database
-
2023-09-19 16:15:11
MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.National Vulnerability Database
-
2023-09-19 16:15:10
MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack.National Vulnerability Database
-
2023-09-19 16:15:09
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfiNational Vulnerability Database