CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

CVE-2020-12859

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...

CVE-2020-12708

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the catid parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043...

CVE-2020-12335

Improper permissions in the installer for the IntelR Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-23984

Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags...

CVE-2020-23706

A heap-based buffer overflow vulnerability in the function okjpgdecodeblocksubsequentscan okjpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service DOS via a crafted jpeg file...

CVE-2020-23256

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service...

CVE-2020-10476

Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

CVE-2015-0270

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter...

CVE-2006-1646

The Internet Key Exchange version 1 IKEv1 implementation isakmpagg.c in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote...

CVE-2024-34726

In PVRSRVMMap of pvrbridgek.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-39181

Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a buffer overflow via the ApCliSsid parameter in thegenerateconfrouter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2023-29502

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path...

CVE-2023-31194

An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability...

CVE-2023-40559

Cross-Site Request Forgery CSRF vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin = 2.4.0 versions...

CVE-2023-40368

IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456...

CVE-2021-33682

SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This would allow an attacker with basic level privileges to store a malicious script on SAP Lumira Server. The execution of the script content, by a victim...

CVE-2022-31807

A vulnerability has been identified in Building X - Security Manager Edge Controller ACC-AP All versions. Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a...

CVE-2022-31134

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many...

CVE-2022-0231

livehelperchat is vulnerable to Cross-Site Request Forgery CSRF...