CVE-2022-44553

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically...

CVE-2022-38998

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality...

CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage...

CVE-2021-40022

The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality...

CVE-2021-46851

The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback...

CVE-2021-40047

There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity...

CVE-2020-23047

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...

CVE-2018-25022

The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address when knowing only their Tox Id by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion...

CVE-2019-6831

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module all firmware versions, which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on por...

CVE-2019-14081

Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networki...

CVE-2012-1641

The finderimport function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import...

CVE-2018-18318

The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service NULL pointer dereference and device crash via a crafted 0xc0d8b300 ioctl call...

CVE-2012-5589

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...

CVE-2010-4663

Unspecified vulnerability in the News module in CMS Made Simple CMSMS before 1.9.1 has unknown impact and attack vectors...

CVE-2012-4469

Cross-site scripting XSS vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators...

CVE-2015-7231

The Commerce Commonwealth CBA module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."...

PT-2025-22455 · Zohocorp · Manageengine Servicedesk Plus +1

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 Description: The issue concerns an authenticated Local File Inclusion LFI in the Admin module of the software, specifically where help card content is...

CVE-2009-1942

Cross-site scripting XSS vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-1249

Cross-site scripting XSS vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map...

Drupal Quick Node Block module < 2.0.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Mitch Portier arkener in WordPress Module Quick Node Block versions 2.0.0...