CVE-2011-0841

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP...

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...

CVE-2020-7800

The Synergy Systems & Solutions SSS HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions CWE-754 vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or reboot a...

CVE-2020-7600

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

CVE-2020-7213

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

CVE-2020-12856

OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used...

CVE-2020-12119

Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...

CVE-2020-23050

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code...

CVE-2020-23283

Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force...

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

CVE-2020-10596

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section...

CVE-2020-10799

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call...

CVE-2020-10364

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management...

CVE-2020-24599

An issue was discovered in Joomla! before 3.9.21. Lack of escaping in modlatestactions allows XSS attacks...

CVE-2020-24396

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

CVE-2024-34454

Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature and because is accepted as a Common Name...

CVE-2023-43623

A vulnerability has been identified in Mendix Forgot Password Mendix 10 compatible All versions V5.4.0, Mendix Forgot Password Mendix 7 compatible All versions V3.7.3, Mendix Forgot Password Mendix 8 compatible All versions V4.1.3, Mendix Forgot Password Mendix 9 compatible All versions V5.4.0...

CVE-2023-49076

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5...

CVE-2023-4919

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

CVE-2023-4100

Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions...