CVE-2025-70161

EDIMAX BR-6208AC V21.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing...

CVE-2025-70161

EDIMAX BR-6208AC V21.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing...

CVE-2005-1400

The i386getldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values...

CVE-2023-29726

The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, t...

CVE-2023-29727

The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause...

CVE-2023-45377

In the module "Chronopost Official" chronopost for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2018-10072

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service BSOD via a 0x953827bf DeviceIoControl call...

CVE-2021-31584

Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...

CVE-2017-18433

cPanel before 64.0.21 allows code execution by webmail and demo accounts via a storefilter API call SEC-236...

CVE-2017-18434

cPanel before 64.0.21 allows code execution in the context of the root account via a SETVHOSTLANGPACKAGE multilang adminbin call SEC-237...

CVE-2019-18822

A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account i.e., the account under which the program runs - by default, the callrec account to elevate privileges to root by abusing the [email protected]. The [email protected] starts the /opt/callrec/bin/rs binar...

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

CVE-2019-20552

An issue was discovered on Samsung mobile devices with P9.0 software. Attackers can bypass Factory Reset Protection FRP via an RCS call. The Samsung ID is SVE-2019-15035 October 2019...

CVE-2019-20893

An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHostHandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim'...

CVE-2020-10799

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call...

CVE-2020-10863

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine...

CVE-2023-25710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin = 1.4.0 versions...

CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

CVE-2023-50858

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...

CVE-2022-0903

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body...