CVE-2025-41363

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing CORS. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission...

CVE-2025-20273

The CVE-2025-20273 vulnerability affects Cisco Unified Intelligent Contact Management Enterprise web-based management interface. It is an XSS flaw caused by insufficient input validation that can be triggered when a user clicks a crafted link, allowing an unauthenticated, remote attacker to execu...

CVE-2025-41379

The CVE-2025-41379 entry concerns the Intellian C700 web panel. The vulnerability arises from a mismatch between the ID used to create a firewall rule in the database and the JSON ID, which means that when a rule must be deleted, the system uses the JSON ID and may fail, potentially allowing crea...

CVE-2025-22304

Missing Authorization vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 7.5...

CVE-2024-20282

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this...

CVE-2024-20324

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and sho...

CVE-2024-20301

A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of t...

CVE-2024-20285

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

CVE-2024-56330

Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication ICC is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build pa...

CVE-2023-5013

A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input leads to cross site scripting. The attack can be...

CVE-2023-47193

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2023-20204

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

CVE-2023-20037

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...

CVE-2025-27558

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access WPA, WPA2, or WPA3 or Wired Equivalent Privacy WEP, an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP...

CVE-2025-4692

Actors can use a maliciously crafted JavaScript object notation JSON web token JWT to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by t...

CVE-2022-3816

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2021-34887

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

CVE-2020-21606

libde265 v1.0.4 contains a heap buffer overflow fault in the putepel16fallback function, which can be exploited via a crafted a file...

CVE-2020-1365

An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID...

CVE-2020-6120

SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...