CVE-2024-32051

Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information...

CVE-2024-23758

An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstallermsi.log file...

CVE-2024-25527

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklogtemplateshow.aspx...

CVE-2024-24752

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...

CVE-2024-0139

NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service...

CVE-2023-46052

Sane 1.2.1 heap bounds overwrite in initoptions from backend/test.c via a long initmode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file...

CVE-2023-32385

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination...

CVE-2023-28152

An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity XXE injection via a remote DTD in a DOCX file...

CVE-2023-2762

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file...

CVE-2023-38317

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

CVE-2023-38831

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the...

CVE-2022-32897

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution...

CVE-2022-29524

Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file...

CVE-2021-45015

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72...

CVE-2021-3370

DouPHP v1.6 was discovered to contain a cross-site scripting XSS vulnerability via /admin/cloud.php...

CVE-2020-25887

Buffer overflow in mgresolvefromhostsfile in Mongoose 6.18, when reading from a crafted hosts file...

CVE-2020-13634

In Windows Master aka Windows Optimization Master 7.99.13.604, the driver file WoptiHWDetect.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558...

CVE-2023-47466

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk...

CVE-2018-6474

In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file SASKUTIL.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148...

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...