CVE-2021-46116

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin.TemplateControllerdoInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code...

CVE-2021-45760

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gflistlast. This vulnerability allows attackers to cause a Denial of Service DoS...

CVE-2021-45764

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shiftchunkoffsets.isra...

PYSEC-2022-43148

Open Asset Import Library aka assimp 5.1.0 and 5.1.1 has a heap-based buffer overflow in m3dsafestr called from m3dload and Assimp::M3DWrapper::M3DWrapper...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. gfdumpvrmldynfield.isra function in GPAC version 1.1.0 is vulnerable to a null pointer dereference, which can be exploited by attackers to cause segmentation errors and application crashes...

Authentication flaw

A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...

Unspecified vulnerability in libretime

Libretime is a radio broadcast and automation platform. libretime is vulnerable due to a naming function vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController. php for path manipulation. No details of the vulnerability are currently available...

CVE-2021-42783

Missing Authentication for Critical Function vulnerability in debugpostset.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions...

CVE-2021-38467

A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition...

CVE-2021-41720

Removed by vendor...

CVE-2021-34657

The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the /vendor/OrgHeigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11...

The vulnerability of the Blit_3or4_to_3or4__inversed_rgb function in the multimedia library Simple DirectMedia Layer, which involves reading data beyond the allowed buffer limits, allows an intruder to access confidential data and also trigger a service failure.

The vulnerability of the Blit3or4to3or4inversedrgb function in the multimedia library Simple DirectMedia Layer involves reading data beyond the permissible buffer limits. Exploiting this vulnerability could allow an attacker to access confidential data, as well as cause service failures...

The vulnerability of the set function in the object-path library of the Aurora Application Software Center, related to uncontrolled changes to prototype attributes of objects, allows attackers to execute a “prototype pollution” attack.

The vulnerability of the set function in the object-path library of the Aurora application software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...

CVE-2021-22313

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

Security feature bypass

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

Denial of Service (DoS)

Overview transpile is a Transpiles JavaScript modules from one format to another. Affected versions of this package are vulnerable to Denial of Service DoS due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to function. PoC Base code: var transpi...

GHSA-JH2M-J8PP-55RC Prototype Pollution in gedi

All versions of package gedi up to and including version 1.6.3 are vulnerable to Prototype Pollution via the set function...

Regular Expression Denial of Service (ReDoS)

Overview is-email is a Loosely validate an email address. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the isEmail function. PoC: var isEmail = require"is-email" function buildblankn var ret = "" for var i = 0; i n; i++ ret += "@" return ret +...

SAP NetWeaver AS ABAP Denial of Service Vulnerability (CNVD-2021-29099)

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP NetWeaver AS ABAP versions 731, 740, and 750. The vulnerability...

The vulnerability of the transmission function of the programmatically defined Cisco SD-WAN system allows a hacker to overwrite any files they desire.

The vulnerability of the transmission function of the programmatically defined Cisco SD-WAN network is related to access control errors. Exploiting this vulnerability could allow a attacker to rewrite any files at will...