CVE-2023-43569

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2023-43578

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2023-4988

A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product...

CVE-2021-41135

The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...

CVE-2021-33679

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence...

CVE-2025-23187

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

CVE-2025-40592

A vulnerability has been identified in Mendix Studio Pro 10 All versions V10.23.0, Mendix Studio Pro 10.12 All versions V10.12.17, Mendix Studio Pro 10.18 All versions V10.18.7, Mendix Studio Pro 10.6 All versions V10.6.24, Mendix Studio Pro 11 All versions V11.0.0, Mendix Studio Pro 8 All versio...

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length...

CVE-2022-42265

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where an integer overflow may lead to information disclosure or data tampering...

CVE-2022-31078

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...

CVE-2022-31070

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...

CVE-2022-0929

XSS on dynamictext module in GitHub repository microweber/microweber prior to 1.2.11...

CVE-2022-35933

This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2...

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium

...

CVE-2024-39674

Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2023-40728

A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service...

CVE-2021-2276

Vulnerability in the Oracle iSetup product of Oracle E-Business Suite component: General Ledger Update Transform, Reports. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2025-23202

Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The FetchVerse and FetchPassage functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to...

CVE-2022-23503

TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible t...

CVE-2022-33248

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http...