CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

CVE-2023-24812

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...

CVE-2023-29089

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart...

CVE-2022-29872

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on...

CVE-2022-44621

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

CVE-2022-25344

An XSS issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is the...

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

CVE-2021-29576

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow. The...

CVE-2021-29431

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

CVE-2021-37417

Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation...

CVE-2021-25028

The Event Tickets WordPress plugin before 5.2.2 does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue...

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...

CVE-2021-24458

The getayspopupboxes and getpopupcategories functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

CVE-2021-24154

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the downloadfile function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd...

CVE-2021-44507

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. A lack of parameter validation in calls to memcpy in strtok in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

CVE-2021-44481

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in checkandsettimeout in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

CVE-2021-24769

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...

CVE-2021-24748

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...

CVE-2020-9259

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212C00E210R5P1 have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and...