CVE-2025-23473

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Punit Bhalodiya Killer Theme Options killer-theme-options allows Reflected XSS.This issue affects Killer Theme Options: from n/a through = 2.0...

CVE-2022-33256

Memory corruption due to improper validation of array index in Multi-mode call processor...

CVE-2022-37901

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2022-31258

In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink...

CVE-2022-0768

Server-Side Request Forgery SSRF in GitHub repository rudloff/alltube prior to 3.0.2...

CVE-2022-0366

An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1...

CVE-2022-0602

Cross-site Scripting XSS - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0...

CVE-2022-0224

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

CVE-2022-0251

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.2.10...

CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

CVE-2022-0930

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12...

CVE-2022-0086

uppy is vulnerable to Server-Side Request Forgery SSRF...

CVE-2017-18307

Information disclosure possible while audio playback...

CVE-2017-18755

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.8...

CVE-2019-11457

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/...

CVE-2020-7829

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution...

CVE-2020-7881

The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy operate by "FanTicket" field. It is because of stored data without...

CVE-2024-34369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0...

CVE-2026-20970

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs...

CVE-2025-1467

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541...