161 matches found
CVE-2023-38565
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges...
CVE-2022-33708
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege...
CVE-2023-37535
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...
CVE-2022-20533
creationtimestamp| type| source ---|---|--- 2025-04-18 15:59:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12476...
CVE-2025-32833
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-32033
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...
CVE-2025-31406 WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through = 2.3.9...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper API access control mechanisms. An attacker can modify data type information that should be restricted by exploiting the insufficient security restrictions applied to low-privilege user accounts...
WordPress WP Media Category Management plugin 2.0-2.3.3 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by luckybuddy in WordPress Plugin WP Media Category Management versions 2.0-2.3.3...
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2022-36339
Improper input validation in firmware for IntelR NUC 8 Compute Element, IntelR NUC 11 Compute Element, IntelR NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access...
CVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
CVE-2024-53619
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2024-49281
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3...
PT-2024-28113 · Unknown · Team Members
Name of the Vulnerable Software and Affected Versions: Team Members versions through 5.3.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions...
PT-2024-24555 · Unknown · Flusity-Cms
Name of the Vulnerable Software and Affected Versions: flusity CMS version 2.33 Description: An issue in the software allows a remote attacker to execute arbitrary code via the add addon.php component. Recommendations: For version 2.33, consider disabling the add addon.php component until a patch...
UBUNTU-CVE-2023-41334
Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...
CVE-2021-33138
creationtimestamp| type| source ---|---|--- 2024-02-23 22:27:13+00:00| seen| https://t.me/ctinow/192231...
CVE-2023-32878
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992...
CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...