21 matches found
CVE-2024-42992
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2024-42992
This CVE entry is rejected/not used and does not represent an active vulnerability.
CVE-2023-5377
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV...
CVE-2023-5377 Out-of-bounds Read in gpac/gpac
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV...
CVE-2023-5377 Out-of-bounds Read in gpac/gpac
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV...
CVE-2023-37786
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
CVE-2023-37787
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...
CVE-2023-37787
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...
CVE-2023-37786
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
CVE-2023-37786
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...
CVE-2023-33747
CloudPanel v2.2.2 allows attackers to execute a path traversal...
CVE-2023-33747
CloudPanel v2.2.2 allows attackers to execute a path traversal...
Code injection
This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...
CVE-2018-18405
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...
CVE-2018-18405
Removed by vendor...
CVE-2018-18405
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...
CVE-2018-18405
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...
Input validation
Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...
Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update
Overview Texas Instruments CC2640 and CC2650 microcontrollers are vulnerable to a heap overflow and may allow unauthenticated firmware installation. Description CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2018-16986 - also known as BLEEDINGBIT The following...