CVE-2025-64995 Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

Realtek AP-Router SDK Security Vulnerability

Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek, a Chinese company. A security vulnerability exists in the Realtek AP-Router SDK that stems from a stack-based buffer overflow vulnerability in the boa formRoute feature, which can lead to remote...

Realtek AP-Router SDK Input Validation Error Vulnerability

The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. An input validation error vulnerability exists in the Realtek AP-Router SDK, which stems from an integer overflow vulnerability in the boa updateConfigIntoFlash function, which can...

Cross site scripting

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...

CVE-2024-24512

CVE-2024-24512 concerns PKP Open Journal Systems (PKP OJS) 3.4. It is a Cross Site Scripting (XSS) vulnerability in the input subtitle component that could allow an attacker to execute arbitrary code. The CVE is documented with a CVSS v3.1 base score of 6.1 (MEDIUM) with network attack vector, lo...

i-Gallery 3.4 Database Disclosure

==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

GSD-2023-1000352 NFC: nci: Bounds check struct nfc_target arrays

NFC: nci: Bounds check struct nfctarget arrays This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.302 by commit...

GSD-2023-1000318 NFC: nci: Bounds check struct nfc_target arrays

NFC: nci: Bounds check struct nfctarget arrays This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.269 by commit...

CVE-2022-31447

An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...

Xxe

An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...

CVE-2022-31447

An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...

GSD-2021-1001887 can: peak_pci: peak_pci_remove(): fix UAF

can: peakpci: peakpciremove: fix UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commit 0e5afdc2315b0737edcf55bede4ee1640d2d464d...

CVE-2020-19157

Cross Site Scripting CSS in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'...

CVE-2020-19157

Wenku CMS v3.4 contains a Cross Site Scripting (CSS) vulnerability in the ucenter index component. The flaw allows remote attackers to inject and execute arbitrary code via the Intro parameter in /index.php?m=ucenter&a=index. The NVD entry (CVE-2020-19157) lists CVSS2 base score 4.3 (MEDIUM) with...

CVE-2020-19157

Cross Site Scripting CSS in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'...

CVE-2021-24386

The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to...

CVE-2019-2389

CVE-2019-2389 affects MongoDB Server via incorrect scoping of kill operations in packaged SysV init scripts. The flaw lets users with write access to the PID file influence kills when the root user stops MongoDB, enabling denial-of-service conditions. Affected are MongoDB Server v4.0 prior to 4.0...

Faraday v3.4 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.4: Services can now be tagged. With this new feature, you can now easily identify important services, geolocate them and more. New search operators OR/NOT In a previous release we added the AND operator, now with 3.4 you can also use OR...

CVE-2018-18841

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMSSeoAndTag.php?Class=edit&CF=SeoAndTag tagindexkey parameter...

CVE-2018-18783

XSS was discovered in SEMCMS V3.4 via the semcmsremail.php?type=ok umail parameter...