74967 matches found
CVE-2020-17382
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow 0x80102040, 0x80102044, 0x80102050,and 0x80102054. Recent assessments: bwatters-r7 at September 09, 2020 6:09pm UTC reported: This is a vulnerability in the MSI AmbientLink Version 1.0.0.8. The vulnerability allows a regular user...
CVE-2020-15466
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. Recent assessments: M4ximuss at July 12, 2020 1:32am UTC reported: This is a denial of service condition...
CVE-2020-10263 - Smart Speaker Root Shell via internal UART
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...
MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Analysis In IE8...
CVE-2020-3119 (AKA: CDPwn)
A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly...
CVE-2019-1414
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka ‘Visual Studio Code Elevation of Privilege Vulnerability’. Recent assessments: goodlandsecurity at May 20, 2020 2:28am UTC reported: Vulnerability: An elevation ...
CVE-2020-5308
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. Recent assessments: cinzinga at March 09, 2020...
CVE-2019-5825
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2019-1320
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2018-2393
Under certain conditions SAP Internet Graphics Server IGS 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server IGS to become unavailable. Recent assessments: gwillcox-r7 at October 06, 2020 4:05pm UTC reported: This...
CVE-2017-0101
The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted...
CVE-2017-6077
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the pingIPAddr field of an HTTP POST request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...
CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow in the hiddenlangavi parameter when invoking the URL /apply.cgi?/langcheck.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. Recent assessments: Assessed Attacker Value: 0 Assessed...
CVE-2016-4523
The WAP interface in Trihedral VTScada formerly VTS 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service out-of-bounds read and application crash via unspecified vectors. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...
CVE-2016-1010
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary...
CVE-2015-7645
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015. Recent assessments: Assessed Attacker Value: 0...
CVE-2013-0643
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted...
CVE-2013-1490
Unspecified vulnerability in Oracle Java SE 7 Update 11 JRE 1.7.011-b21 allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka “Issue 51,” a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any...
CVE-2010-2883
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a PDF document with a long field in a Smart INdependent...
CVE-2026-9363
A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack ...
CVE-2026-9284
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-7168
Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...
CVE-2026-33579
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...
CVE-2025-33242
NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering...
CVE-2025-32706
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2025-24983
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2024-40890
UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...
CVE-2025-24085
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been...
CVE-2024-51567
upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...
CVE-2024-38217
Windows Mark of the Web Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2024-4610
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...
CVE-2024-20767
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interactio...
CVE-2023-48365
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...
CVE-2023-41266
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...
CVE-2022-31459
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth...
CVE-2022-29303
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via confmail.php. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2022-24663
PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-43711
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution...
CVE-2021-31196
Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-28872
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/installation/register.php allows an unauthorized person to create valid credentials. Recent assessments: noraj at June 22, 2021 4:52pm UTC reported: This gives the ability to create an administrator account while...
CVE-2021-25370
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on “Solutions”. This vulnerability gives an unauthorized user the abili...
CVE-2020-1584 - Windows dnsrslvr.dll Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrslvr.dll Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at August 17, 2020 5:24pm UTC reported: Looking at the patch for this vulnerability, one can...
CVE-2020-13925
Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all...
CVE-2020-10977
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. Recent assessments: wvu-r7 at June 09, 2020 10:49pm UTC reported: @zeroSteiner pointed us to this exploit chain today: . It uses CVE-2020-10535 to satisfy the authentication requirement. Note that...
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” ! Recent assessments: ebleiweiss-r7 at September 12, 2019 6:07pm UTC reported: Wind...
CVE-2020-11100
In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Recent assessments: 3dcyber at April 23, 2020 1:18...
CVE-2020-10245
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. Recent assessments: zeroSteiner at May 07, 2020 9:03pm UTC reported: The following analysis is based on CODESYS 3.5.15.20: Installer file: CODESYS 3.5.15.20.exe, SHA-1...
CVE-2020-10086
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. Recent assessments: ericalexanderorg at March 16, 2020 3:52pm UTC reported: Not enough information to accurately assess ATM. Potentia...