SKYLARK HOLDINGS CO., LTD. Security Vulnerabilities
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series),.....
5.4CVSS
5.2AI Score
0.0005EPSS
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the...
6.3AI Score
0.094EPSS
Anhui Green Persimmon Information Technology Co., Ltd LiveGBS has information leakage vulnerability
LiveGBS is a national standard (GB28181) streaming media service software , can provide to provide user management and Web visualization page management , open source front-end page source code ; to provide device status management , you can real-time view of whether the device is offline and...
6.8AI Score
Microsoft Patch Tuesday, November 2023 Edition
Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month...
8.8CVSS
7.7AI Score
0.005EPSS
Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a...
6.1CVSS
6AI Score
0.0004EPSS
Anhui Green Persimmon Information Technology Co., Ltd. LiveQing has a logic flaw vulnerability
LiveQing Aoki video streaming service solution. Anhui Green Persimmon Information Technology Co., Ltd LiveQing has a logic flaw vulnerability that can be exploited by attackers to delete arbitrary...
7.2AI Score
ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of...
6.8AI Score
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an...
6.1CVSS
6.2AI Score
0.0005EPSS
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Twig Default Filters Summary: | Product | Grav CMS | | ----------------------- |...
8.8CVSS
8.9AI Score
EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.3AI Score
0.0004EPSS
Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the Reporter system of Fujian Strait Information...
7.7AI Score
In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution...
5.5CVSS
5.5AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business...
3.3CVSS
4.2AI Score
0.0005EPSS
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and...
4.3CVSS
4.6AI Score
0.0004EPSS
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and...
4.3CVSS
4.6AI Score
0.0004EPSS
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
CVE-2023-32741 WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through...
7.5AI Score
0.001EPSS
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific...
6.5CVSS
6.2AI Score
0.001EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number....
7.6AI Score
0.099EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...
5.5CVSS
5.3AI Score
0.0004EPSS
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...
5.5CVSS
5.3AI Score
0.0004EPSS