| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. |
| Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. |
| The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
| Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. |
| Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. |
| A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. |
| Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. |
| Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. |
| The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3. |
| A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. |
| Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. |
| NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. |
| A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. |
| The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. |