| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. |
| Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. |
| Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration. |
| Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. |
| url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. |
| A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. |
| NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. |
| md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. |
| An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration. |
| In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation. |
| urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. |
| In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. |
| Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. |
| Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. |
| An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary. |
| An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary. |
| Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary. |
| Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary. |
| In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. |
