| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. |
| Use After Free in NPM radare2.js prior to 5.6.2. |
| Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. |
| A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. |
| Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. |
| Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. |
| Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1. |
| Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 |
| Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. |
| Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. |
| The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. |
| Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12. |
| A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. |
| The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. |
