| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. |
| Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed. |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP. |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. |
| A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter. |
| libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. |
| Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. |
| An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. |
| An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. |
| Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. |
| Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. |
| Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory. |
| In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. |