| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. |
| In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. |
| A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function. |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. |
| In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
| The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
| PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. |
| The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions. |
| LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.) |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. |
| Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. |
| Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code. |
