| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication. |
| Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. |
| Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. |
| Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. |
| Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8. |
| Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through 1.4.1. |
| An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF). |
| Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function. |
| Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. |
| Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. |
| SAP NetWeaver and ABAP platform allows an
attacker to impede performance for legitimate users by crashing or flooding the
service.
An
impact of this Denial of Service vulnerability might be long response delays
and service interruptions, thus degrading the service quality experienced by
legitimate users causing high impact on availability of the application. |
| Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input. |
| Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation. |
| Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
|
| A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks. |
| Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions. |
| Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps |
| In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. |
| There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
