| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Media Video Decoder Remote Code Execution Vulnerability |
| Windows Hyper-V Elevation of Privilege Vulnerability |
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
| Windows NTFS Denial of Service Vulnerability |
| Windows Application Compatibility Cache Denial of Service Vulnerability |
| Windows Kernel Information Disclosure Vulnerability |
| An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation. |
| An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon. |
| An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent. |
| An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed. |
| A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. |
| NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. |
| Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure. |
| Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). |
| Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user. |
| A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter. |
| CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML |
| A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. |
| A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. |
| A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. |
