| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions. |
| Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. |
| Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions. |
| Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. |
| Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. |
| Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access. |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. |
| The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. |
| An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart. |
| An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop. |
| The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue. |