| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) |
| Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. |
| Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. |
| In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. |
| In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. |
| In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex). |
| Microsoft Teams iOS Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| .NET Core Remote Code Execution Vulnerability |
| .NET Framework Denial of Service Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Windows Event Tracing Information Disclosure Vulnerability |
| Windows DirectX Information Disclosure Vulnerability |
| Microsoft SharePoint Server Spoofing Vulnerability |
| Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Event Tracing Elevation of Privilege Vulnerability |
| Microsoft Dataverse Information Disclosure Vulnerability |
| Microsoft Edge for Android Information Disclosure Vulnerability |
