| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. |
| jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation. |
| A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1. |
| Couchbase Server before 7.1.0 has Incorrect Access Control. |
| An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. |
| The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. |
| Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. |
| PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons. |
| Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2). |
| Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2). |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. |
| Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. |
| OX App Suite 7.10.5 allows XSS via an OX Chat system message. |
| OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. |
| The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. |
| OX App Suite 7.10.5 allows XSS via an OX Chat room name. |
| OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. |
| OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. |
| OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. |
| chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. |