| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
|
| Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 |
| Memory corruption while encoding JPEG format. |
| Memory corruption during concurrent buffer access due to modification of the reference count. |
| Memory corruption when blob structure is modified by user-space after kernel verification. |
| Memory corruption during concurrent access to server info object due to incorrect reference count update. |
| Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. |
| An attacker can use the unrestricted LDAP queries to determine configuration entries |
| Memory corruption during concurrent SSR execution due to race condition on the global maps list. |
| Memory corruption due to improper bounds check while command handling in camera-kernel driver. |
| Memory corruption may occur during IO configuration processing when the IO port count is invalid. |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. |
| Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. |
| Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.
**Note:**
The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. |
| A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. |
| The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
| The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
| The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. |
| The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin |
| The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin |
