IDCVSSSummaryLast (major) updatePublished
CVE-2023-39407 None
The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.
25-09-2023 - 09:15 25-09-2023 - 09:15
CVE-2023-39408 None
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
25-09-2023 - 09:15 25-09-2023 - 09:15
CVE-2015-6964 None
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) Thi
25-09-2023 - 05:15 25-09-2023 - 05:15
CVE-2002-20001 5.0
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ate
25-09-2023 - 05:15 11-11-2021 - 19:15
CVE-2007-1923 7.5
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are befor
25-09-2023 - 05:15 10-04-2007 - 23:19
CVE-2023-5153 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sq
25-09-2023 - 03:15 25-09-2023 - 03:15
CVE-2023-5154 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulat
25-09-2023 - 03:15 25-09-2023 - 03:15
CVE-2021-32292 None
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.
25-09-2023 - 02:31 22-08-2023 - 19:16
CVE-2023-39018 None
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.
25-09-2023 - 02:30 28-07-2023 - 15:15
CVE-2020-10627 4.8
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly
25-09-2023 - 02:30 01-12-2021 - 16:15
CVE-2021-36767 7.5
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will rep
25-09-2023 - 02:30 08-10-2021 - 15:15
CVE-2013-6370 5.0
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.
25-09-2023 - 02:30 22-04-2014 - 13:06
CVE-2013-6371 5.0
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
25-09-2023 - 02:30 22-04-2014 - 13:06
CVE-2020-12762 6.8
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
25-09-2023 - 02:30 09-05-2020 - 18:15
CVE-2023-3028 None
Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.
25-09-2023 - 02:29 01-06-2023 - 06:15
CVE-2022-42965 None
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method
25-09-2023 - 02:29 09-11-2022 - 20:15
CVE-2022-32190 None
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are remo
25-09-2023 - 02:29 13-09-2022 - 18:15
CVE-2019-9017 5.0
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
25-09-2023 - 02:29 02-05-2019 - 19:29
CVE-2023-41872 None
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.
25-09-2023 - 02:15 25-09-2023 - 02:15
CVE-2023-5150 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of
25-09-2023 - 02:15 25-09-2023 - 02:15
CVE-2023-5152 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php.
25-09-2023 - 02:15 25-09-2023 - 02:15
CVE-2023-5151 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipula
25-09-2023 - 02:15 25-09-2023 - 02:15
CVE-2023-5146 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateli
25-09-2023 - 01:35 25-09-2023 - 00:15
CVE-2023-41874 None
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions.
25-09-2023 - 01:35 25-09-2023 - 01:15
CVE-2023-5145 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.ph
25-09-2023 - 01:35 25-09-2023 - 00:15
CVE-2023-41948 None
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions.
25-09-2023 - 01:35 25-09-2023 - 01:15
CVE-2023-41949 None
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.
25-09-2023 - 01:35 25-09-2023 - 01:15
CVE-2023-5147 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of th
25-09-2023 - 01:35 25-09-2023 - 01:15
CVE-2023-5148 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The
25-09-2023 - 01:35 25-09-2023 - 01:15
CVE-2023-5149 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The man
25-09-2023 - 01:35 25-09-2023 - 01:15
CVE-2023-5142 None
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affect
25-09-2023 - 01:35 24-09-2023 - 22:15
CVE-2023-5143 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The m
25-09-2023 - 01:35 24-09-2023 - 23:15
CVE-2023-5144 None
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The man
25-09-2023 - 01:35 24-09-2023 - 23:15
CVE-2023-1260 None
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. The
25-09-2023 - 01:35 24-09-2023 - 01:15
CVE-2023-1625 None
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, inte
25-09-2023 - 01:35 24-09-2023 - 01:15
CVE-2023-1633 None
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
25-09-2023 - 01:35 24-09-2023 - 01:15
CVE-2023-1636 None
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and oth
25-09-2023 - 01:35 24-09-2023 - 01:15
CVE-2022-3962 None
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an er
25-09-2023 - 01:35 23-09-2023 - 20:15
CVE-2023-5125 None
The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This
25-09-2023 - 01:35 23-09-2023 - 05:15
CVE-2023-5134 None
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes
25-09-2023 - 01:35 23-09-2023 - 08:15
CVE-2023-41081 None
The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would
24-09-2023 - 20:15 13-09-2023 - 10:15
CVE-2020-21047 None
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion
23-09-2023 - 20:15 22-08-2023 - 19:16
CVE-2023-43669 None
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempte
23-09-2023 - 19:15 21-09-2023 - 06:15
CVE-2023-4504 None
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in
23-09-2023 - 16:15 21-09-2023 - 23:15
CVE-2023-42261 None
** DISPUTED ** Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network env
23-09-2023 - 04:15 21-09-2023 - 22:15
CVE-2023-3341 None
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-p
23-09-2023 - 04:15 20-09-2023 - 13:15
CVE-2023-4236 None
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This iss
23-09-2023 - 04:15 20-09-2023 - 13:15
CVE-2023-43338 None
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.
23-09-2023 - 03:46 23-09-2023 - 00:15
CVE-2023-43468 None
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.
23-09-2023 - 03:46 23-09-2023 - 00:15
CVE-2023-43469 None
SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.
23-09-2023 - 03:46 23-09-2023 - 00:15
Back to Top Mark selected
Back to Top