βΌ CVE-2021-36816 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27000 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25408 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23906 βΌ
π Read
via "National Vulnerability Database".
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25410 βΌ
π Read
via "National Vulnerability Database".
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25018 βΌ
π Read
via "National Vulnerability Database".
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25022 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43619 βΌ
π Read
via "National Vulnerability Database".
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44962 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12775 βΌ
π Read
via "National Vulnerability Database".
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42951 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25020 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26332 βΌ
π Read
via "National Vulnerability Database".
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24446 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44961 βΌ
π Read
via "National Vulnerability Database".
A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A Specially crafAn out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.ted stl files can exhaust available memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42767 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in the Apoc plugins in Neo4J Graph database 4.0.0 through 4.3.6 allows attackers to read local files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22262 βΌ
π Read
via "National Vulnerability Database".
ROG Live ServiceΓ’β¬β’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0777 βΌ
π Read
via "National Vulnerability Database".
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35036 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0776 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4039 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.π Read
via "National Vulnerability Database".