‼ CVE-2009-10003 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0572 ‼
📖 Read
via "National Vulnerability Database".
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46873 ‼
📖 Read
via "National Vulnerability Database".
WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48303 ‼
📖 Read
via "National Vulnerability Database".
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24612 ‼
📖 Read
via "National Vulnerability Database".
The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25936 ‼
📖 Read
via "National Vulnerability Database".
Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27596 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24623 ‼
📖 Read
via "National Vulnerability Database".
Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25967 ‼
📖 Read
via "National Vulnerability Database".
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24622 ‼
📖 Read
via "National Vulnerability Database".
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0471 ‼
📖 Read
via "National Vulnerability Database".
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22332 ‼
📖 Read
via "National Vulnerability Database".
Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46357 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46356 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0474 ‼
📖 Read
via "National Vulnerability Database".
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22324 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0473 ‼
📖 Read
via "National Vulnerability Database".
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46359 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22333 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0472 ‼
📖 Read
via "National Vulnerability Database".
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46358 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.📖 Read
via "National Vulnerability Database".