βΌ CVE-2021-33351 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33353 βΌ
π Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33352 βΌ
π Read
via "National Vulnerability Database".
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22892 βΌ
π Read
via "National Vulnerability Database".
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24777 βΌ
π Read
via "National Vulnerability Database".
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24282 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22890 βΌ
π Read
via "National Vulnerability Database".
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4007 βΌ
π Read
via "National Vulnerability Database".
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27974 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25081 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4315 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0030 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernelΓ’β¬β’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33639 βΌ
π Read
via "National Vulnerability Database".
REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26948 βΌ
π Read
via "National Vulnerability Database".
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26110 βΌ
π Read
via "National Vulnerability Database".
All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26109 βΌ
π Read
via "National Vulnerability Database".
All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27985 βΌ
π Read
via "National Vulnerability Database".
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1251 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27986 βΌ
π Read
via "National Vulnerability Database".
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1286 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.π Read
via "National Vulnerability Database".
π΄ Critical RCE Bug Opens Fortinet's Secure Web Gateway to Takeover π΄
π Read
via "Dark Reading".
Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.π Read
via "Dark Reading".
Dark Reading
Critical RCE Bug Opens Fortinet's Secure Web Gateway to Takeover
Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.