CVE Schwachstellen

ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service (aka DoS) vulnerability which allo...

Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.

Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.

Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.

Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.

TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password o...

tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).

tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability...

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript cod...

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability...

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communic...

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that cr...

xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when s...

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with l...

Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, ...

Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious use...

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; open...

Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.

SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private k...

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.

This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.

Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.

Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Jav...

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from ve...

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted...

Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the vic...

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker...

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially...

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could...

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8...

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.

A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data.

eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm.

SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.

SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.

Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page.