CVE Vulnerabilities

Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote.

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus...

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democrit...

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the demo...

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritu...

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritu...

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the demo...

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-...

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbit...

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test.

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete.

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if dat...

Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.

Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.

Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file.

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specificatio...

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatib...

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already fre...

N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c.

html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files ...

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall.

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall.

Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONIT...

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM TH...

In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not n...

In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional ex...

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.

D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.

D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.

D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.

A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /...

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execut...

There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial o...