Vulnerabilidades CVE

Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.

Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.

Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used ...

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious age...

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service ...

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to exe...

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.

Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenti...

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.S...

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to ex...

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "...

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated atta...

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority Syst...

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if th...

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbi...

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.9.2 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Paytm Payment Donation plugin <= 2.2.0 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silvia Pfeiffer and Andrew Nimmo External Videos plugin <= 2.0.1 versions.

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information...

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated L...

The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site ...

A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by...

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulti...

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur...

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to M...

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to imprope...