See a list of the latest CVEs we send weekly to subscribers.
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php.
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
mitsubishi:melsec_iq-r_r32_pcpu_firmware mitsubishi:melsec_q172dcpu-s1_firmware mitsubishi:melsec_q13udvcpu_firmware mitsubishi:melsec_iq-r_r32_mtcpu_firmware mitsubishi:melsec_iq-r_r64_mtcpu_firmware mitsubishi:melsec_iq-r_r120_pcpu_firmware mitsubishi:melsec_l26cpu-\(p\)bt_firmware mitsubishi:melsec_l02cpu\(-p\)_firmware mitsubishi:melsec_q06udecpu_firmware mitsubishi:melsec_iq-r_r04_pcpu_firmware mitsubishi:melsec_q24dhccpu-v\(g\)_firmware mitsubishi:melsec_iq-r_r16_cpu_firmware mitsubishi:melsec_q04udpvcpu_firmware mitsubishi:melsec_q170mscpu\(-s1\)_firmware mitsubishi:melsec_q10udecpu_firmware mitsubishi:melsec_l26cpu\(-p\)_firmware mitsubishi:melsec_q26udecpu_firmware mitsubishi:melsec_iq-r_r16_mtcpu_firmware mitsubishi:melsec_q06udvcpu_firmware mitsubishi:melsec_l06cpu\(-p\)_firmware mitsubishi:melsec_q03udecpu_firmware mitsubishi:melsec_q13udecpu_firmware mitsubishi:melsec_iq-r_r04_cpu_firmware mitsubishi:melsec_iq-r_r08_cpu_firmware mitsubishi:melsec_iq-r_r16_pcpu_firmware mitsubishi:melsec_q50udecpu_firmware mitsubishi:melsec_mr-mq100_firmware mitsubishi:melsec_q173dscpu_firmware mitsubishi:melsec_iq-r_r02_cpu_firmware mitsubishi:melsec_iq-r_r01_cpu_firmware mitsubishi:melsec_iq-r_r08_sfcpu_firmware mitsubishi:melsec_q12dccpu-v_firmware mitsubishi:melsec_q04udvcpu_firmware mitsubishi:melsec_iq-r_r120_sfcpu_firmware mitsubishi:melsec_iq-r_r120_cpu_firmware mitsubishi:melsec_iq-r_r16_sfcpu_firmware mitsubishi:melsec_q20udecpu_firmware mitsubishi:melsec_q26udvcpu_firmware mitsubishi:melsec_q24dhccpu-ls_firmware mitsubishi:melsec_q13udpvcpu_firmware mitsubishi:melsec_iq-r_r00_cpu_firmware mitsubishi:melsec_q04udecpu_firmware mitsubishi:melsec_q173dcpu-s1_firmware mitsubishi:melsec_iq-r_r08_pcpu_firmware mitsubishi:melsec_iq-r_r12_ccpu-v_firmware mitsubishi:melsec_q26dhccpu-ls_firmware mitsubishi:melsec_q170mcpu_firmware mitsubishi:melsec_q03udvcpu_firmware mitsubishi:melsec_q172dscpu_firmware mitsubishi:melipc_mi5122-vw_firmware mitsubishi:melsec_iq-r_r32_sfcpu_firmware mitsubishi:melsec_q06udpvcpu_firmware mitsubishi:melsec_iq-r_r32_cpu_firmware mitsubishi:melsec_q26udpvcpu_firmware mitsubishi:melsec_q100udecpu_firmware
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.
sophos:exploit_prevention sophos:intercept_x_endpoint sophos:intercept_x_for_server
Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
zoom:vdi_azure_virtual_desktop zoom:android_meeting_sdk zoom:controllers_for_zoom_rooms zoom:vdi_windows_meeting_client zoom:iphone_os_meeting_sdk zoom:rooms_for_conference_rooms zoom:android_video_sdk zoom:meetings_for_intune zoom:macos_video_sdk zoom:iphone_os_video_sdk zoom:windows_meeting_sdk zoom:windows_video_sdk zoom:virtual_desktop_infrastructure zoom:zoom_on-premise_recording_connector zoom:zoom_on-premise_virtual_room_connector zoom:vdi_citrix zoom:zoom_on-premise_virtual_room_connector_load_balancer zoom:zoom_on-premise_meeting_connector_mmr zoom:zoom_on-premise_meeting_connector_controller zoom:meetings_for_chrome_os zoom:meetings zoom:vdi_vmware zoom:macos_meeting_sdk zoom:meetings_for_blackberry zoom:hybrid_mmr zoom:hybrid_zproxy
Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU All versions, MELSEC iQ-R Series R16/32/64MTCPU All versions, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU All versions, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU All versions, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V All versions, MELSEC Q Series Q24DHCCPU-V(G) All versions, MELSEC Q Series Q24/26DHCCPU-LS All versions, MELSEC Q Series MR-MQ100 All versions, MELSEC Q Series Q172/173DCPU-S1 All versions, MELSEC Q Series Q172/172DSCPU All versions, MELSEC Q Series Q170MCPU All versions, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) All versions, MELSEC L Series L26CPU-(P)BT All versions and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
mitsubishi:melsec_iq-r_r32_pcpu_firmware mitsubishi:melsec_q172dcpu-s1_firmware mitsubishi:melsec_q13udvcpu_firmware mitsubishi:melsec_iq-r_r32_mtcpu_firmware mitsubishi:melsec_iq-r_r64_mtcpu_firmware mitsubishi:melsec_iq-r_r120_pcpu_firmware mitsubishi:melsec_l26cpu-\(p\)bt_firmware mitsubishi:melsec_l02cpu\(-p\)_firmware mitsubishi:melsec_q06udecpu_firmware mitsubishi:melsec_iq-r_r04_pcpu_firmware mitsubishi:melsec_q24dhccpu-v\(g\)_firmware mitsubishi:melsec_iq-r_r16_cpu_firmware mitsubishi:melsec_q04udpvcpu_firmware mitsubishi:melsec_q170mscpu\(-s1\)_firmware mitsubishi:melsec_q10udecpu_firmware mitsubishi:melsec_l26cpu\(-p\)_firmware mitsubishi:melsec_q26udecpu_firmware mitsubishi:melsec_iq-r_r16_mtcpu_firmware mitsubishi:melsec_q06udvcpu_firmware mitsubishi:melsec_l06cpu\(-p\)_firmware mitsubishi:melsec_q03udecpu_firmware mitsubishi:melsec_q13udecpu_firmware mitsubishi:melsec_iq-r_r04_cpu_firmware mitsubishi:melsec_iq-r_r08_cpu_firmware mitsubishi:melsec_iq-r_r16_pcpu_firmware mitsubishi:melsec_q50udecpu_firmware mitsubishi:melsec_mr-mq100_firmware mitsubishi:melsec_q173dscpu_firmware mitsubishi:melsec_iq-r_r02_cpu_firmware mitsubishi:melsec_iq-r_r01_cpu_firmware mitsubishi:melsec_iq-r_r08_sfcpu_firmware mitsubishi:melsec_q12dccpu-v_firmware mitsubishi:melsec_q04udvcpu_firmware mitsubishi:melsec_iq-r_r120_sfcpu_firmware mitsubishi:melsec_iq-r_r120_cpu_firmware mitsubishi:melsec_iq-r_r16_sfcpu_firmware mitsubishi:melsec_q20udecpu_firmware mitsubishi:melsec_q26udvcpu_firmware mitsubishi:melsec_q24dhccpu-ls_firmware mitsubishi:melsec_q13udpvcpu_firmware mitsubishi:melsec_iq-r_r00_cpu_firmware mitsubishi:melsec_q04udecpu_firmware mitsubishi:melsec_q173dcpu-s1_firmware mitsubishi:melsec_iq-r_r08_pcpu_firmware mitsubishi:melsec_iq-r_r12_ccpu-v_firmware mitsubishi:melsec_q26dhccpu-ls_firmware mitsubishi:melsec_q170mcpu_firmware mitsubishi:melsec_q03udvcpu_firmware mitsubishi:melsec_q172dscpu_firmware mitsubishi:melipc_mi5122-vw_firmware mitsubishi:melsec_iq-r_r32_sfcpu_firmware mitsubishi:melsec_q06udpvcpu_firmware mitsubishi:melsec_iq-r_r32_cpu_firmware mitsubishi:melsec_q26udpvcpu_firmware mitsubishi:melsec_q100udecpu_firmware
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ - meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible.
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history.
thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST'].
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely (RCE).
An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key.
An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges.
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.
nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t'].
pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash'].
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit function will be print for the user exit(json_encode($return)).
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible.
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
employee_record_management_system_project:employee_record_management_system
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).
SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name'].
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection