See a list of the latest CVEs we send weekly to subscribers.
Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover.
The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
qualcomm:qca6310_firmware qualcomm:sdm630_firmware qualcomm:sd_636_firmware qualcomm:wcd9340_firmware qualcomm:sa6155p_firmware qualcomm:apq8096au_firmware qualcomm:csra6620_firmware qualcomm:apq8053_firmware qualcomm:ar8031_firmware qualcomm:qca6390_firmware qualcomm:sa8155p_firmware qualcomm:sdw2500_firmware qualcomm:qca4020_firmware qualcomm:wcn3999_firmware qualcomm:qcs605_firmware qualcomm:sa8155_firmware qualcomm:sd450_firmware qualcomm:sd710_firmware qualcomm:qca6320_firmware qualcomm:qcs405_firmware qualcomm:wcn3980_firmware qualcomm:wcn3610_firmware qualcomm:qca9379_firmware qualcomm:apq8064au_firmware qualcomm:wcn3990_firmware qualcomm:wcn3615_firmware qualcomm:qualcomm215_firmware qualcomm:aqt1000_firmware qualcomm:sd632_firmware qualcomm:wsa8810_firmware qualcomm:sd439_firmware qualcomm:msm8909w_firmware qualcomm:apq8009_firmware qualcomm:sd845_firmware qualcomm:sdx55_firmware qualcomm:wsa8815_firmware qualcomm:sa6155_firmware qualcomm:mdm9650_firmware qualcomm:wcn3680_firmware qualcomm:apq8009w_firmware qualcomm:wcd9330_firmware qualcomm:wcn3680b_firmware qualcomm:sdx20_firmware qualcomm:qca6574au_firmware qualcomm:qca6696_firmware qualcomm:apq8017_firmware qualcomm:sd429_firmware qualcomm:sd660_firmware qualcomm:qca6564au_firmware qualcomm:sdm830_firmware qualcomm:qca9367_firmware qualcomm:mdm9250_firmware qualcomm:qca6174a_firmware qualcomm:qca9377_firmware qualcomm:qca6430_firmware qualcomm:wcn3660_firmware qualcomm:wcd9375_firmware qualcomm:qca6574a_firmware qualcomm:qca6595_firmware qualcomm:wcd9341_firmware qualcomm:whs9410_firmware qualcomm:wcd9335_firmware qualcomm:wcn3660b_firmware qualcomm:sdx20m_firmware qualcomm:sd_8cx_firmware qualcomm:wcd9326_firmware qualcomm:sd835_firmware qualcomm:qca6335_firmware qualcomm:wcd9360_firmware qualcomm:qca6595au_firmware qualcomm:sd670_firmware qualcomm:wcn3950_firmware qualcomm:wcn3998_firmware qualcomm:wcd9370_firmware qualcomm:msm8953_firmware qualcomm:msm8996au_firmware qualcomm:qca6564a_firmware qualcomm:sd712_firmware qualcomm:wcn3620_firmware qualcomm:qca6175a_firmware qualcomm:qca6420_firmware qualcomm:csra6640_firmware qualcomm:qcs603_firmware qualcomm:sd855_firmware qualcomm:sdx50m_firmware qualcomm:mdm9206_firmware qualcomm:sd_455_firmware qualcomm:sdx55m_firmware qualcomm:sd675_firmware qualcomm:qca6574_firmware
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.
bosch:cpp7_firmware bosch:cpp4_firmware bosch:cpp13_firmware bosch:cpp6_firmware bosch:cpp7.3_firmware
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
bosch:cpp7_firmware bosch:cpp4_firmware bosch:cpp13_firmware bosch:cpp6_firmware bosch:cpp7.3_firmware
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control"
Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access.
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.
Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
qualcomm:wcd9340_firmware qualcomm:sa6155p_firmware qualcomm:sd870_firmware qualcomm:sd662_firmware qualcomm:sdxr2_5g_firmware qualcomm:wcn3910_firmware qualcomm:qca6390_firmware qualcomm:qcs610_firmware qualcomm:wcn3999_firmware qualcomm:sd865_5g_firmware qualcomm:sd678_firmware qualcomm:qcs405_firmware qualcomm:sd768g_firmware qualcomm:sd7c_firmware qualcomm:sd_675_firmware qualcomm:sd460_firmware qualcomm:wsa8830_firmware qualcomm:wcn3990_firmware qualcomm:wcd9371_firmware qualcomm:sd778g_firmware qualcomm:sm7325p_firmware qualcomm:wcn6750_firmware qualcomm:wsa8835_firmware qualcomm:aqt1000_firmware qualcomm:wsa8815_firmware qualcomm:wsa8810_firmware qualcomm:sdx55_firmware qualcomm:wcn6855_firmware qualcomm:sd750g_firmware qualcomm:sd888_5g_firmware qualcomm:qcs2290_firmware qualcomm:sm6250p_firmware qualcomm:sm7250p_firmware qualcomm:qca6574au_firmware qualcomm:qcs410_firmware qualcomm:sd_8c_firmware qualcomm:qca6421_firmware qualcomm:qca6391_firmware qualcomm:qca6426_firmware qualcomm:sdm830_firmware qualcomm:sm6250_firmware qualcomm:wcn6850_firmware qualcomm:qca6430_firmware qualcomm:sd765g_firmware qualcomm:wcd9375_firmware qualcomm:sd888_firmware qualcomm:sa8195p_firmware qualcomm:qca6595_firmware qualcomm:wcd9341_firmware qualcomm:whs9410_firmware qualcomm:sd690_5g_firmware qualcomm:wcd9380_firmware qualcomm:qcm4290_firmware qualcomm:qca6431_firmware qualcomm:sd730_firmware qualcomm:sdx24_firmware qualcomm:wcd9385_firmware qualcomm:sd_8cx_firmware qualcomm:wcn6856_firmware qualcomm:qsm8250_firmware qualcomm:sd765_firmware qualcomm:qca6436_firmware qualcomm:qca9984_firmware qualcomm:wcd9360_firmware qualcomm:wcn3998_firmware qualcomm:qcm2290_firmware qualcomm:wcn3950_firmware qualcomm:wcn6851_firmware qualcomm:wcd9370_firmware qualcomm:qcs4290_firmware qualcomm:ar8035_firmware qualcomm:wcn3991_firmware qualcomm:sm4125_firmware qualcomm:sd480_firmware qualcomm:qca6420_firmware qualcomm:sd720g_firmware qualcomm:sd855_firmware qualcomm:wcn3988_firmware qualcomm:sdx55m_firmware qualcomm:qsm8350_firmware qualcomm:sd675_firmware qualcomm:wcn3980_firmware
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.
Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
qualcomm:qcn5121_firmware qualcomm:ar9380_firmware qualcomm:qca2065_firmware qualcomm:ipq8078a_firmware qualcomm:wcd9385_firmware qualcomm:wcn6745_firmware qualcomm:qca1064_firmware qualcomm:qsm8350_firmware qualcomm:ipq6000_firmware qualcomm:sm7250p_firmware qualcomm:qca4024_firmware qualcomm:csrb31024_firmware qualcomm:sd690_5g_firmware qualcomm:sdxr1_firmware qualcomm:wsa8815_firmware qualcomm:qca8337_firmware qualcomm:qcn5021_firmware qualcomm:sd480_firmware qualcomm:qca9980_firmware qualcomm:sd_675_firmware qualcomm:wcn3980_firmware qualcomm:wcn3988_firmware qualcomm:wcn6856_firmware qualcomm:qca6310_firmware qualcomm:sd765g_firmware qualcomm:sdm830_firmware qualcomm:qcn5550_firmware qualcomm:qca6335_firmware qualcomm:qca6390_firmware qualcomm:sa6155_firmware qualcomm:sdx55_firmware qualcomm:pmp8074_firmware qualcomm:qcs410_firmware qualcomm:qca1062_firmware qualcomm:sc8180x\+sdx55_firmware qualcomm:qca6595au_firmware qualcomm:qca6574a_firmware qualcomm:ipq8173_firmware qualcomm:qcn6024_firmware qualcomm:wcn6855_firmware qualcomm:qca6421_firmware qualcomm:ipq4028_firmware qualcomm:qca8072_firmware qualcomm:sa415m_firmware qualcomm:ipq8071_firmware qualcomm:qca2062_firmware qualcomm:sa8195p_firmware qualcomm:wsa8830_firmware qualcomm:ipq8072a_firmware qualcomm:qca6436_firmware qualcomm:sd855_firmware qualcomm:sd768g_firmware qualcomm:qca6175a_firmware qualcomm:sd_8c_firmware qualcomm:sdx55m_firmware qualcomm:ipq8064_firmware qualcomm:qcs405_firmware qualcomm:wcn3910_firmware qualcomm:qca6574_firmware qualcomm:sd670_firmware qualcomm:sd730_firmware qualcomm:sa6150p_firmware qualcomm:qcn5024_firmware qualcomm:sm7325p_firmware qualcomm:qcs610_firmware qualcomm:qca6430_firmware qualcomm:sd662_firmware qualcomm:ipq5010_firmware qualcomm:sd750g_firmware qualcomm:qca6420_firmware qualcomm:wcn3991_firmware qualcomm:sd_8cx_firmware qualcomm:sm4125_firmware qualcomm:sd865_5g_firmware qualcomm:wcd9340_firmware qualcomm:qcn9022_firmware qualcomm:qca8081_firmware qualcomm:qcn9074_firmware qualcomm:ipq5018_firmware qualcomm:qcs605_firmware qualcomm:sdx50m_firmware qualcomm:ipq8074a_firmware qualcomm:qcn5122_firmware qualcomm:sdm630_firmware qualcomm:qca6595_firmware qualcomm:sd888_5g_firmware qualcomm:qcn5154_firmware qualcomm:wcd9326_firmware qualcomm:wcn6851_firmware qualcomm:sd720g_firmware qualcomm:qca9888_firmware qualcomm:sm6250_firmware qualcomm:qcn6023_firmware qualcomm:qca6574au_firmware qualcomm:sdxr2_5g_firmware qualcomm:ipq6005_firmware qualcomm:aqt1000_firmware qualcomm:sm6250p_firmware qualcomm:sd660_firmware qualcomm:qca9984_firmware qualcomm:wcn6850_firmware qualcomm:whs9410_firmware qualcomm:ipq8076_firmware qualcomm:qca9898_firmware qualcomm:sa515m_firmware qualcomm:wsa8810_firmware qualcomm:wcd9335_firmware qualcomm:qca9992_firmware qualcomm:wcd9380_firmware qualcomm:ipq8076a_firmware qualcomm:qca9994_firmware qualcomm:ipq8074_firmware qualcomm:qcn9000_firmware qualcomm:sd765_firmware qualcomm:ipq8069_firmware qualcomm:qca6431_firmware qualcomm:ipq8070a_firmware qualcomm:wcn3998_firmware qualcomm:wcn6750_firmware qualcomm:sd_455_firmware qualcomm:qcs6125_firmware qualcomm:wcd9375_firmware qualcomm:sa8145p_firmware qualcomm:qcn5052_firmware qualcomm:sd_636_firmware qualcomm:sd778g_firmware qualcomm:qcn5164_firmware qualcomm:wcd9341_firmware qualcomm:sa6145p_firmware qualcomm:sa6155p_firmware qualcomm:qca8075_firmware qualcomm:csra6640_firmware qualcomm:qca6438_firmware qualcomm:qcn9012_firmware qualcomm:wcn3950_firmware qualcomm:qcn5064_firmware qualcomm:sd845_firmware qualcomm:ipq8174_firmware qualcomm:sd870_firmware qualcomm:sa8155_firmware qualcomm:qca6584au_firmware qualcomm:ar8035_firmware qualcomm:sa8155p_firmware qualcomm:wcn3990_firmware qualcomm:ipq6018_firmware qualcomm:ipq8071a_firmware qualcomm:ar8031_firmware qualcomm:qca2064_firmware qualcomm:wcd9371_firmware qualcomm:qcn5152_firmware qualcomm:sd665_firmware qualcomm:qca6428_firmware qualcomm:sa8150p_firmware qualcomm:qca2066_firmware qualcomm:qca6564a_firmware qualcomm:sd678_firmware qualcomm:qcn5054_firmware qualcomm:qca6564au_firmware qualcomm:qcn5124_firmware qualcomm:qca6426_firmware qualcomm:qca6696_firmware qualcomm:qcn9100_firmware qualcomm:ipq8072_firmware qualcomm:qca9889_firmware qualcomm:qcn9072_firmware qualcomm:qcm6125_firmware qualcomm:csr8811_firmware qualcomm:wsa8835_firmware qualcomm:ipq6028_firmware qualcomm:sd710_firmware qualcomm:qca9990_firmware qualcomm:ipq6010_firmware qualcomm:ipq8078_firmware qualcomm:qca6391_firmware qualcomm:qcn9070_firmware qualcomm:qcn5022_firmware qualcomm:wcd9360_firmware qualcomm:ipq8070_firmware qualcomm:ipq4018_firmware qualcomm:sd460_firmware qualcomm:wcd9370_firmware qualcomm:wcn3999_firmware qualcomm:ipq4029_firmware qualcomm:qcn9024_firmware qualcomm:csra6620_firmware qualcomm:sd675_firmware
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
redhat:openstack-rdo fedoraproject:fedora redhat:ansible_automation_platform redhat:enterprise_linux redhat:ansible_tower redhat:ansible_engine
SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.
bosch:cpp6_firmware bosch:cpp13_firmware bosch:cpp7_firmware bosch:cpp7.3_firmware
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.
Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
intel:realsense_id_f450_firmware intel:realsense_id_f455_firmware
Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
intel:realsense_id_f450_firmware intel:realsense_id_f455_firmware
Improper input validation in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.
Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.
Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.
A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.
Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.