qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.
Max CVSS
5.3
EPSS Score
0.10%
Published
2022-02-28
Updated
2022-03-09
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.
Max CVSS
7.8
EPSS Score
0.10%
Published
2022-02-28
Updated
2022-03-09
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
Max CVSS
5.3
EPSS Score
0.60%
Published
2022-02-28
Updated
2022-03-07
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-08
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.
Max CVSS
5.3
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-08
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-08
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-08
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.
Max CVSS
7.2
EPSS Score
1.35%
Published
2022-02-26
Updated
2023-03-27
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-26
Updated
2022-03-07
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
Max CVSS
8.1
EPSS Score
0.17%
Published
2022-02-24
Updated
2022-03-08
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.
Max CVSS
9.8
EPSS Score
0.35%
Published
2022-02-24
Updated
2022-03-09
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
Max CVSS
9.8
EPSS Score
0.41%
Published
2022-02-24
Updated
2023-11-08
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.
Max CVSS
6.1
EPSS Score
0.30%
Published
2022-02-28
Updated
2022-03-08
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.
Max CVSS
7.5
EPSS Score
0.07%
Published
2022-02-24
Updated
2022-03-04
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
Max CVSS
6.5
EPSS Score
0.10%
Published
2022-02-24
Updated
2022-03-04
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-02-24
Updated
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-02-21
Updated
2022-03-01
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
Max CVSS
10.0
EPSS Score
0.23%
Published
2022-02-24
Updated
2022-03-03
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
Max CVSS
10.0
EPSS Score
0.23%
Published
2022-02-24
Updated
2022-03-03
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
Max CVSS
10.0
EPSS Score
0.23%
Published
2022-02-24
Updated
2022-03-03
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-08
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters.
Max CVSS
8.1
EPSS Score
0.07%
Published
2022-02-28
Updated
2022-03-08
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file.
Max CVSS
9.8
EPSS Score
0.47%
Published
2022-02-28
Updated
2022-03-08
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-08
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-08
1942 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!