الصفحة الرئيسية
Our Services
Free resources
- Privacy Research
  تتردد في استخدام البحوث خصوصية البيانات
  Key Capabilities
  أحدث خصوصية تتبع الأخبار
  إصدارات المنتجات
  أحدث خصوصية تتبع الأخبار
  تتبع آخر الأخبار والمخالفات والغرامات
  دلائل الميزات
  يقيس كل المخالفات والغرامات
  الرأي الصناعة
  عرض بطريقة مخالفة
  عرض حسب الموضوع الخصوصية
  وصلات إلى المواد الأصلية
  تتردد في استخدام
  
  يتعلم أكثر »
  أحدث التهديد الاستخبارات
  إصدارات المنتجات
  أحدث التهديد الاستخبارات
  تتبع الضعف المشتركة التعرض (CVEs)
  دلائل الميزات
  يقيس كل نقاط الضعف
  عرض من قبل شركة
  عرض بطريقة مخالفة
  وصلات إلى NVD
  تتردد في استخدام
  
  يتعلم أكثر »
  النمذجة الخرق والعائد على الاستثمار حاسبة
  إصدارات المنتجات
  النمذجة الخرق والعائد على الاستثمار حاسبة
  نموذج ما من شأنه أن تبدو مخالفة مثل لك في مجال عملك واستخدام هذا لحساب العائد على الاستثمار
  دلائل الميزات
  نموذج خرقك
  تقييم شدة
  والمقارنة بينها حسب الصناعة
  تكاليف انهيار
  تصدير إلى خطة عملك
  تتردد في استخدام
  
  يتعلم أكثر »
Privacy news
Company

Threat Intelligence

Proteus® NextGen Data Privacy™ users can receive automated alerts using this data by linking it to their ITIL CMDB (IT asset register)

2026

CVE-2026-26235 (v3: 7.5) ١٢‏/٠٢‏/٢٠٢٦

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.

CVE-2026-26234 (v3: 8.8) ١٢‏/٠٢‏/٢٠٢٦

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

CVE-2026-1537 (v3: 5.3) ١٢‏/٠٢‏/٢٠٢٦

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_step() function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to view booking information including customer names, email addresses, phone numbers, appointment times, and service details.

CVE-2026-23857 (v3: 8.2) ١٢‏/٠٢‏/٢٠٢٦

Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVE-2026-23856 (v3: 7.8) ١٢‏/٠٢‏/٢٠٢٦

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVE-2026-0969 (v3: 8.8) ١٢‏/٠٢‏/٢٠٢٦

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.

CVE-2026-1729 (v3: 9.8) ١٢‏/٠٢‏/٢٠٢٦

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

CVE-2026-26215 ١١‏/٠٢‏/٢٠٢٦

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simple_execute/{method} and /execute/{method} deserialize attacker-controlled request bodies using pickle.loads() without validation. Although a nonce-based authorization check is intended to restrict access, the nonce defaults to an empty string and the check is skipped, allowing remote attackers to execute arbitrary code in the server context by sending a crafted pickle payload.

CVE-2026-20700 ١١‏/٠٢‏/٢٠٢٦

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

CVE-2026-20682 ١١‏/٠٢‏/٢٠٢٦

A logic issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker may be able to discover a user’s deleted notes.

CVE-2026-20681 ١١‏/٠٢‏/٢٠٢٦

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.

CVE-2026-20680 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.

CVE-2026-20678 ١١‏/٠٢‏/٢٠٢٦

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data.

CVE-2026-20677 ١١‏/٠٢‏/٢٠٢٦

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.

CVE-2026-20676 ١١‏/٠٢‏/٢٠٢٦

This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

CVE-2026-20675 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.

CVE-2026-20674 ١١‏/٠٢‏/٢٠٢٦

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.

CVE-2026-20673 ١١‏/٠٢‏/٢٠٢٦

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages” may not apply to all mail previews.

CVE-2026-20671 ١١‏/٠٢‏/٢٠٢٦

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to intercept network traffic.

CVE-2026-20669 ١١‏/٠٢‏/٢٠٢٦

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.

CVE-2026-20667 ١١‏/٠٢‏/٢٠٢٦

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.

CVE-2026-20666 ١١‏/٠٢‏/٢٠٢٦

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.

CVE-2026-20663 ١١‏/٠٢‏/٢٠٢٦

The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps.

CVE-2026-20662 ١١‏/٠٢‏/٢٠٢٦

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.

CVE-2026-20661 ١١‏/٠٢‏/٢٠٢٦

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.

CVE-2026-20660 ١١‏/٠٢‏/٢٠٢٦

A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files.

CVE-2026-20658 ١١‏/٠٢‏/٢٠٢٦

A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.

CVE-2026-20656 ١١‏/٠٢‏/٢٠٢٦

A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. An app may be able to access a user's Safari history.

CVE-2026-20655 ١١‏/٠٢‏/٢٠٢٦

CVE-2026-20654 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination.

CVE-2026-20653 ١١‏/٠٢‏/٢٠٢٦

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

CVE-2026-20652 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.

CVE-2026-20650 ١١‏/٠٢‏/٢٠٢٦

A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.

CVE-2026-20649 ١١‏/٠٢‏/٢٠٢٦

A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.3, iOS 26.3 and iPadOS 26.3, tvOS 26.3, macOS Tahoe 26.3. A user may be able to view sensitive user information.

CVE-2026-20648 ١١‏/٠٢‏/٢٠٢٦

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices.

CVE-2026-20647 ١١‏/٠٢‏/٢٠٢٦

This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.

CVE-2026-20646 ١١‏/٠٢‏/٢٠٢٦

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.

CVE-2026-20645 ١١‏/٠٢‏/٢٠٢٦

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.

CVE-2026-20644 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-20642 ١١‏/٠٢‏/٢٠٢٦

An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVE-2026-20641 ١١‏/٠٢‏/٢٠٢٦

A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to identify what other apps a user has installed.

CVE-2026-20640 ١١‏/٠٢‏/٢٠٢٦

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.

CVE-2026-20638 ١١‏/٠٢‏/٢٠٢٦

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.

CVE-2026-20636 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-20635 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2026-20634 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.

CVE-2026-20630 ١١‏/٠٢‏/٢٠٢٦

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.

CVE-2026-20629 ١١‏/٠٢‏/٢٠٢٦

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.

CVE-2026-20628 ١١‏/٠٢‏/٢٠٢٦

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.

CVE-2026-20627 ١١‏/٠٢‏/٢٠٢٦

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

2025

CVE-2025-67135 ١١‏/٠٢‏/٢٠٢٦

Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.

CVE-2025-64074 ١١‏/٠٢‏/٢٠٢٦

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value.

CVE-2025-46310 ١١‏/٠٢‏/٢٠٢٦

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files.

CVE-2025-46305 ١١‏/٠٢‏/٢٠٢٦

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

CVE-2025-46304 ١١‏/٠٢‏/٢٠٢٦

CVE-2025-46303 ١١‏/٠٢‏/٢٠٢٦

CVE-2025-46302 ١١‏/٠٢‏/٢٠٢٦

CVE-2025-46301 ١١‏/٠٢‏/٢٠٢٦

CVE-2025-46300 ١١‏/٠٢‏/٢٠٢٦

CVE-2025-46290 ١١‏/٠٢‏/٢٠٢٦

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service.

CVE-2025-43537 ١١‏/٠٢‏/٢٠٢٦

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files.

CVE-2025-43417 ١١‏/٠٢‏/٢٠٢٦

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data.

CVE-2025-43403 ١١‏/٠٢‏/٢٠٢٦

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.

CVE-2025-68663 ١١‏/٠٢‏/٢٠٢٦

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates after their account has been suspended. This vulnerability is fixed in 1.1.0.

CVE-2025-64487 (v3: 7.6) ١١‏/٠٢‏/٢٠٢٦

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.

CVE-2025-70297 ١١‏/٠٢‏/٢٠٢٦

A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser.

CVE-2025-70296 ١١‏/٠٢‏/٢٠٢٦

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

CVE-2025-69873 ١١‏/٠٢‏/٢٠٢٦

ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.

CVE-2025-69872 ١١‏/٠٢‏/٢٠٢٦

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

CVE-2025-69871 ١١‏/٠٢‏/٢٠٢٦

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage limits by sending concurrent checkout requests, resulting in unlimited redemptions of limited-use promotional codes and potential financial loss.

CVE-2025-70085 ١١‏/٠٢‏/٢٠٢٦

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checking and without using bounded format specifiers such as %.*s. If the filename length approaches OS_MAX_PATH_LEN (commonly 64-256 bytes), the combined formatted string together with constant text can exceed 256 bytes, resulting in a stack buffer overflow. Such unsafe sprintf calls are scattered across multiple functions in file.c, including FILE_ConcatenateCmd() and ConcatenateFiles(), all of which fail to validate the output length.

CVE-2025-70084 ١١‏/٠٢‏/٢٠٢٦

Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.

CVE-2025-70083 ١١‏/٠٢‏/٢٠٢٦

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.

CVE-2025-70029 ١١‏/٠٢‏/٢٠٢٦

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options

CVE-2025-69874 ١١‏/٠٢‏/٢٠٢٦

nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.

CVE-2025-65480 ١١‏/٠٢‏/٢٠٢٦

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.

CVE-2025-65128 ١١‏/٠٢‏/٢٠٢٦

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.

CVE-2025-65127 ١١‏/٠٢‏/٢٠٢٦

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.

CVE-2025-13391 (v3: 5.8) ١١‏/٠٢‏/٢٠٢٦

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and including, 4.9.60. This makes it possible for unauthenticated attackers to delete arbitrary attachments or files stored in Dropbox if the file path is known. The vulnerability was partially patched in version 4.9.60.

CVE-2025-64075 (v3: 10) ١١‏/٠٢‏/٢٠٢٦

A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.

CVE-2025-12474 ١١‏/٠٢‏/٢٠٢٦

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.

CVE-2025-61969 ١١‏/٠٢‏/٢٠٢٦

Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CVE-2025-52541 (v3: 7.3) ١١‏/٠٢‏/٢٠٢٦

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CVE-2025-48518 ١١‏/٠٢‏/٢٠٢٦

Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.

CVE-2025-48508 (v3: 6) ١١‏/٠٢‏/٢٠٢٦

Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service.

CVE-2025-48503 (v3: 7.8) ١١‏/٠٢‏/٢٠٢٦

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CVE-2025-12059 (v3: 9.8) ١١‏/٠٢‏/٢٠٢٦

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo j-Platform: from 3.29.6.4 through 13112025.

CVE-2025-8668 (v3: 9.4) ١١‏/٠٢‏/٢٠٢٦

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue affects Turboard: from 2025.07 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8025 (v3: 9.8) ١١‏/٠٢‏/٢٠٢٦

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-68406 ١١‏/٠٢‏/٢٠٢٦

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

CVE-2025-66278 ١١‏/٠٢‏/٢٠٢٦

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later

CVE-2025-66277 ١١‏/٠٢‏/٢٠٢٦

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later

CVE-2025-66274 ١١‏/٠٢‏/٢٠٢٦

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

CVE-2025-62856 ١١‏/٠٢‏/٢٠٢٦

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later

CVE-2025-62855 ١١‏/٠٢‏/٢٠٢٦

CVE-2025-62854 ١١‏/٠٢‏/٢٠٢٦

An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5190 and later

CVE-2025-62853 ١١‏/٠٢‏/٢٠٢٦

CVE-2025-59386 ١١‏/٠٢‏/٢٠٢٦

CVE-2025-58472 ١١‏/٠٢‏/٢٠٢٦

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later

CVE-2025-58471 ١١‏/٠٢‏/٢٠٢٦

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.2.0.1 ( 2025/12/21 ) and later

2024

CVE-2024-50619 ١١‏/٠٢‏/٢٠٢٦

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account information. A low-privileged authenticated user can elevate his or her system privileges by modifying the information of a user role that is disabled in the client.

CVE-2024-50617 ١١‏/٠٢‏/٢٠٢٦

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. (Retrieval is not intended without correct data access configured for documents.)

CVE-2024-50620 ١١‏/٠٢‏/٢٠٢٦

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading files on the document management page. Those executables can be executed if they are not stored in a shared directory or if the storage directory has executed permissions.

CVE-2024-50618 ١١‏/٠٢‏/٢٠٢٦

A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to allow login with internal accounts, an attacker can possibly obtain full authentication if the secret in a single-factor authentication scheme gets compromised.

CVE-2024-26480 ١١‏/٠٢‏/٢٠٢٦

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter.

CVE-2024-26479 ١١‏/٠٢‏/٢٠٢٦

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function.

CVE-2024-26478 ١١‏/٠٢‏/٢٠٢٦

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint.

CVE-2024-26477 ١١‏/٠٢‏/٢٠٢٦

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints.

CVE-2024-36324 (v3: 8.8) ١١‏/٠٢‏/٢٠٢٦

Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.

CVE-2024-36320 ١١‏/٠٢‏/٢٠٢٦

Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability

CVE-2024-36316 (v3: 5.5) ١١‏/٠٢‏/٢٠٢٦

The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service

CVE-2024-56808 ١١‏/٠٢‏/٢٠٢٦

A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later

CVE-2024-56807 ١١‏/٠٢‏/٢٠٢٦

An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later

CVE-2024-36355 ١٠‏/٠٢‏/٢٠٢٦

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

CVE-2024-36311 ١٠‏/٠٢‏/٢٠٢٦

A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability.

CVE-2024-36310 ١٠‏/٠٢‏/٢٠٢٦

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.

CVE-2024-21953 ١٠‏/٠٢‏/٢٠٢٦

Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.

CVE-2024-36355 ١٠‏/٠٢‏/٢٠٢٦

CVE-2024-36311 ١٠‏/٠٢‏/٢٠٢٦

CVE-2024-36310 ١٠‏/٠٢‏/٢٠٢٦

CVE-2024-21953 ١٠‏/٠٢‏/٢٠٢٦

Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.

CVE-2024-54192 (v3: 5) ١٠‏/٠٢‏/٢٠٢٦

An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.

CVE-2024-54192 (v3: 5) ١٠‏/٠٢‏/٢٠٢٦

An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.

CVE-2024-52334 (v3: 5.3) ١٠‏/٠٢‏/٢٠٢٦

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the original passwords and might gain unauthorized access.

CVE-2024-52334 (v3: 5.3) ١٠‏/٠٢‏/٢٠٢٦

CVE-2024-51451 (v3: 6.5) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

CVE-2024-43181 (v3: 6.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-40685 (v3: 4.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.

CVE-2024-51451 (v3: 6.5) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-43181 (v3: 6.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-40685 (v3: 4.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-51451 (v3: 6.5) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-43181 (v3: 6.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-40685 (v3: 4.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-51451 (v3: 6.5) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-43181 (v3: 6.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-40685 (v3: 4.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-51451 (v3: 6.5) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-43181 (v3: 6.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-40685 (v3: 4.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-51451 (v3: 6.5) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-43181 (v3: 6.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-40685 (v3: 4.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-51451 (v3: 6.5) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-43181 (v3: 6.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-40685 (v3: 4.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-51451 (v3: 6.5) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-43181 (v3: 6.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2024-40685 (v3: 4.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2024-39724 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.

2023

CVE-2023-31324 ١١‏/٠٢‏/٢٠٢٦

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.

CVE-2023-20548 ١١‏/٠٢‏/٢٠٢٦

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.

CVE-2023-20514 ١١‏/٠٢‏/٢٠٢٦

Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution

CVE-2023-6763 ٠٦‏/٠٢‏/٢٠٢٦

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-6763 ٠٦‏/٠٢‏/٢٠٢٦

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-6763 ٠٦‏/٠٢‏/٢٠٢٦

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-6763 ٠٦‏/٠٢‏/٢٠٢٦

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-6763 ٠٦‏/٠٢‏/٢٠٢٦

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-6763 ٠٦‏/٠٢‏/٢٠٢٦

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-38281 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

CVE-2023-38017 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-38281 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38017 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38281 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38017 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38281 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38017 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38281 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38017 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38281 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38017 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38281 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38017 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38281 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38017 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

CVE-2023-38010 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

CVE-2023-38010 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

CVE-2023-38010 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

CVE-2023-38010 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

CVE-2023-38010 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

CVE-2023-38010 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

CVE-2023-38010 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

CVE-2023-38010 (v3: 5.3) ٠٤‏/٠٢‏/٢٠٢٦

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

CVE-2023-54343 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading to session hijacking and application module manipulation.

CVE-2023-54343 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2023-37525 (v3: 5.3) ٢٨‏/٠١‏/٢٠٢٦

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.

CVE-2023-37525 (v3: 5.3) ٢٨‏/٠١‏/٢٠٢٦

CVE-2023-7335 ٢٢‏/٠١‏/٢٠٢٦

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC).

CVE-2023-7335 ٢٢‏/٠١‏/٢٠٢٦

2022

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50981 (v3: 9.8) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

CVE-2022-50980 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.

CVE-2022-50979 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

CVE-2022-50978 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

CVE-2022-50977 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

CVE-2022-50976 (v3: 7.7) ٠٢‏/٠٢‏/٢٠٢٦

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

CVE-2022-50979 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

CVE-2022-50978 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

CVE-2022-50977 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

CVE-2022-50976 (v3: 7.7) ٠٢‏/٠٢‏/٢٠٢٦

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

CVE-2022-50979 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

CVE-2022-50978 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

CVE-2022-50977 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

CVE-2022-50976 (v3: 7.7) ٠٢‏/٠٢‏/٢٠٢٦

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

CVE-2022-50979 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

CVE-2022-50978 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

CVE-2022-50977 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

CVE-2022-50976 (v3: 7.7) ٠٢‏/٠٢‏/٢٠٢٦

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

CVE-2022-50979 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

CVE-2022-50978 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

CVE-2022-50977 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

CVE-2022-50976 (v3: 7.7) ٠٢‏/٠٢‏/٢٠٢٦

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

CVE-2022-50979 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

CVE-2022-50978 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

CVE-2022-50977 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

CVE-2022-50976 (v3: 7.7) ٠٢‏/٠٢‏/٢٠٢٦

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

CVE-2022-50979 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

CVE-2022-50978 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

CVE-2022-50977 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

CVE-2022-50976 (v3: 7.7) ٠٢‏/٠٢‏/٢٠٢٦

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

CVE-2022-50979 (v3: 6.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).

CVE-2022-50978 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

CVE-2022-50977 (v3: 7.5) ٠٢‏/٠٢‏/٢٠٢٦

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

CVE-2022-50976 (v3: 7.7) ٠٢‏/٠٢‏/٢٠٢٦

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

2021

CVE-2021-26410 ١٠‏/٠٢‏/٢٠٢٦

Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.

CVE-2021-26410 ١٠‏/٠٢‏/٢٠٢٦

CVE-2021-26381 ١٠‏/٠٢‏/٢٠٢٦

Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.

CVE-2021-26381 ١٠‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthorized system paths.

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects.

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47918 (v3: 8.1) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47917 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47921 (v3: 6.5) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47920 (v3: 5.4) ٠١‏/٠٢‏/٢٠٢٦

CVE-2021-47919 (v3: 6.4) ٠١‏/٠٢‏/٢٠٢٦

2020

CVE-2020-37215 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'User Name and Registration Code' field to trigger an application crash.

CVE-2020-37214 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.

CVE-2020-37213 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.

CVE-2020-37212 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.

CVE-2020-37211 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.

CVE-2020-37210 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.

CVE-2020-37209 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.

CVE-2020-37208 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.

CVE-2020-37207 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.

CVE-2020-37206 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.

CVE-2020-37205 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.

CVE-2020-37204 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.

CVE-2020-37203 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash.

CVE-2020-37202 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.

CVE-2020-37201 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.

CVE-2020-37200 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.

CVE-2020-37199 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.

CVE-2020-37198 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application crash.

CVE-2020-37197 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.

CVE-2020-37196 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.

CVE-2020-37195 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.

CVE-2020-37194 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash.

CVE-2020-37193 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file.

CVE-2020-37192 (v3: 6.2) ١١‏/٠٢‏/٢٠٢٦

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.

CVE-2020-37191 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code input fields.

CVE-2020-37190 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields.

CVE-2020-37189 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.

CVE-2020-37188 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.

CVE-2020-37187 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.

CVE-2020-37186 (v3: 9.8) ١١‏/٠٢‏/٢٠٢٦

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a crafted POST request.

CVE-2020-37185 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.

CVE-2020-37184 (v3: 9.8) ١١‏/٠٢‏/٢٠٢٦

Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.

CVE-2020-37183 (v3: 9.8) ١١‏/٠٢‏/٢٠٢٦

Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.

CVE-2020-37182 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.

CVE-2020-37181 (v3: 9.8) ١١‏/٠٢‏/٢٠٢٦

Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.

CVE-2020-37180 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.

CVE-2020-37179 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.

CVE-2020-37178 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.

CVE-2020-37177 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.

CVE-2020-37176 (v3: 9.8) ١١‏/٠٢‏/٢٠٢٦

Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open the calculator through carefully constructed buffer overflow techniques.

CVE-2020-37175 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.

CVE-2020-37173 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

CVE-2020-37172 (v3: 5.3) ١١‏/٠٢‏/٢٠٢٦

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

CVE-2020-37158 (v3: 5.3) ١١‏/٠٢‏/٢٠٢٦

CVE-2020-37156 (v3: 6.5) ١١‏/٠٢‏/٢٠٢٦

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.

CVE-2020-37153 (v3: 9.8) ١١‏/٠٢‏/٢٠٢٦

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.

CVE-2020-37104 (v3: 7.5) ١١‏/٠٢‏/٢٠٢٦

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.

CVE-2020-37171 (v3: 6.2) ٠٧‏/٠٢‏/٢٠٢٦

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.

CVE-2020-37170 (v3: 6.2) ٠٧‏/٠٢‏/٢٠٢٦

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.

CVE-2020-37166 (v3: 6.2) ٠٧‏/٠٢‏/٢٠٢٦

AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.

2019

CVE-2019-25313 (v3: 4) ١١‏/٠٢‏/٢٠٢٦

FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin account with a predefined password.

CVE-2019-25317 (v3: 6.4) ١١‏/٠٢‏/٢٠٢٦

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.

CVE-2019-25316 (v3: 6.4) ١١‏/٠٢‏/٢٠٢٦

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.

CVE-2019-25315 (v3: 6.4) ١١‏/٠٢‏/٢٠٢٦

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.

CVE-2019-25314 (v3: 6.4) ١١‏/٠٢‏/٢٠٢٦

Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.

CVE-2019-25312 (v3: 6.4) ١١‏/٠٢‏/٢٠٢٦

InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.

CVE-2019-25311 (v3: 6.4) ١١‏/٠٢‏/٢٠٢٦

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.

CVE-2019-25310 (v3: 7.8) ١١‏/٠٢‏/٢٠٢٦

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.

CVE-2019-25309 (v3: 7.8) ١١‏/٠٢‏/٢٠٢٦

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.

CVE-2019-25308 (v3: 7.8) ١١‏/٠٢‏/٢٠٢٦

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.

CVE-2019-25307 (v3: 7.8) ١١‏/٠٢‏/٢٠٢٦

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

CVE-2019-25306 (v3: 7.8) ١١‏/٠٢‏/٢٠٢٦

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.

CVE-2019-25305 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.

CVE-2019-25305 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25304 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute with system-level permissions during service startup.

CVE-2019-25303 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information by crafting malicious query payloads.

CVE-2019-25302 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup.

CVE-2019-25301 (v3: 6.4) ٠٦‏/٠٢‏/٢٠٢٦

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add_comment_sql.php to execute arbitrary scripts in victim browsers.

CVE-2019-25300 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information.

CVE-2019-25299 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or potentially interact with the underlying database.

CVE-2019-25304 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25303 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25302 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25301 (v3: 6.4) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25300 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25299 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25304 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25303 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25302 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25301 (v3: 6.4) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25300 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25299 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25304 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25303 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25302 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25301 (v3: 6.4) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25300 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25299 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25304 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25303 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25302 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25301 (v3: 6.4) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25300 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25299 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25304 (v3: 7.8) ٠٦‏/٠٢‏/٢٠٢٦

CVE-2019-25303 (v3: 7.1) ٠٦‏/٠٢‏/٢٠٢٦

2018

CVE-2018-25157 (v3: 6.4) ١١‏/٠٢‏/٢٠٢٦

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or redirecting users when the file is viewed.

CVE-2018-25132 (v3: 6.1) ٢٣‏/٠١‏/٢٠٢٦

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.

CVE-2018-25132 (v3: 6.1) ٢٣‏/٠١‏/٢٠٢٦

CVE-2018-25116 (v3: 6.1) ٢٣‏/٠١‏/٢٠٢٦

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.

CVE-2018-25116 (v3: 6.1) ٢٣‏/٠١‏/٢٠٢٦

CVE-2018-25156 (v3: 4.3) ٢٤‏/١٢‏/٢٠٢٥

Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.

CVE-2018-25155 (v3: 4.3) ٢٤‏/١٢‏/٢٠٢٥

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits the page.

CVE-2018-25156 (v3: 4.3) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25155 (v3: 4.3) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25146 (v3: 8.1) ٢٤‏/١٢‏/٢٠٢٥

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.

CVE-2018-25146 (v3: 8.1) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25149 (v3: 6.5) ٢٤‏/١٢‏/٢٠٢٥

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

CVE-2018-25147 (v3: 7.5) ٢٤‏/١٢‏/٢٠٢٥

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

CVE-2018-25146 (v3: 8.1) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25149 (v3: 6.5) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25147 (v3: 7.5) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25146 (v3: 6.5) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25144 (v3: 8.4) ٢٤‏/١٢‏/٢٠٢٥

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

CVE-2018-25144 (v3: 8.4) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25145 (v3: 6.5) ٢٤‏/١٢‏/٢٠٢٥

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.

CVE-2018-25144 (v3: 8.4) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25143 (v3: 8.8) ٢٤‏/١٢‏/٢٠٢٥

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.

CVE-2018-25145 (v3: 6.5) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25144 (v3: 5.5) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-25143 (v3: 8.8) ٢٤‏/١٢‏/٢٠٢٥

CVE-2018-9373 ٢٨‏/٠١‏/٢٠٢٥

In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9378 ٢٨‏/٠١‏/٢٠٢٥

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9387 ١٨‏/٠١‏/٢٠٢٥

In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9389 ١٨‏/٠١‏/٢٠٢٥

In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9401 ١٨‏/٠١‏/٢٠٢٥

In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9405 ١٨‏/٠١‏/٢٠٢٥

In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9406 ١٨‏/٠١‏/٢٠٢٥

In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9461 ١٨‏/٠١‏/٢٠٢٥

In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9464 ١٨‏/٠١‏/٢٠٢٥

In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9375 ١٧‏/٠١‏/٢٠٢٥

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9379 ١٧‏/٠١‏/٢٠٢٥

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9382 ١٧‏/٠١‏/٢٠٢٥

In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9383 ١٧‏/٠١‏/٢٠٢٥

In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9384 ١٧‏/٠١‏/٢٠٢٥

In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9434 ١٧‏/٠١‏/٢٠٢٥

In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

2017

CVE-2017-13317 ٢٨‏/٠١‏/٢٠٢٥

In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2017-13318 ٢٨‏/٠١‏/٢٠٢٥

In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2017-20196 (v3: 6.3) ٢٦‏/٠١‏/٢٠٢٥

A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2017-13322 ١٧‏/٠١‏/٢٠٢٥

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13308 ٠٥‏/١٢‏/٢٠٢٤

In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13320 ٢٧‏/١١‏/٢٠٢٤

In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2017-13321 ٢٧‏/١١‏/٢٠٢٤

In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13323 ٢٧‏/١١‏/٢٠٢٤

In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13316 ٢٧‏/١١‏/٢٠٢٤

In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13319 ٢٧‏/١١‏/٢٠٢٤

In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-18306 ٢٦‏/١١‏/٢٠٢٤

Information disclosure due to uninitialized variable.

CVE-2017-18307 ٢٦‏/١١‏/٢٠٢٤

Information disclosure possible while audio playback.

CVE-2017-11076 (v3: 9.8) ٢٦‏/١١‏/٢٠٢٤

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

CVE-2017-15832 (v3: 8.4) ٢٦‏/١١‏/٢٠٢٤

Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW

CVE-2017-17772 (v3: 9.8) ٢٦‏/١١‏/٢٠٢٤

In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.

CVE-2017-18153 (v3: 8.4) ٢٦‏/١١‏/٢٠٢٤

A race condition exists in a driver potentially leading to a use-after-free condition.

CVE-2017-9711 ٢٢‏/١١‏/٢٠٢٤

Certain unprivileged processes are able to perform IOCTL calls.

CVE-2017-13315 ١٩‏/١١‏/٢٠٢٤

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13310 ١٥‏/١١‏/٢٠٢٤

In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13311 ١٥‏/١١‏/٢٠٢٤

In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13312 ١٥‏/١١‏/٢٠٢٤

In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13313 ١٥‏/١١‏/٢٠٢٤

In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2017-13314 ١٥‏/١١‏/٢٠٢٤

In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13309 ١٥‏/١١‏/٢٠٢٤

In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13227 ١٤‏/١١‏/٢٠٢٤

In the autofill service, the package name that is provided by the app process is trusted inappropriately. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-20195 ٢٩‏/١٠‏/٢٠٢٤

A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 264813c546dba03989ac0fc365f2022bf65e3be2. It is recommended to apply a patch to fix this issue.

CVE-2017-20193 (v3: 4.7) ١٦‏/١٠‏/٢٠٢٤

The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2017-20194 (v3: 5.3) ١٦‏/١٠‏/٢٠٢٤

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

CVE-2017-20192 (v3: 8.3) ١٦‏/١٠‏/٢٠٢٤

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.

CVE-2017-3772 (v3: 5.5) ٣١‏/٠٧‏/٢٠٢٤

A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.

CVE-2017-3755 ٢٩‏/٠٧‏/٢٠٢٤

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2017-3766 ٢٩‏/٠٧‏/٢٠٢٤

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2017-3769 ٢٩‏/٠٧‏/٢٠٢٤

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2017-20191 ٣١‏/٠٣‏/٢٠٢٤

A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is bb240ce0c71c01caabaa43eed30c78ba8d7d3591. It is recommended to upgrade the affected component. The identifier VDB-258621 was assigned to this vulnerability.

CVE-2017-20190 ٢٧‏/٠٣‏/٢٠٢٤

Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability.

CVE-2017-20189 ٢٢‏/٠١‏/٢٠٢٤

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.

CVE-2017-20188 ٠٢‏/٠١‏/٢٠٢٤

A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB-249421 was assigned to this vulnerability.

CVE-2017-20187 ٠٥‏/١١‏/٢٠٢٣

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2017-7252 ٠٣‏/١١‏/٢٠٢٣

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.

CVE-2017-13893 ١٤‏/٠٩‏/٢٠٢٣