Show filters
72 topics marked with the following tags:
Displaying 1-10 of 72
Sort by:
Attacker Value
Unknown

CVE-2022-25064

Disclosure Date: February 25, 2022 (last updated October 07, 2023)
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
Attacker Value
Unknown

CVE-2023-33010

Disclosure Date: May 24, 2023 (last updated October 08, 2023)
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Attacker Value
Unknown

CVE-2022-24785

Disclosure Date: April 04, 2022 (last updated October 07, 2023)
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Attacker Value
Unknown

CVE-2023-32784

Disclosure Date: May 15, 2023 (last updated October 08, 2023)
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Attacker Value
Unknown

CVE-2022-24665

Disclosure Date: February 16, 2022 (last updated October 07, 2023)
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
Attacker Value
Unknown

CVE-2022-24663

Disclosure Date: February 16, 2022 (last updated October 07, 2023)
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.
Attacker Value
Unknown

CVE-2022-24664

Disclosure Date: February 16, 2022 (last updated October 07, 2023)
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.
Attacker Value
Unknown

CVE-2021-40684

Disclosure Date: September 22, 2021 (last updated October 07, 2023)
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
Attacker Value
Unknown

CVE-2021-3018

Disclosure Date: January 05, 2021 (last updated October 07, 2023)
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.
Attacker Value
Unknown

CVE-2022-22005

Disclosure Date: February 09, 2022 (last updated October 07, 2023)
Microsoft SharePoint Server Remote Code Execution Vulnerability