| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity. |
| An unauthenticated
stack-based buffer overflow vulnerability exists in ssvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient bounds checking when processing RTSP custom authentication data. A
remote attacker may exploit this vulnerability by sending a crafted RTSP
request, resulting in memory corruption, denial of service, or potentially
arbitrary code execution. |
| Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. |
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. |
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions. |
| Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions. |
| An unauthenticated
stack-based buffer overflow vulnerability exists in thttpd in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient bounds checking when processing web request parameters in a
specific request path. A remote attacker may exploit this vulnerability by
sending a crafted HTTP request with overly long input, resulting in memory
corruption, denial of service, or potentially arbitrary code execution. |
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. |
| An unauthenticated
format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and
GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling
of externally controlled input during log message formatting in the login
processing path. A remote attacker may exploit this vulnerability by sending
crafted login data, potentially causing information disclosure, memory
corruption, or a denial of service. |
| Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions. |
| Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions. |
| Administrator SQL Injection in WP All Import <= 4.0.1 versions. |
| An unauthenticated
out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011
and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient
bounds checking when processing HTTP request body data. A remote attacker may
exploit this vulnerability by sending a crafted request with excessive input,
causing memory corruption and resulting in a denial of service. |
| Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. |
| Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. |
| Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. |
| Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions. |
| Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions. |
| Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions. |
