| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account. |
| The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks |
| The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
| In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel. |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. |
| In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. |
| A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. |
| A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. |
| Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml. |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. |
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. |
| Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter. |
