Количество 312 573
Количество 312 573
GHSA-2qrr-fxgw-wwcx
Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36.
GHSA-2qrr-c2gh-pr35
Wikimedia information leak vulnerability
GHSA-2qrq-v847-3jwg
Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
GHSA-2qrq-mpmg-w3v6
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
GHSA-2qrq-m5fx-379q
Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA-2qrq-4qxf-6cfm
There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage.
GHSA-2qrp-v3mf-g36h
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.
GHSA-2qrm-xmpc-h7fp
FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting, e.g. via nmap.
GHSA-2qrm-vwv9-87jm
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0918.
GHSA-2qrm-3wph-84mx
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
GHSA-2qrm-36rr-ffj3
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
GHSA-2qrj-g9hq-chph
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
GHSA-2qrh-hw5v-7wp4
A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific set of attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic from explicitly defined peers only. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
GHSA-2qrh-gx2c-m6wj
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.
GHSA-2qrh-cw3v-jjq8
Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.
GHSA-2qrg-x229-3v8q
Deserialization of Untrusted Data in Log4j
GHSA-2qrg-pqh4-8gj9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7.
GHSA-2qrf-m8qr-6w35
In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704.
GHSA-2qrf-3j6q-5434
Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.
GHSA-2qrf-2xwp-4jc4
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2qrr-fxgw-wwcx Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36. | CVSS3: 5.4 | 0% Низкий | около 1 года назад | |
GHSA-2qrr-c2gh-pr35 Wikimedia information leak vulnerability | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-2qrq-v847-3jwg Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | CVSS3: 6.7 | 0% Низкий | больше 1 года назад | |
GHSA-2qrq-mpmg-w3v6 Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components. | CVSS3: 6.1 | 34% Средний | почти 2 года назад | |
GHSA-2qrq-m5fx-379q Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 0% Низкий | больше 3 лет назад | ||
GHSA-2qrq-4qxf-6cfm There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage. | 0% Низкий | около 4 лет назад | ||
GHSA-2qrp-v3mf-g36h Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201. | 14% Средний | больше 3 лет назад | ||
GHSA-2qrm-xmpc-h7fp FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting, e.g. via nmap. | 1% Низкий | почти 4 года назад | ||
GHSA-2qrm-vwv9-87jm An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0918. | 1% Низкий | больше 3 лет назад | ||
GHSA-2qrm-3wph-84mx MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | CVSS3: 7.5 | 0% Низкий | почти 4 года назад | |
GHSA-2qrm-36rr-ffj3 The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | CVSS3: 3.5 | 0% Низкий | 9 месяцев назад | |
GHSA-2qrj-g9hq-chph Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow | 0% Низкий | 9 месяцев назад | ||
GHSA-2qrh-hw5v-7wp4 A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific set of attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic from explicitly defined peers only. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | CVSS3: 5.9 | 1% Низкий | больше 3 лет назад | |
GHSA-2qrh-gx2c-m6wj An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes. | CVSS3: 6.7 | 0% Низкий | около 2 месяцев назад | |
GHSA-2qrh-cw3v-jjq8 Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0. | CVSS3: 4.3 | 0% Низкий | около 1 года назад | |
GHSA-2qrg-x229-3v8q Deserialization of Untrusted Data in Log4j | CVSS3: 9.8 | 48% Средний | около 6 лет назад | |
GHSA-2qrg-pqh4-8gj9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7. | CVSS3: 7.1 | 5% Низкий | почти 2 года назад | |
GHSA-2qrf-m8qr-6w35 In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704. | CVSS3: 6.7 | 0% Низкий | около 3 лет назад | |
GHSA-2qrf-3j6q-5434 Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding. | 7% Низкий | больше 3 лет назад | ||
GHSA-2qrf-2xwp-4jc4 In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу