| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17. |
| Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. |
| QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. |
| LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module. |
| LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor. |
| LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. |
| EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php. |
| ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. |
| Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. |
| Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. |
| iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. |
| Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages |
| The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. |
| File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code. |
| An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. |
| A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0. |
| An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. |
| An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. |
| A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9. |
| A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 versions earlier than 9.1.2. |
