| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allowsÂ
an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot.
This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914. |
| A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. Upgrading to version 3.5.6 will fix this issue. This patch is called 04f9feb24bfca23567706392f9ad2c53bbe4134e. You should upgrade the affected component. A successful exploitation can "only occur if the parent NodeJS application has the same security issue". |
| Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) |
| A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. |
| Memory corruption occurs when a secure application is launched on a device with insufficient memory. |
| Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. |
| Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. |
| Memory corruption when accessing resources in kernel driver. |
| Memory corruption while passing pages to DSP with an unaligned starting address. |
| Memory corruption while preprocessing IOCTLs in sensors. |
| Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. |
| Memory Corruption when multiple threads concurrently access and modify shared resources. |
| Memory corruption while processing identity credential operations in the trusted application. |
| Memory corruption while processing a secure logging command in the trusted application. |
| Cryptographic issue may occur while encrypting license data. |
| Memory corruption while handling sensor utility operations. |
| Memory corruption while processing a video session to set video parameters. |
| Memory corruption while deinitializing a HDCP session. |
| Memory corruption while accessing a synchronization object during concurrent operations. |
