Total
31148 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48356 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | 7.5 High |
| The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition. | ||||
| CVE-2022-48347 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | 7.5 High |
| The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2022-48346 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | 7.5 High |
| The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2022-46415 | 1 Dji | 2 Spark, Spark Firmware | 2025-02-19 | 9.1 Critical |
| DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets. | ||||
| CVE-2022-46387 | 2 Cmder, Maximus5 | 2 Cmder, Conemu | 2025-02-19 | 9.8 Critical |
| ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands. | ||||
| CVE-2022-24972 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2025-02-19 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911. | ||||
| CVE-2023-24366 | 1 Rconfig | 1 Rconfig | 2025-02-19 | 6.5 Medium |
| An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request. | ||||
| CVE-2019-8963 | 1 Flexera | 1 Flexnet Publisher | 2025-02-19 | 7.5 High |
| A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool. | ||||
| CVE-2024-9946 | 1 Heateor | 1 Super Socializer | 2025-02-19 | 8.1 High |
| The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68. | ||||
| CVE-2024-10114 | 2 Wpweb, Wpwebelite | 2 Woocommerce Social Login, Woocommerce - Social Login | 2025-02-19 | 8.1 High |
| The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | ||||
| CVE-2024-10020 | 1 Heateor | 1 Social Login | 2025-02-19 | 8.1 High |
| The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. | ||||
| CVE-2024-10097 | 1 Loginizer | 1 Loginizer | 2025-02-19 | 8.1 High |
| The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | ||||
| CVE-2022-48359 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | 7.5 High |
| The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2022-48357 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | 7.5 High |
| Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel. | ||||
| CVE-2022-47924 | 1 Csaf-validator-lib Project | 1 Csaf-validator-lib | 2025-02-19 | 6.5 Medium |
| An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation. | ||||
| CVE-2023-28597 | 2 Microsoft, Zoom | 4 Windows, Rooms, Virtual Desktop Infrastructure and 1 more | 2025-02-19 | 8.3 High |
| Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution. | ||||
| CVE-2023-26549 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | 7.5 High |
| The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-25261 | 1 Stimulsoft | 2 Designer, Viewer | 2025-02-19 | 9.8 Critical |
| Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report. | ||||
| CVE-2020-8889 | 1 Shipstation | 1 Shipstation | 2025-02-19 | 7.5 High |
| The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL. | ||||
| CVE-2024-21685 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2025-02-19 | 6.5 Medium |
| This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally. | ||||