Vulnerabilities (CVE)

Total 21629 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6437 2024-03-28 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Turk Telekom TP-Link allows OS Command Injection.This issue affects TP-Link: through 2024.03.28.
CVE-2024-30228 2024-03-28 N/A 9.9 CRITICAL
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.
CVE-2024-2890 2024-03-28 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.
CVE-2024-29100 2024-03-28 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
CVE-2024-30226 2024-03-28 N/A 9.0 CRITICAL
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.
CVE-2024-30225 2024-03-28 N/A 10.0 CRITICAL
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.
CVE-2024-29241 2024-03-28 N/A 9.9 CRITICAL
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
CVE-2024-30227 2024-03-28 N/A 9.0 CRITICAL
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.
CVE-2024-30223 2024-03-28 N/A 9.0 CRITICAL
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
CVE-2024-30224 2024-03-28 N/A 10.0 CRITICAL
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.
CVE-2021-3520 4 Lz4 Project, Netapp, Oracle and 1 more 6 Lz4, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 3 more 2024-03-27 7.5 HIGH 9.8 CRITICAL
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
CVE-2022-36227 4 Debian, Fedoraproject, Libarchive and 1 more 4 Debian Linux, Fedora, Libarchive and 1 more 2024-03-27 N/A 9.8 CRITICAL
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
CVE-2023-6153 2024-03-27 N/A 9.8 CRITICAL
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2021-22945 8 Apple, Debian, Fedoraproject and 5 more 25 Macos, Debian Linux, Fedora and 22 more 2024-03-27 5.8 MEDIUM 9.1 CRITICAL
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
CVE-2022-32207 6 Apple, Debian, Fedoraproject and 3 more 19 Macos, Debian Linux, Fedora and 16 more 2024-03-27 7.5 HIGH 9.8 CRITICAL
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
CVE-2022-32221 5 Apple, Debian, Haxx and 2 more 13 Macos, Debian Linux, Curl and 10 more 2024-03-27 N/A 9.8 CRITICAL
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
CVE-2023-23914 3 Haxx, Netapp, Splunk 12 Curl, Active Iq Unified Manager, Clustered Data Ontap and 9 more 2024-03-27 N/A 9.1 CRITICAL
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
CVE-2023-23656 2024-03-27 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.
CVE-2023-47873 2024-03-27 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.
CVE-2023-47846 2024-03-27 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.