Latest CVE Feed
-
5.7
MEDIUMCVE-2022-27481
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not pr... Read more
- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-27152
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.... Read more
Affected Products : roku_os express express_4k\+ roku_tv streambar streambar_pro streaming_stick_4k streaming_stick_4k\+ ultra wireless_speakers +1 more products- Published: Apr. 08, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-22284
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication... Read more
Affected Products : internet- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-21979
Microsoft Exchange Server Information Disclosure Vulnerability... Read more
Affected Products : exchange_server- Published: Aug. 09, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-21609
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with... Read more
Affected Products : business_intelligence- Published: Oct. 18, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.... Read more
- Published: Mar. 15, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2024-54128
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which ca... Read more
Affected Products : directus- Published: Dec. 05, 2024
- Modified: Dec. 05, 2024
-
5.7
MEDIUM- Published: Oct. 13, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-41188
Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to ... Read more
Affected Products : shopware- Published: Oct. 26, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2024-52515
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.7
MEDIUMCVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential... Read more
Affected Products : insightvm- Published: Mar. 24, 2023
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-3572
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. Th... Read more
- Published: Nov. 10, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to cr... Read more
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-38632
BitLocker Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_server_2022 windows_10_21h1 windows_10_1909 windows_server_20h2 +1 more products- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2024-45332
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disc... Read more
Affected Products :- Published: May. 13, 2025
- Modified: May. 16, 2025
- Vuln Type: Information Disclosure
-
5.7
MEDIUMCVE-2021-37865
Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of... Read more
- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-37863
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.... Read more
- Published: Dec. 17, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-36284
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a br... Read more
- Published: Sep. 28, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-35606
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker with acc... Read more
Affected Products : peoplesoft_enterprise_cs_campus_community- Published: Oct. 20, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.... Read more
Affected Products : epyc_7h12_firmware epyc_7f72_firmware epyc_7f52_firmware epyc_7f32_firmware epyc_7742_firmware epyc_7702p_firmware epyc_7702_firmware epyc_7662_firmware epyc_7642_firmware epyc_7552_firmware +176 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024