Latest CVE Feed
-
5.7
MEDIUMCVE-2022-30625
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the direct... Read more
- Published: Jul. 18, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other... Read more
Affected Products : debian_linux curl solidfire_\&_hci_management_node h300s_firmware h500s_firmware h700s_firmware h410s_firmware clustered_data_ontap hci_bootstrap_os solidfire_\&_hci_storage_node +7 more products- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-27481
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not pr... Read more
- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-27152
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.... Read more
Affected Products : roku_os express express_4k\+ roku_tv streambar streambar_pro streaming_stick_4k streaming_stick_4k\+ ultra wireless_speakers +1 more products- Published: Apr. 08, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-22284
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication... Read more
Affected Products : internet- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-21979
Microsoft Exchange Server Information Disclosure Vulnerability... Read more
Affected Products : exchange_server- Published: Aug. 09, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-21609
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with... Read more
Affected Products : business_intelligence- Published: Oct. 18, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.... Read more
- Published: Mar. 15, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2024-54128
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which ca... Read more
Affected Products : directus- Published: Dec. 05, 2024
- Modified: Dec. 05, 2024
-
5.7
MEDIUM- Published: Oct. 13, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-41188
Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to ... Read more
Affected Products : shopware- Published: Oct. 26, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2024-52515
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.7
MEDIUMCVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential... Read more
Affected Products : insightvm- Published: Mar. 24, 2023
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-3572
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. Th... Read more
- Published: Nov. 10, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to cr... Read more
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-38632
BitLocker Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_server_2022 windows_10_21h1 windows_10_1909 windows_server_20h2 +1 more products- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2024-45332
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disc... Read more
Affected Products :- Published: May. 13, 2025
- Modified: May. 16, 2025
- Vuln Type: Information Disclosure
-
5.7
MEDIUMCVE-2021-37865
Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of... Read more
- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-37863
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.... Read more
- Published: Dec. 17, 2021
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-36284
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a br... Read more
- Published: Sep. 28, 2021
- Modified: Nov. 21, 2024