Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational dat…
METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute …
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute …
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.
Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or re…
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access …
Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.
Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability
The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they ar…
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in ar…
Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the desc…
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the Cr…
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log fil…
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, m…