Medium · CVSS 6.3
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.
Published Jul 9, 2024 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file.
Published Jul 19, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.
Published Jul 20, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.
Published Jul 31, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.
Published Jul 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.
Published Jul 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.
Published Jul 31, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.
Published Jul 12, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function.
Published Jul 13, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.
Published Jul 13, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.
Published Jul 13, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function.
Published Jul 13, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function.
Published Jul 13, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
Published Jul 13, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
Published Jul 13, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
Published Jul 11, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.
Published Jul 18, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
Published Jul 26, 2023 · Updated Jul 5, 2026
Low · CVSS 3.7
A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.
Published Jul 31, 2025 · Updated Jun 30, 2026
Medium · CVSS 5.9
A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.
Published Jul 30, 2025 · Updated Jun 29, 2026
High · CVSS 7
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
Published Jul 24, 2023 · Updated Jun 26, 2026
Medium · CVSS 5.5
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
Published Jul 24, 2023 · Updated Jun 26, 2026
Medium · CVSS 5.5
A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
Published Jul 9, 2024 · Updated Jun 26, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.
This issue affects Parkmatik: before 02.01-a51.
Published Jul 13, 2023 · Updated Jun 1, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.
This issue affects Florist Site: before 3.0.
Published Jul 13, 2023 · Updated May 22, 2026
Critical · CVSS 9.8
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.
This issue affects ATS Pro: before 20230714.
Published Jul 17, 2023 · Updated May 22, 2026
High · CVSS 7.5
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.
This issue affects Oliva Expertise EKS: before 1.2.
Published Jul 17, 2023 · Updated May 22, 2026
Medium · CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS).
This issue affects Oliva Expertise EKS: before 1.2.
Published Jul 17, 2023 · Updated May 22, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.
This issue affects Oliva Expertise EKS: before 1.2.
Published Jul 17, 2023 · Updated May 22, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.
This issue affects Parking Web Report: before 2.1.
Published Jul 9, 2023 · Updated May 22, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.
This issue affects Scienta: before 20230630.1953.
Published Jul 25, 2023 · Updated May 22, 2026
High · CVSS 7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.
This issue affects Bullwark: before BLW-2016E-960H.
Published Jul 13, 2023 · Updated May 22, 2026
High · CVSS 7.5
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.
This issue affects E-Invoice Approval System: before v.20230701.
Published Jul 25, 2023 · Updated May 22, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.
This issue affects E-Invoice Approval System: before v.20230701.
Published Jul 25, 2023 · Updated May 22, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.
This issue affects Web Collection: before 31197.
Published Jul 13, 2023 · Updated May 22, 2026
Medium · CVSS 5.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.
This issue affects PlatPlay DS: before 3.14.
Published Jul 13, 2023 · Updated May 22, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.
This issue affects Zekiweb: before 2.
Published Jul 17, 2023 · Updated May 22, 2026
Medium · CVSS 6
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
Published Jul 24, 2023 · Updated May 12, 2026
Critical · CVSS 9.1
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
Published Jul 19, 2023 · Updated May 1, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through <= 4.5.4.
Published Jul 27, 2023 · Updated Apr 29, 2026
Medium · CVSS 5.9
Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI plugin <= 1.7 versions.
Published Jul 27, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.9
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <= 1.1 versions.
Published Jul 27, 2023 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions.
Published Jul 17, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
Published Jul 27, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube Authors List plugin <= 2.0.2 versions.
Published Jul 27, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <= 2.5 versions.
Published Jul 27, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.
Published Jul 27, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.
Published Jul 27, 2023 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.
Published Jul 17, 2023 · Updated Apr 28, 2026
High · CVSS 7.1
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions.
Published Jul 27, 2023 · Updated Apr 28, 2026