| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. |
| An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. |
| NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. |
| SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. |
| DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. |
| Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. |
| Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products. |
| ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. |
| Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers. |
| Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles. |
| Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles. |
| Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. |