Vulnerabilities (CVE)

Total 23573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-2890 2024-03-28 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.
CVE-2024-29241 2024-03-28 N/A 9.9 CRITICAL
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
CVE-2024-29100 2024-03-28 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
CVE-2024-30228 2024-03-28 N/A 9.9 CRITICAL
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.
CVE-2024-30227 2024-03-28 N/A 9.0 CRITICAL
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.
CVE-2024-30226 2024-03-28 N/A 9.0 CRITICAL
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.
CVE-2024-30225 2024-03-28 N/A 10.0 CRITICAL
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.
CVE-2024-30224 2024-03-28 N/A 10.0 CRITICAL
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.
CVE-2024-30223 2024-03-28 N/A 9.0 CRITICAL
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.
CVE-2021-3520 4 Lz4 Project, Netapp, Oracle and 1 more 6 Lz4, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 3 more 2024-03-27 7.5 HIGH 9.8 CRITICAL
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
CVE-2022-36227 4 Debian, Fedoraproject, Libarchive and 1 more 4 Debian Linux, Fedora, Libarchive and 1 more 2024-03-27 N/A 9.8 CRITICAL
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
CVE-2023-6153 2024-03-27 N/A 9.8 CRITICAL
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2021-22945 8 Apple, Debian, Fedoraproject and 5 more 25 Macos, Debian Linux, Fedora and 22 more 2024-03-27 5.8 MEDIUM 9.1 CRITICAL
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
CVE-2022-32207 6 Apple, Debian, Fedoraproject and 3 more 19 Macos, Debian Linux, Fedora and 16 more 2024-03-27 7.5 HIGH 9.8 CRITICAL
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
CVE-2022-32221 5 Apple, Debian, Haxx and 2 more 13 Macos, Debian Linux, Curl and 10 more 2024-03-27 N/A 9.8 CRITICAL
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
CVE-2023-23914 3 Haxx, Netapp, Splunk 12 Curl, Active Iq Unified Manager, Clustered Data Ontap and 9 more 2024-03-27 N/A 9.1 CRITICAL
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
CVE-2023-23656 2024-03-27 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.
CVE-2023-6173 2024-03-27 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-28787 2024-03-27 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
CVE-2023-49815 2024-03-27 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.