| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability |
| Windows AD FS Security Feature Bypass Vulnerability |
| Windows Installer Spoofing Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Accessibility Insights for Android Information Disclosure Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Windows Media Center Elevation of Privilege Vulnerability |
| An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. |
| Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. |
| An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. |
| An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place. |
| git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. |
| The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. |
| Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. |
| The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system. |
| EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198. |
| A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities. |
| An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. |
