CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack
The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.
Legion_y520t_z370_firmware, Legion_y520t_z370, Aio310-20iap_firmware, Aio310-20iap, Aio510-22ish_firmware, Aio510-22ish, Aio510-23ish_firmware, Aio510-23ish, Aio520-22ikl_firmware, Aio520-22ikl
2023-02-03
N/A
7.8 HIGH
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
2022-09-07
N/A
7.8 HIGH
Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code.
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.