CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2022-09-05
N/A
7.8 HIGH
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition.
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2022-09-07
N/A
7.1 HIGH
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2022-05-10
N/A
7.8 HIGH
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2022-05-10
N/A
7.1 HIGH
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00.
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions.
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.