Latest Vulnerabilities

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (Last Update:2023-09-01 04:15:11) (Publish Update:2023-08-29 20:15:10)

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. (Last Update:2023-09-01 01:15:09) (Publish Update:2023-09-01 01:15:09)

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. (Last Update:2023-09-01 01:15:09) (Publish Update:2023-09-01 01:15:09)

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. (Last Update:2023-09-01 01:15:08) (Publish Update:2023-09-01 01:15:08)

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. (Last Update:2023-09-01 01:15:08) (Publish Update:2023-09-01 01:15:08)

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. (Last Update:2023-09-01 00:15:09) (Publish Update:2023-09-01 00:15:09)

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down. (Last Update:2023-08-31 23:15:29) (Publish Update:2023-08-30 22:15:10)

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. (Last Update:2023-08-31 23:15:28) (Publish Update:2023-08-29 22:15:09)

Zoho ManageEngine ADManager Plus through 7202 allows admin users to download any file from the server machine via directory traversal. (Last Update:2023-08-31 23:15:26) (Publish Update:2023-08-31 23:15:26)

An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool. (Last Update:2023-08-31 23:15:22) (Publish Update:2018-04-04 18:29:02)