Vulnerabilities (CVE)
Yack CVE helps teams search and track vulnerabilities.
TOTAL
358,413 CVE
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A ZTE product is impacted by a resource management error vulnerability. An attacker could exploit this vulnerability to cause a denial of service by issuing a specific command. This affects: ZXCTN 6500 version V2.10.00R3...Show more |
ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code locat...Show more |
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect informa...Show more |
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. |
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code. |
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-ent...Show more |
2Fedoraproject Symonics2Fedora LibmysofaJun 17, 2026 Jan 13, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. |
1Ultimatemember 1Ultimate Member Jun 17, 2026 Jan 13, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos...Show more |
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header. |
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary. |
An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that...Show more |
A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial o...Show more |
A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. |
1Cacagoo 1Tv 288zd 2mp Firmware Jun 17, 2026 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. |
5Debian FedoraprojectOracle+2 more12Debian Linux Enterprise LinuxEnterprise Linux Desktop+9 moreJun 17, 2026 Jan 13, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. |
1Miniorange 1Saml Sp Single Sign On Jun 17, 2026 Feb 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the...Show more |
1Hutchhouse 1Marketo Forms And Tracking Jun 17, 2026 Jan 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. |
Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. |
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. |
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. |
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. |
1Zohocorp 1Manageengine Servicedesk Plus Jun 17, 2026 Jan 23, 2020 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. |
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. |
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. |
In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. |