Nist.gov April 2024 Coupon Codes

🚨 NEW: CVE-2023-26602 🚨 ASUS iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh... (click for more)

Posted 1 year ago (26 February 2023)

🚨 NEW: CVE-2022-32473 🚨 An issue was discovered in Insyde with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues th... (click for more)

Posted 1 year ago (14 February 2023)

🚨 NEW: CVE-2022-32476 🚨 An issue was discovered in Insyde with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues tha... (click for more)

Posted 1 year ago (14 February 2023)

🚨 NEW: CVE-2022-32470 🚨 An issue was discovered in Insyde with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition iss... (click for more)

Posted 1 year ago (14 February 2023)

🚨 NEW: CVE-2022-32953 🚨 An issue was discovered in Insyde with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that cou... (click for more)

Posted 1 year ago (14 February 2023)

🚨 NEW: CVE-2022-34885 🚨 An improper input sanitization vulnerability in the Motorola router could allow a local user with elevated permissions to execute arbitrary code. Severity: MEDIUM

Posted 1 year ago (07 February 2023)

🚨 NEW: CVE-2022-27538 🚨 A potential Time-of-Check to Time-of-Use () vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and in... (click for more)

Posted 1 year ago (01 February 2023)

🚨 NEW: CVE-2022-25967 🚨 Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution () by overwriting template engine configuration variables with view options received from The Express rend... (click for more)

Posted 1 year ago (30 January 2023)

🚨 NEW: CVE-2022-43971 🚨 An arbitrary code exection vulnerability exists in Linksys Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses... (click for more)

Posted 1 year ago (09 January 2023)

🚨 NEW: CVE-2022-43973 🚨 An arbitrary code execution vulnerability exisits in Linksys Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidate... (click for more)

Posted 1 year ago (09 January 2023)

🚨 NEW: CVE-2022-34916 🚨 Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution () attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has... (click for more) Severity: CRITICAL

Posted 1 year ago (21 December 2022)

🚨 NEW: CVE-2021-26392 🚨 Insufficient verification of missing size check in '' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by... (click for more) Severity: HIGH

Posted 1 year ago (23 November 2022)

🚨 NEW: CVE-2021-26391 🚨 Insufficient verification of multiple header signatures while loading a Trusted Application () may allow an attacker with privileges to gain code execution in that or the OS/kernel. Severity: HIGH

Posted 1 year ago (23 November 2022)

🚨 NEW: CVE-2022-36337 🚨 An issue was discovered in Insyde with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a... (click for more)

Posted 1 year ago (22 November 2022)

Emerging Vulnerability Found CVE-2022-30768 - A Stored Cross Site Scripting () issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other use... See

Posted 1 year ago (18 November 2022)

Emerging Vulnerability Found CVE-2020-21016 - D-Link DIR-846 devices with firmware allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. See

Posted 1 year ago (31 October 2022)

Emerging Vulnerability Found CVE-2022-42468 - Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution () attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting ... See

Posted 1 year ago (29 October 2022)

Emerging Vulnerability Found CVE-2022-29823 - Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution () with privileges of application. See

Posted 1 year ago (26 October 2022)

Emerging Vulnerability Found CVE-2022-3586 - A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer () cb field after the same had been enqueu... See

Posted 2 years ago (20 October 2022)

🚨 NEW: CVE-2022-38983 🚨 The BT Hfp Client module has a Use-After-Free () vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

Posted 2 years ago (14 October 2022)

🚨 NEW: CVE-2020-27814 🚨 A heap-buffer overflow was found in the way handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code ... (click for more) Severity: HIGH

Posted 2 years ago (06 October 2022)

🚨 NEW: CVE-2022-35572 🚨 On Linksys WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This w... (click for more)

Posted 2 years ago (13 September 2022)

🚨 NEW: CVE-2022-38667 🚨 HTTP applications () based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. Severity: CRITICAL

Posted 2 years ago (24 August 2022)

🚨 NEW: CVE-2017-14746 🚨 Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted request. Severity: CRITICAL

Posted 2 years ago (16 August 2022)

🚨 NEW: CVE-2021-22650 🚨 An attacker may use TWinSoft and a malicious source project file () to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.

Posted 2 years ago (28 July 2022)

🚨 NEW: CVE-2022-21504 🚨 The code in U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while ... (click for more) Severity: MEDIUM

Posted 2 years ago (14 June 2022)

🚨 NEW: CVE-2022-30234 🚨 A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, & EE... (click for more) Severity: CRITICAL

Posted 2 years ago (13 June 2022)

🚨 NEW: CVE-2021-21772 🚨 A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium 2.0.0. A specially crafted 3MF file can lead to code execution. An at... (click for more) Severity: HIGH

Posted 2 years ago (27 May 2022)

🚨 NEW: CVE-2022-29464 🚨 Certain products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequenc... (click for more)

Posted 2 years ago (23 April 2022)

🚨 NEW: CVE-2021-44082 🚨 textpattern 4.8.7 is vulnerable to Cross Site Scripting () via /textpattern/index.php,Body. A remote and unauthenticated attacker can use to trigger remote code execution by uploading... (click for more)

Posted 2 years ago (30 March 2022)

🚨 NEW: CVE-2020-12279 🚨 An issue was discovered in before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code executi... (click for more) Severity: CRITICAL

Posted 2 years ago (20 March 2022)

🚨 NEW: CVE-2022-25325 🚨 Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution b... (click for more) Severity: HIGH

Posted 2 years ago (14 March 2022)

🚨 NEW: CVE-2022-25230 🚨 Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution b... (click for more) Severity: HIGH

Posted 2 years ago (14 March 2022)

🚨 NEW: CVE-2021-33852 🚨 A cross-site scripting (XSS) attack can cause arbitrary code () to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "D... (click for more) Severity: MEDIUM

Posted 2 years ago (11 March 2022)

🚨 NEW: CVE-2021-33851 🚨 A cross-site scripting (XSS) attack can cause arbitrary code () to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "C... (click for more) Severity: MEDIUM

Posted 2 years ago (11 March 2022)

🚨 NEW: CVE-2021-46319 🚨 Remote Code Execution () vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or ... (click for more)

Posted 2 years ago (17 February 2022)

🚨 NEW: CVE-2022-23603 🚨 iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit user input is not properly sanitized and code injection is possib... (click for more)

Posted 2 years ago (01 February 2022)

🚨 NEW: CVE-2021-43269 🚨 In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config () file, leading to arbitrary code execution. T... (click for more) Severity: HIGH

Posted 2 years ago (25 January 2022)

🚨 NEW: CVE-2021-43298 🚨 The code that performs password matching when using '' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attac... (click for more)

Posted 2 years ago (25 January 2022)

🚨 NEW: CVE-2021-43297 🚨 A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use as the default seri... (click for more)

Posted 2 years ago (10 January 2022)

🚨 NEW: CVE-2021-44116 🚨 Cross Site Scripting () vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve th... (click for more) Severity: MEDIUM

Posted 2 years ago (20 December 2021)

🚨 NEW: CVE-2019-17571 🚨 Included in 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deseriali... (click for more) Severity: CRITICAL

Posted 3 years ago (06 October 2021)

RT test20181031bbb: #java CVE-2019-4747 IBM Team Concert () is vulnerable to cross-site scripting. This vulnera…

Posted 4 years ago (16 July 2020)

CVE-2018-11918 () In all releases(Android for MSM, Firefox OS for MSM, QRD A…

Posted 5 years ago (21 December 2018)

CVE-2018-1000543 () Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integra

Posted 6 years ago (20 August 2018)

CVE-2016-6564 Android devices with code from Ragentek contain a privileged binary that performs over-the-air () u

Posted 6 years ago (13 July 2018)

CVE-2018-11309 () Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPr

Posted 6 years ago (28 June 2018)

New/Modified vulnerability published June 27, 2018 at 09: on the NVD: CVE-2017-7465 It…

Posted 6 years ago (27 June 2018)

New vulnerability on the NVD: CVE-2012-0941 Multiple cross-site scripting () vulnerabili…

Posted 6 years ago (08 February 2018)

CVE-2017-15646 () Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Man

Posted 6 years ago (08 November 2017)

CVE-2016-7154 () Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS…

Posted 8 years ago (22 September 2016)

CVE-2016-5249 Lenovo Solution Center () before 3.3.003 allows local users to execute arbitrary code with LocalSys

Posted 8 years ago (01 July 2016)