Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". Date published : 2021-07-26 https://github.com/LavaLite/cms/issues/320
tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS). Date published : 2021-07-26 https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859 https://github.com/syoyo/tinyexr/issues/108
tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS). Date published : 2021-07-26 https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859 https://github.com/syoyo/tinyexr/issues/109
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. Date published : 2021-07-26 https://github.com/GitHubAssessments/CVE_Assessments_02_2020
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. Date published : 2021-07-26 https://github.com/GitHubAssessments/CVE_Assessments_11_2019
A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. Date published : 2021-07-26 https://github.com/GitHubAssessments/CVE_07_2019/blob/master/Report.pdf
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. Date published : 2021-07-26 https://github.com/GitHubAssessments/CVE_Assessment_06_2019/blob/master/Snagit_Review.pdf
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. Date published : 2021-07-26 https://github.com/GitHubAssessments/CVE_Assessment_05_2019/blob/master/Key_Manager_Report.pdf
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. Date published : 2021-07-26 https://github.com/GitHubAssessments/CVE_Assessment_04_2019/blob/master/Snagit_Report.pdf
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code. Date published : 2021-07-26 https://github.com/twothink/twothink/issues/1
Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied. Date published : 2021-07-26 https://www.3xlogic.com/products/access-control/infinias-ethernet-enabled-integrated-door-controller-eidc https://www.3xlogic.com/sites/www.3xlogic.com/files/media/2020-08/INF_RN_infinias_eIDC32_V3.9_Firmware%20Release_08142020.pdf
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_XSS.md...
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/WebDictate_2.13_LFI.md https://www.nch.com.au/webdictate/index.html
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. Date published : 2021-07-25 https://github.com/0xfml/poc/blob/main/NCH/ReflectCRM_3.01_CC.md https://www.nchsoftware.com/crm/index.html