A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this...
A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this...
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In...
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this...
GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known...
An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP...
An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this...
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack...
A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger...
Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. Date published : 2022-01-28 https://huntr.dev/bounties/36abbd6e-239e-4739-8c77-ba212b946a4a https://github.com/livehelperchat/livehelperchat/commit/8fdb4f67ac1a095331aa0fb4630ef9dfe8e75dcb
Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. Date published : 2022-01-28 https://huntr.dev/bounties/e13823d0-271c-448b-a0c5-8549ea7ea272 https://github.com/livehelperchat/livehelperchat/commit/d7b85466c217b3750eaccc8703ce54ba8785c4d3
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Date published : 2022-01-28 https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Date published : 2022-01-28 https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a
Cross-site Scripting (XSS) – Reflected in Pypi calibreweb prior to 0.6.16. Date published : 2022-01-28 https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717 https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1