Recent Vulnerabilities

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control.

Recent Activity