VYPR

CVEs

101,963 total · page 640 of 2,040

  • CVE-2024-9091HigSep 23, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in code-projects Student Record System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument regno leads to sql injection. The attack can be launched…

  • CVE-2024-43989HigSep 23, 2024
    risk 0.50cvss 7.5epss 0.12

    Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through <= 4.6.1.

  • CVE-2024-9087HigSep 22, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /edit1.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2024-9085HigSep 22, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument date leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2024-9080HigSep 22, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possible to launch the attack…

  • CVE-2024-9079HigSep 22, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2024-9078HigSep 22, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2024-47221HigSep 22, 2024
    risk 0.00cvss 7.5epss 0.00

    CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password.

  • CVE-2024-47210HigSep 21, 2024
    risk 0.50cvss 8.8epss 0.01

    Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

  • CVE-2024-42323HigSep 21, 2024
    risk 0.51cvss 8.8epss 0.04

    SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which…

  • CVE-2024-46649HigSep 20, 2024
    risk 0.49cvss 7.5epss 0.01

    eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder.

  • CVE-2024-46648HigSep 20, 2024
    risk 0.49cvss 7.5epss 0.01

    eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder.

  • CVE-2024-46645HigSep 20, 2024
    risk 0.49cvss 7.5epss 0.01

    eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files.

  • CVE-2024-47062HigSep 20, 2024
    risk 0.51cvss 8.8epss 0.04

    Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of…

  • CVE-2024-47061HigSep 20, 2024
    risk 0.47cvss 8.3epss 0.01

    Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the `attributes` property. These attributes…

  • CVE-2024-42346HigSep 20, 2024
    risk 0.49cvss 7.6epss 0.01

    Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon…

  • CVE-2023-47480HigSep 20, 2024
    risk 0.48cvss 8.4epss 0.00

    An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.

  • CVE-2024-9039HigSep 20, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads…

  • CVE-2024-9037HigSep 20, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has…

  • CVE-2024-9035HigSep 20, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Admin Login. The manipulation of the argument username/password leads to sql injection. It…

  • CVE-2024-9034HigSep 20, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be launched…

  • CVE-2024-41721HigSep 20, 2024
    risk 0.53cvss 8.1epss 0.01

    An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution.

  • CVE-2024-47000HigSep 20, 2024
    risk 0.53cvss 8.1epss 0.00

    Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and…

  • CVE-2024-46999HigSep 20, 2024
    risk 0.47cvss 7.3epss 0.00

    Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management…

  • CVE-2024-45807HigSep 20, 2024
    risk 0.49cvss 7.5epss 0.01

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this…

  • CVE-2024-46984HigSep 19, 2024
    risk 0.49cvss 8.6epss 0.01

    The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to `XML External Entities` attack due to insecure defaults…

  • CVE-2024-38016HigSep 19, 2024
    risk 0.51cvss 7.8epss 0.01

    Microsoft Office Visio Remote Code Execution Vulnerability

  • CVE-2024-8698HigSep 19, 2024
    risk 0.50cvss 7.7epss 0.02

    A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document,…

  • CVE-2024-8375HigSep 19, 2024
    risk 0.44cvss 7.8epss 0.00

    There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on…

  • CVE-2024-7737HigSep 19, 2024
    risk 0.57cvss 8.7epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2024-7736HigSep 19, 2024
    risk 0.57cvss 8.7epss 0.00

    A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

  • CVE-2024-45862HigSep 19, 2024
    risk 0.49cvss 7.5epss 0.00

    Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.

  • CVE-2024-45861HigSep 19, 2024
    risk 0.49cvss 7.5epss 0.00

    Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.

  • CVE-2024-45752HigSep 19, 2024
    risk 0.55cvss 8.5epss 0.00

    logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction.

  • CVE-2024-46394HigSep 19, 2024
    risk 0.57cvss 8.8epss 0.00

    FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add

  • CVE-2024-46382HigSep 19, 2024
    risk 0.49cvss 7.5epss 0.01

    A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java.

  • CVE-2024-7254HigSep 19, 2024
    risk 0.42cvss 7.5epss 0.03

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java…

  • CVE-2024-37406HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.

  • CVE-2022-25770HigSep 18, 2024
    risk 0.44cvss 7.8epss 0.00

    Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

  • CVE-2021-27917HigSep 18, 2024
    risk 0.40cvss 7.3epss 0.00

    Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.

  • CVE-2024-46373HigSep 18, 2024
    risk 0.57cvss 8.8epss 0.00

    Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.

  • CVE-2023-30464HigSep 18, 2024
    risk 0.42cvss 7.5epss 0.00

    CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.

  • CVE-2022-25768HigSep 18, 2024
    risk 0.39cvss 7.0epss 0.00

    The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of…

  • CVE-2024-44589HigSep 18, 2024
    risk 0.57cvss 8.8epss 0.01

    Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code.

  • CVE-2024-39339HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and…

  • CVE-2024-8287HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take…

  • CVE-2024-34057HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

  • CVE-2024-46987HigSep 18, 2024
    risk 0.47cvss 7.7epss 0.15

    Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on…

  • CVE-2024-45601HigSep 18, 2024
    risk 0.42cvss 7.5epss 0.00

    Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to…

  • CVE-2023-41612HigSep 18, 2024
    risk 0.57cvss 8.8epss 0.00

    Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.