VYPR

CVEs

100,097 total · page 666 of 2,002

  • CVE-2024-5685HigJun 14, 2024
    risk 0.42cvss 7.6epss 0.00

    Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

  • CVE-2024-5995HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.00

    The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused.

  • CVE-2024-36503HigJun 14, 2024
    risk 0.47cvss 7.3epss 0.00

    Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability.

  • CVE-2024-36502HigJun 14, 2024
    risk 0.51cvss 7.9epss 0.00

    Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.

  • CVE-2024-36500HigJun 14, 2024
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2024-31163HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

  • CVE-2024-31162HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

  • CVE-2024-5551HigJun 14, 2024
    risk 0.49cvss 7.5epss 0.00

    The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin…

  • CVE-2024-4404HigJun 14, 2024
    risk 0.55cvss 8.5epss 0.00

    The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary…

  • CVE-2024-3498HigJun 14, 2024
    risk 0.51cvss 7.8epss 0.00

    Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-3497HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-3496HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-1094HigJun 14, 2024
    risk 0.40cvss 7.3epss 0.01

    The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including,…

  • CVE-2024-31161HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory,…

  • CVE-2024-27178HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability…

  • CVE-2024-27177HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this…

  • CVE-2024-27176HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability…

  • CVE-2024-27171HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.01

    A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27170HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27169HigJun 14, 2024
    risk 0.55cvss 8.4epss 0.00

    Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27168HigJun 14, 2024
    risk 0.46cvss 7.1epss 0.00

    It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27167HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27166HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27165HigJun 14, 2024
    risk 0.51cvss 7.8epss 0.00

    Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27164HigJun 14, 2024
    risk 0.46cvss 7.1epss 0.00

    Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27158HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27155HigJun 14, 2024
    risk 0.50cvss 7.7epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the…

  • CVE-2024-3079HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.

  • CVE-2024-27153HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27152HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27151HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the…

  • CVE-2024-27150HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27149HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27148HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27147HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-5984HigJun 14, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The…

  • CVE-2024-5983HigJun 14, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched…

  • CVE-2024-0099HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of…

  • CVE-2024-0091HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.

  • CVE-2024-0090HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

  • CVE-2024-0089HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.

  • CVE-2024-0084HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of…

  • CVE-2024-5976HigJun 13, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql…

  • CVE-2024-32929HigJun 13, 2024
    risk 0.53cvss 8.1epss 0.00

    In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32925HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.00

    In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32924HigJun 13, 2024
    risk 0.49cvss 7.5epss 0.00

    In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32922HigJun 13, 2024
    risk 0.48cvss 7.4epss 0.00

    In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2024-32921HigJun 13, 2024
    risk 0.48cvss 7.4epss 0.00

    In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32920HigJun 13, 2024
    risk 0.46cvss 7.1epss 0.00

    In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-32919HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.