VYPR

CVEs

100,082 total · page 678 of 2,002

  • CVE-2024-5185HigMay 29, 2024
    risk 0.47cvss 7.3epss 0.00

    The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the…

  • CVE-2024-25977HigMay 29, 2024
    risk 0.40cvss 7.3epss 0.01

    The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's…

  • CVE-2023-42005HigMay 29, 2024
    risk 0.48cvss 7.4epss 0.00

    IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.

  • CVE-2024-28826HigMay 29, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.

  • CVE-2024-36015HigMay 29, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should…

  • CVE-2024-4611HigMay 29, 2024
    risk 0.46cvss 8.1epss 0.01

    The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any…

  • CVE-2024-21512HigMay 29, 2024
    risk 0.47cvss 8.2epss 0.03

    Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

  • CVE-2023-6743HigMay 29, 2024
    risk 0.50cvss 8.8epss 0.01

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with…

  • CVE-2024-5204HigMay 29, 2024
    risk 0.50cvss 8.8epss 0.01

    The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with…

  • CVE-2023-30312HigMay 28, 2024
    risk 0.47cvss 7.3epss 0.00

    An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the…

  • CVE-2024-35226HigMay 28, 2024
    risk 0.40cvss 7.3epss 0.01

    Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors…

  • CVE-2024-22641HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.01

    TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.

  • CVE-2024-28060HigMay 28, 2024
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed.

  • CVE-2023-46694HigMay 28, 2024
    risk 0.53cvss 8.1epss 0.01

    Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality.

  • CVE-2023-30313HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2023-30310HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue discovered in Comfast Comfast CF-616AC routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2022-45171HigMay 28, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without…

  • CVE-2024-36110HigMay 28, 2024
    risk 0.46cvss 8.2epss 0.00

    ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21…

  • CVE-2024-36109HigMay 28, 2024
    risk 0.42cvss 7.6epss 0.00

    CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `` tags to be included which execute when published. This issue has been addressed in commit `419862a9c9879c`. Users…

  • CVE-2024-33450HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    SQL Injection in Finereport v.8.0 allows a remote attacker to obtain sensitive information

  • CVE-2024-24919HigKEVMay 28, 2024
    risk 0.85cvss 8.6epss 1.00

    Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

  • CVE-2023-43848HigMay 28, 2024
    risk 0.52cvss 8.0epss 0.00

    Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request.

  • CVE-2023-43844HigMay 28, 2024
    risk 0.52cvss 8.0epss 0.00

    Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator privileges.

  • CVE-2023-43843HigMay 28, 2024
    risk 0.47cvss 7.3epss 0.00

    Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request.

  • CVE-2023-43842HigMay 28, 2024
    risk 0.47cvss 7.3epss 0.00

    Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request.

  • CVE-2023-30311HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2023-30305HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2024-33402HigMay 28, 2024
    risk 0.53cvss 8.1epss 0.00

    A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.

  • CVE-2024-35341HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords (encrypted with a hardcoded key common to all…

  • CVE-2024-30165HigMay 28, 2024
    risk 0.46cvss 7.1epss 0.00

    Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.

  • CVE-2024-26024HigMay 28, 2024
    risk 0.55cvss 8.4epss 0.00

    SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.

  • CVE-2024-30212HigMay 28, 2024
    risk 0.39cvss epss 0.01

    If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. …

  • CVE-2024-24959HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.01

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24958HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.01

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24957HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.00

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24956HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.01

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24955HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.00

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24954HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.01

    Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to…

  • CVE-2024-24947HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.01

    A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these…

  • CVE-2024-24946HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.01

    A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these…

  • CVE-2024-24851HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.01

    A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this…

  • CVE-2024-23315HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.01

    A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated…

  • CVE-2024-3969HigMay 28, 2024
    risk 0.51cvss 7.8epss 0.01

    XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload

  • CVE-2024-35399HigMay 28, 2024
    risk 0.57cvss 8.8epss 0.00

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth

  • CVE-2024-35397HigMay 28, 2024
    risk 0.59cvss 8.8epss 0.19

    TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2024-29072HigMay 28, 2024
    risk 0.53cvss 8.2epss 0.00

    A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected…

  • CVE-2024-24686HigMay 28, 2024
    risk 0.51cvss 7.8epss 0.01

    Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the…

  • CVE-2024-24685HigMay 28, 2024
    risk 0.51cvss 7.8epss 0.01

    Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the…

  • CVE-2024-24684HigMay 28, 2024
    risk 0.51cvss 7.8epss 0.01

    Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the…

  • CVE-2024-23951HigMay 28, 2024
    risk 0.57cvss 8.8epss 0.01

    Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the…