VYPR

CVEs

100,081 total · page 689 of 2,002

  • CVE-2024-4733HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.01

    The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor…

  • CVE-2024-3286HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.

  • CVE-2024-1417HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.01

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue…

  • CVE-2024-27260HigMay 16, 2024
    risk 0.55cvss 8.4epss 0.00

    IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.

  • CVE-2024-4956HigMay 16, 2024
    risk 0.53cvss 7.5epss 0.18

    Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

  • CVE-2024-3640HigMay 16, 2024
    risk 0.46cvss epss 0.00

    An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter…

  • CVE-2024-34905HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.01

    FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-31142HigMay 16, 2024
    risk 0.50cvss 7.5epss 0.17

    Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: …

  • CVE-2024-20389HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper…

  • CVE-2024-20326HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper…

  • CVE-2024-30314HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.01

    Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user…

  • CVE-2024-30292HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-30291HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-30290HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-30289HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-30288HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-4838HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.01

    The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated…

  • CVE-2024-4352HigMay 16, 2024
    risk 0.57cvss 8.8epss 0.01

    The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that…

  • CVE-2024-4351HigMay 16, 2024
    risk 0.57cvss 8.8epss 0.01

    The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated…

  • CVE-2024-4222HigMay 16, 2024
    risk 0.47cvss 7.3epss 0.00

    The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to…

  • CVE-2024-4322HigMay 16, 2024
    risk 0.51cvss 7.5epss 0.31

    A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue…

  • CVE-2024-4321HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload…

  • CVE-2024-4181HigMay 16, 2024
    risk 0.50cvss 8.8epss 0.02

    A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a…

  • CVE-2024-3848HigMay 16, 2024
    risk 0.45cvss 7.5epss 0.43

    A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the…

  • CVE-2024-3435HigMay 16, 2024
    risk 0.00cvss 8.4epss 0.01

    A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings'…

  • CVE-2024-3403HigMay 16, 2024
    risk 0.42cvss 7.5epss 0.01

    imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs'…

  • CVE-2024-3126HigMay 16, 2024
    risk 0.00cvss 8.4epss 0.01

    A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The…

  • CVE-2024-30307HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-30297HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-30296HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-30295HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-30294HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-30293HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-30282HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-30275HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-30274HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-20792HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-20791HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context…

  • CVE-2024-4966HigMay 16, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely.…

  • CVE-2024-4844HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database…

  • CVE-2024-4318HigMay 16, 2024
    risk 0.50cvss 8.8epss 0.01

    The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …

  • CVE-2024-3643HigMay 16, 2024
    risk 0.57cvss 8.8epss 0.00

    The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack

  • CVE-2024-4927HigMay 16, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to…

  • CVE-2024-3750HigMay 16, 2024
    risk 0.50cvss 8.8epss 0.01

    The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible…

  • CVE-2024-4920HigMay 16, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated…

  • CVE-2024-33615HigMay 15, 2024
    risk 0.57cvss 8.8epss 0.01

    A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.

  • CVE-2024-31856HigMay 15, 2024
    risk 0.57cvss 8.8epss 0.01

    An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.

  • CVE-2024-31410HigMay 15, 2024
    risk 0.50cvss 7.7epss 0.00

    The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.

  • CVE-2023-40297HigMay 15, 2024
    risk 0.49cvss 7.5epss 0.01

    Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.

  • CVE-2024-35102HigMay 15, 2024
    risk 0.57cvss 8.8epss 0.01

    Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script.