| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25743 | Hig | 0.46 | 7.1 | 0.00 | May 15, 2024 | In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. | ||
| CVE-2024-20366 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2024 | A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists… | ||
| CVE-2024-4622 | Hig | 0.54 | — | 0.00 | May 15, 2024 | If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator. | ||
| CVE-2024-4202 | Hig | 0.50 | 7.7 | 0.00 | May 15, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | ||
| CVE-2024-4200 | Hig | 0.50 | 7.7 | 0.00 | May 15, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | ||
| CVE-2024-3968 | Hig | 0.51 | 7.8 | 0.01 | May 15, 2024 | Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. | ||
| CVE-2024-3967 | Hig | 0.49 | 7.6 | 0.01 | May 15, 2024 | Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. | ||
| CVE-2024-3892 | Hig | 0.47 | 7.2 | 0.00 | May 15, 2024 | A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. | ||
| CVE-2024-3486 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2024 | XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. | ||
| CVE-2024-3483 | Hig | 0.51 | 7.8 | 0.01 | May 15, 2024 | Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | ||
| CVE-2024-34082 | Hig | 0.48 | 8.5 | 0.03 | May 15, 2024 | Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret,… | ||
| CVE-2024-28042 | Hig | 0.55 | 8.4 | 0.00 | May 15, 2024 | SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. | ||
| CVE-2023-5938 | Hig | 0.52 | 8.0 | 0.01 | May 15, 2024 | Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to… | ||
| CVE-2023-5936 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2024 | On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges. | ||
| CVE-2023-5935 | Hig | 0.48 | 7.4 | 0.00 | May 15, 2024 | When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or… | ||
| CVE-2024-27353 | Hig | 0.48 | 7.4 | 0.00 | May 15, 2024 | A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM. | ||
| CVE-2024-25079 | Hig | 0.48 | 7.4 | 0.00 | May 15, 2024 | A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM. | ||
| CVE-2024-25078 | Hig | 0.48 | 7.4 | 0.00 | May 15, 2024 | A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could… | ||
| CVE-2024-4670 | Hig | 0.50 | 8.8 | 0.01 | May 15, 2024 | The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and… | ||
| CVE-2023-6324 | Hig | 0.53 | 8.1 | 0.01 | May 15, 2024 | ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity | ||
| CVE-2023-6322 | Hig | 0.47 | 7.2 | 0.01 | May 15, 2024 | A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated… | ||
| CVE-2023-6321 | Hig | 0.47 | 7.2 | 0.03 | May 15, 2024 | A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. | ||
| CVE-2024-34100 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-34099 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must… | ||
| CVE-2024-34098 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must… | ||
| CVE-2024-34097 | Hig | 0.51 | 7.8 | 0.01 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-34096 | Hig | 0.51 | 7.8 | 0.01 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-34095 | Hig | 0.51 | 7.8 | 0.01 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-34094 | Hig | 0.51 | 7.8 | 0.01 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-30310 | Hig | 0.51 | 7.8 | 0.03 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-30284 | Hig | 0.51 | 7.8 | 0.04 | May 15, 2024 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2024-4010 | Hig | 0.50 | 8.8 | 0.00 | May 15, 2024 | The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it… | ||
| CVE-2024-3406 | Hig | 0.57 | 8.8 | 0.00 | May 15, 2024 | The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||
| CVE-2024-3405 | Hig | 0.49 | 7.6 | 0.00 | May 15, 2024 | The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||
| CVE-2024-4847 | Hig | 0.50 | 8.8 | 0.01 | May 15, 2024 | The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied… | ||
| CVE-2024-35108 | Hig | 0.57 | 8.8 | 0.00 | May 15, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN. | ||
| CVE-2024-31477 | — | Hig | 0.47 | 7.2 | 0.01 | May 14, 2024 | Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |
| CVE-2024-31476 | Hig | 0.47 | 7.2 | 0.01 | May 14, 2024 | Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||
| CVE-2024-31475 | Hig | 0.53 | 8.2 | 0.00 | May 14, 2024 | There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system,… | ||
| CVE-2024-31474 | Hig | 0.53 | 8.2 | 0.00 | May 14, 2024 | There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead… | ||
| CVE-2023-33327 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. | ||
| CVE-2024-31556 | Hig | 0.44 | 7.8 | 0.00 | May 14, 2024 | An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. | ||
| CVE-2022-28132 | Hig | 0.47 | 7.2 | 0.01 | May 14, 2024 | The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can… | ||
| CVE-2020-26312 | Hig | 0.53 | 8.1 | 0.00 | May 14, 2024 | Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the … | ||
| CVE-2024-32465 | Hig | 0.00 | 7.3 | 0.01 | May 14, 2024 | Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source… | ||
| CVE-2021-22280 | Hig | 0.47 | 7.2 | 0.00 | May 14, 2024 | Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product. | ||
| CVE-2024-3676 | Hig | 0.49 | 7.5 | 0.00 | May 14, 2024 | The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's… | ||
| CVE-2024-32004 | Hig | 0.00 | 8.1 | 0.01 | May 14, 2024 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions… | ||
| CVE-2024-2637 | Hig | 0.47 | 7.2 | 0.00 | May 14, 2024 | An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial… | ||
| CVE-2024-4777 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox… |
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists…
- risk 0.54cvss —epss 0.00
If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.
- risk 0.50cvss 7.7epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
- risk 0.50cvss 7.7epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
- risk 0.51cvss 7.8epss 0.01
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
- risk 0.49cvss 7.6epss 0.01
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
- risk 0.47cvss 7.2epss 0.00
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
- risk 0.51cvss 7.8epss 0.00
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
- risk 0.51cvss 7.8epss 0.01
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
- risk 0.48cvss 8.5epss 0.03
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret,…
- risk 0.55cvss 8.4epss 0.00
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.
- risk 0.52cvss 8.0epss 0.01
Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to…
- risk 0.51cvss 7.8epss 0.00
On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.
- risk 0.48cvss 7.4epss 0.00
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or…
- risk 0.48cvss 7.4epss 0.00
A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
- risk 0.48cvss 7.4epss 0.00
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
- risk 0.48cvss 7.4epss 0.00
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could…
- risk 0.50cvss 8.8epss 0.01
The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and…
- risk 0.53cvss 8.1epss 0.01
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
- risk 0.47cvss 7.2epss 0.01
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated…
- risk 0.47cvss 7.2epss 0.03
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
- risk 0.51cvss 7.8epss 0.00
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…
- risk 0.51cvss 7.8epss 0.00
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…
- risk 0.51cvss 7.8epss 0.01
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.01
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.01
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.01
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.04
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.50cvss 8.8epss 0.00
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it…
- risk 0.57cvss 8.8epss 0.00
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
- risk 0.49cvss 7.6epss 0.00
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
- risk 0.50cvss 8.8epss 0.01
The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied…
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
- risk 0.47cvss 7.2epss 0.01
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- risk 0.47cvss 7.2epss 0.01
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
- risk 0.53cvss 8.2epss 0.00
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system,…
- risk 0.53cvss 8.2epss 0.00
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead…
- risk 0.57cvss 8.8epss 0.01
Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.
- risk 0.44cvss 7.8epss 0.00
An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.
- risk 0.47cvss 7.2epss 0.01
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can…
- risk 0.53cvss 8.1epss 0.00
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the …
- risk 0.00cvss 7.3epss 0.01
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source…
- risk 0.47cvss 7.2epss 0.00
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.
- risk 0.49cvss 7.5epss 0.00
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's…
- risk 0.00cvss 8.1epss 0.01
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions…
- risk 0.47cvss 7.2epss 0.00
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial…
- risk 0.57cvss 8.8epss 0.01
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox…