VYPR

CVEs

100,081 total · page 690 of 2,002

  • CVE-2024-25743HigMay 15, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.

  • CVE-2024-20366HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists…

  • CVE-2024-4622HigMay 15, 2024
    risk 0.54cvss epss 0.00

    If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.

  • CVE-2024-4202HigMay 15, 2024
    risk 0.50cvss 7.7epss 0.00

    In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.

  • CVE-2024-4200HigMay 15, 2024
    risk 0.50cvss 7.7epss 0.00

    In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

  • CVE-2024-3968HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.01

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.

  • CVE-2024-3967HigMay 15, 2024
    risk 0.49cvss 7.6epss 0.01

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.

  • CVE-2024-3892HigMay 15, 2024
    risk 0.47cvss 7.2epss 0.00

    A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.

  • CVE-2024-3486HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.00

    XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.

  • CVE-2024-3483HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.01

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.

  • CVE-2024-34082HigMay 15, 2024
    risk 0.48cvss 8.5epss 0.03

    Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret,…

  • CVE-2024-28042HigMay 15, 2024
    risk 0.55cvss 8.4epss 0.00

    SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.

  • CVE-2023-5938HigMay 15, 2024
    risk 0.52cvss 8.0epss 0.01

    Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to…

  • CVE-2023-5936HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.00

    On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.

  • CVE-2023-5935HigMay 15, 2024
    risk 0.48cvss 7.4epss 0.00

    When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or…

  • CVE-2024-27353HigMay 15, 2024
    risk 0.48cvss 7.4epss 0.00

    A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.

  • CVE-2024-25079HigMay 15, 2024
    risk 0.48cvss 7.4epss 0.00

    A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.

  • CVE-2024-25078HigMay 15, 2024
    risk 0.48cvss 7.4epss 0.00

    A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could…

  • CVE-2024-4670HigMay 15, 2024
    risk 0.50cvss 8.8epss 0.01

    The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and…

  • CVE-2023-6324HigMay 15, 2024
    risk 0.53cvss 8.1epss 0.01

    ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity

  • CVE-2023-6322HigMay 15, 2024
    risk 0.47cvss 7.2epss 0.01

    A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated…

  • CVE-2023-6321HigMay 15, 2024
    risk 0.47cvss 7.2epss 0.03

    A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.

  • CVE-2024-34100HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.00

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-34099HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.00

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2024-34098HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.00

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2024-34097HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.01

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-34096HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.01

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-34095HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.01

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-34094HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.01

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-30310HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-30284HigMay 15, 2024
    risk 0.51cvss 7.8epss 0.04

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-4010HigMay 15, 2024
    risk 0.50cvss 8.8epss 0.00

    The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it…

  • CVE-2024-3406HigMay 15, 2024
    risk 0.57cvss 8.8epss 0.00

    The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack

  • CVE-2024-3405HigMay 15, 2024
    risk 0.49cvss 7.6epss 0.00

    The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

  • CVE-2024-4847HigMay 15, 2024
    risk 0.50cvss 8.8epss 0.01

    The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied…

  • CVE-2024-35108HigMay 15, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.

  • CVE-2024-31477HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.01

    Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2024-31476HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.01

    Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2024-31475HigMay 14, 2024
    risk 0.53cvss 8.2epss 0.00

    There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system,…

  • CVE-2024-31474HigMay 14, 2024
    risk 0.53cvss 8.2epss 0.00

    There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead…

  • CVE-2023-33327HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2.

  • CVE-2024-31556HigMay 14, 2024
    risk 0.44cvss 7.8epss 0.00

    An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.

  • CVE-2022-28132HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.01

    The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can…

  • CVE-2020-26312HigMay 14, 2024
    risk 0.53cvss 8.1epss 0.00

    Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the …

  • CVE-2024-32465HigMay 14, 2024
    risk 0.00cvss 7.3epss 0.01

    Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source…

  • CVE-2021-22280HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.00

    Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.

  • CVE-2024-3676HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.00

    The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's…

  • CVE-2024-32004HigMay 14, 2024
    risk 0.00cvss 8.1epss 0.01

    Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions…

  • CVE-2024-2637HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.00

    An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial…

  • CVE-2024-4777HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox…