Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2024-25227
|
N/A |
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.
|
15 Mar 2024
|
|
|
CVE-2023-42938
|
N/A |
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
|
14 Mar 2024
|
|
|
CVE-2024-28746
|
N/A |
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
|
14 Mar 2024
|
|
|
CVE-2024-22397
|
N/A |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.
|
14 Mar 2024
|
|
|
CVE-2024-26475
|
N/A |
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
|
14 Mar 2024
|
|
|
CVE-2023-42286
|
N/A |
There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.
|
14 Mar 2024
|
|
|
CVE-2024-2403
|
N/A |
Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and
earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.
|
13 Mar 2024
|
|
|
CVE-2023-41505
|
N/A |
An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
13 Mar 2024
|
|
|
CVE-2024-28430
|
N/A |
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.
|
13 Mar 2024
|
|
|
CVE-2024-24105
|
N/A |
SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php.
|
13 Mar 2024
|
|
|
CVE-2024-26529
|
N/A |
An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.
|
13 Mar 2024
|
|
|
CVE-2024-28668
|
N/A |
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php
|
13 Mar 2024
|
|
|
CVE-2024-1138
|
N/A |
The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.
|
12 Mar 2024
|
|
|
CVE-2024-21584
|
N/A |
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.
|
12 Mar 2024
|
|
|
CVE-2024-24101
|
N/A |
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.
|
12 Mar 2024
|
|
|
CVE-2023-42307
|
N/A |
Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section.
|
12 Mar 2024
|
|
|
CVE-2024-27237
|
N/A |
In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
11 Mar 2024
|
|
|
CVE-2024-27229
|
N/A |
In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
11 Mar 2024
|
|
|
CVE-2024-27227
|
N/A |
A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues
|
11 Mar 2024
|
|
|
CVE-2024-27219
|
N/A |
In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
11 Mar 2024
|
|
|
CVE-2024-27218
|
N/A |
In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
11 Mar 2024
|
|
|
CVE-2024-22011
|
N/A |
In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
11 Mar 2024
|
|
|
CVE-2024-1487
|
N/A |
The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.
|
11 Mar 2024
|
|
|
CVE-2024-1279
|
N/A |
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
|
11 Mar 2024
|
|
|
CVE-2024-0559
|
N/A |
The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
11 Mar 2024
|
CVE-2024-25227
N/A
15 Mar 2024
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.
CVE-2023-42938
N/A
14 Mar 2024
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
CVE-2024-28746
N/A
14 Mar 2024
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
CVE-2024-22397
N/A
14 Mar 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.
CVE-2024-26475
N/A
14 Mar 2024
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
CVE-2023-42286
N/A
14 Mar 2024
There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.
CVE-2024-2403
N/A
13 Mar 2024
Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and
earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.
CVE-2023-41505
N/A
13 Mar 2024
An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-28430
N/A
13 Mar 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.
CVE-2024-24105
N/A
13 Mar 2024
SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php.
CVE-2024-26529
N/A
13 Mar 2024
An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.
CVE-2024-28668
N/A
13 Mar 2024
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php
CVE-2024-1138
N/A
12 Mar 2024
The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.
CVE-2024-21584
N/A
12 Mar 2024
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.
CVE-2024-24101
N/A
12 Mar 2024
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.
CVE-2023-42307
N/A
12 Mar 2024
Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section.
CVE-2024-27237
N/A
11 Mar 2024
In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27229
N/A
11 Mar 2024
In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27227
N/A
11 Mar 2024
A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues
CVE-2024-27219
N/A
11 Mar 2024
In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27218
N/A
11 Mar 2024
In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-22011
N/A
11 Mar 2024
In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-1487
N/A
11 Mar 2024
The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.
CVE-2024-1279
N/A
11 Mar 2024
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
CVE-2024-0559
N/A
11 Mar 2024
The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Page 524 of 644
Page 524 of 644