2125 matches found
KLA62824 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, execute arbitrary code. Below is a...
The vulnerability of the TXOne StellarOne centralized control panel of the TXOne StellarProtect industrial protection system, related to access control deficiencies, allows attackers to increase their privileges.
The vulnerability of the TXOne StellarOne centralized control panel of the TXOne StellarProtect industrial protection device is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
Citrix published applications being displayed in control panel on the VDA as "delivered by citrix"
Citrix published applications being displayed in control panel on the VDA as "delivered by citrix"...
GHSA-8JJH-J3C2-CJCV Cross-site Scripting via uploaded assets
Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...
Cross-site Scripting via uploaded assets
Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...
Authentication flaw
Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...
CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets
Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...
Remote Code Execution (RCE)
statamic/cms is vulnerable to Remote Code Execution RCE. This vulnerability impacts both front-end forms employing the Forms feature and asset upload fields in the control panel. Malicious actors can exploit this loophole to introduce and execute arbitrary code via uploading image files...
CVE-2023-48217
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...
CVE-2023-48217 Remote code execution via form uploads in statamic/cms
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fiel...
KLA61975 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...
VulnCheck KEV: CVE-2022-36642
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive...
Statamic CMS remote code execution via front-end form uploads
Impact On front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded regardless of mime validation rules. This only affects forms using the "Forms" feature and not just any arbitrary form. This does not affect the control panel. Patches It has been patched i...
CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...
PT-2023-25636 · Unknown · Boomerang Parental Control
Name of the Vulnerable Software and Affected Versions: Boomerang Parental Control application versions prior to 13.83 for Android Description: An issue was discovered in the Boomerang Parental Control application where the app is missing the android:allowBackup="false" attribute in the manifest...
Bosch ctrlX HMI Web Panel WR21 Trust Management Issue Vulnerability
Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in Bosch ctrlX HMI Web Panel WR21 that originates from allowing an unprivileged attacker to modify the server settings of the Android Agent application, thereby inducing it to connect to a malicious...
CVE-2023-4517 Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp
Cross-site Scripting XSS - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6...
The vulnerability of the application programming interface of the libcue library allows a hacker to execute arbitrary code.
The vulnerability of the libcue library’s application programming interface is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by loading the control panel from a malicious web page...
CVE-2023-44259
Cross-Site Request Forgery CSRF vulnerability in Mediavine Mediavine Control Panel plugin = 2.10.2 versions...
CVE-2023-44259
Cross-Site Request Forgery CSRF vulnerability in Mediavine Mediavine Control Panel plugin = 2.10.2 versions...