PT-2023-27495 · Lg · Lg Supersign Media Editor

Name of the Vulnerable Software and Affected Versions: LG SuperSign Media Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this...

CVE-2023-38908

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function...

CVE-2023-38909

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function...

PT-2023-27463 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

PT-2023-9376 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to incorrect permission assignment for a critical resource in the Zabbix monitoring system. Exploitation of this issue may allow a remote attacker to access confidential...

VulnCheck KEV: CVE-2024-25461

Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...

PT-2023-5322 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p1 and earlier Adobe Commerce versions 2.4.5-p3 and earlier Adobe Commerce versions 2.4.4-p4 and earlier Description: The issue is related to errors in processing XML requests, which could allow a remote attacker...

The vulnerability of the phpMyFAQ web application lies in the absence of a mechanism to neutralize certain elements. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the phpMyFAQ web application is related to the absence of element neutralization mechanisms. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures using a specially crafted CSV file...

PT-2023-9275 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to information disclosure while handling SA query action frame. It is also described as a buffer overflow operation in the memory of...

PT-2023-23534 · Unknown · Rail Pass Management System

Name of the Vulnerable Software and Affected Versions: Rail Pass Management System version 1.0 Description: A sql injection issue allows a remote attacker to execute arbitrary code via the viewid parameter of the "view-pass-detail.php" file. This enables the attacker to potentially access or modi...

The vulnerability of the Application Express component in the Oracle Application Express development environment allows access to data modification, addition, deletion, or partial service disruption.

The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data, or cause a partial service...

The vulnerability of the iSurvey Module component of the software for creating and processing scenarios in Oracle Scripting of the Oracle E-Business Suite allows a perpetrator to gain access to read data and modify it.

The vulnerability of the iSurvey Module component of the software for creating and processing scenarios in Oracle Scripting, a system for automating business activities within the Oracle E-Business Suite, exists due to insufficient verification of input data. Exploiting this vulnerability can all...

PT-2023-3627 · Oracle · Application Express Customers Plugin

Name of the Vulnerable Software and Affected Versions: Application Express Customers Plugin versions 18.2 through 22.2 Description: The issue exists due to insufficient input validation in the Application Express Customers Plugin component of Oracle Application Express. This allows a remote...

The vulnerability of the IBM Robotic Process Automation software lies in its authentication procedures’ flaws, which allow attackers to gain read, modify, or delete access to data.

The vulnerability of the IBM Robotic Process Automation software is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, or delete data...

Apache NiFi 代码问题漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A code issue vulnerability exists in Apache NiFi versions 1.8.0 through 1.21.0, which stems from allowing authenticat...

The vulnerability of the Honeywell OneWireless Wireless Device Manager (WDM) device manager, which stems from the use of insufficiently random values, allows a intruder to access confidential data.

The vulnerability of the Honeywell OneWireless Wireless Device Manager WDM lies in the use of insufficiently random values. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential information...

PT-2023-24790 · Unknown · Sante Dicom Viewer Pro

Name of the Vulnerable Software and Affected Versions: Sante DICOM Viewer Pro affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

CVE-2022-47984

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163...

The vulnerability of the Networking component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to manipulate data.

The vulnerability of the Networking component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability allows a malicious actor to manipulate data remotely...

PT-2023-2705 · Microsoft · Windows Nfs Portmapper +1

Name of the Vulnerable Software and Affected Versions: Windows NFS Portmapper affected versions not specified Description: The issue is related to a lack of protection for service data in the Windows NFS Portmapper component, which can be exploited by a remote attacker to disclose protected...