EUVD-2021-7995

Malicious code in bioql PyPI...

EUVD-2023-53983

Malicious code in bioql PyPI...

PT-2025-33357 · Dell · Dell Data Lakehouse

Name of the Vulnerable Software and Affected Versions: Dell Data Lakehouse versions prior to 1.5.0.0 Description: Dell Data Lakehouse is susceptible to an Execution with Unnecessary Privileges issue. A local attacker with high privileges could potentially exploit this, resulting in a Denial of...

PT-2024-40414 · Adobe · Magento Open Source +1

Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 1.9.0.0 through 1.14.3.9 Magento Open Source versions 1.5.0.0 through 1.9.3.9 Description: The issue concerns various security vulnerabilities, including authenticated Admin user remote code execution RCE, cross-site...

CVE-2023-4096

Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user...

CVE-2023-4095

User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform...

CVE-2023-4094

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the...

CVE-2023-4093

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...

Cross site scripting

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...

CVE-2023-4092

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data insert/update/delete, perform database administration operations and, in some cases, execute commands on the...

Sql injection

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data insert/update/delete, perform database administration operations and, in some cases, execute commands on the...

CVE-2023-4094 Weak authentication vulnerability in Fujitsu Arconte Áurea

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the...

CVE-2023-4093 Reflected and persistent XSS vulnerability in Fujitsu Arconte Áurea

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...

PT-2023-27715 · Unknown · Arconte Áurea

Name of the Vulnerable Software and Affected Versions: Arconte Áurea version 1.5.0.0 Description: The issue allows an attacker to obtain a list of registered users in the application, which could be used to perform more complex attacks on the platform. This is a user enumeration vulnerability,...

PT-2023-27709 · Aurea · Arconte Áurea

Name of the Vulnerable Software and Affected Versions: ARCONTE Aurea version 1.5.0.0 Description: The authentication system could allow an attacker to make incorrect access requests, blocking each legitimate account and causing a denial of service. A resource has been identified that could allow...

CVE-2022-2969

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname,...

CVE-2021-20540

IBM Cloud Pak for Security CP4S 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923...

CVE-2021-20538

IBM Cloud Pak for Security CP4S 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919...

CVE-2021-20577

IBM Cloud Pak for Security CP4S 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

PrestaShop Information Disclosure Vulnerability (CNVD-2020-50515)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. An information disclosure vulnerability exists in PrestaShop versions after 1.5.0.0...