CVE-2024-37675

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file...

Virtuozzo Hybrid Infrastructure 6.1 Update 1 Hotfix 2 (6.1.1-39)

This update provides a stability improvement. Vulnerability id: VSTOR-85986 Enabled adding multiple devices to the boot sequence of Linux VMs...

SUSE-SU-2024:1365-1 Security update for apache-commons-configuration2

This update for apache-commons-configuration2 fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclic...

CVE-2023-49982

Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts...

RICOH MP 2001 Cross-site Scripting (CVE-2018-17002)

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. This plugin only works with Tenable.ot. Please visit...

RICOH MP C1803 JPN Cross-site Scripting (CVE-2018-17310)

On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. This plugin only works with Tenable.ot. Please visit...

WP Courses LMS < 3.2.4 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /ajax/ajax-lesson-order.php file hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with...

Mars: CSRF resulting in adding pet at ███████

A Cross-Site Request Forgery CSRF vulnerability was discovered in the application, allowing an attacker to forge requests to add pets to the victim's account, provided the attacker knew the victim's account ID...

CVE-2022-36228

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app...

CVE-2022-36228

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app...

CVE-2022-36228

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app...

CVE-2023-43278

A Cross-Site Request Forgery CSRF in adminmanager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account...

SourceCodester Vehicle Management Cross-Site Scripting Vulnerability

SourceCodester Vehicle Management is a vehicle management software from SourceCodester, Inc. A security vulnerability exists in SourceCodester Vehicle Management version 1.0 that stems from the susceptibility to cross-site scripting XSS attacks when adding accounts via invoice numbers, recipients...

There is a large precision error in sqrt calculation of lp

Lines of code Vulnerability details Impact Compared with div, there is a larger precision error in calculating lp through sqrt, so there should be a way to check whether there are excess tokens left when adding liquidity. Proof of Concept function testCalcLpTokenSupplyDiff public uint256 memory...

CVE-2023-34652

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting XSS via Add New Course...

SUSE CVE-2023-26552

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

CVE-2023-26950

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Title parameter under the Adding Categories module...

CVE-2023-26950

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Title parameter under the Adding Categories module...

Cross site scripting

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Title parameter under the Adding Categories module...

CVE-2023-26950

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Title parameter under the Adding Categories module...