59 matches found
EUVD-2021-27864
Malicious code in bioql PyPI...
EUVD-2021-27865
Malicious code in bioql PyPI...
CVE-2024-13979
A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
CVE-2021-24219
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
CVE-2010-1004
SQL injection vulnerability in the Yet another TYPO3 search engine YATSE extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Patient Record Management System edit_dpatient.php File SQL Injection Vulnerability
Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the /editdpatient.php file. An attacker can exploit...
Pimcore SQL注入漏洞
Pimcore is an open source data and experience management platform. A SQL injection vulnerability exists in Pimcore. The vulnerability stems from the fact that an authenticated user can construct filter strings that lead to SQL injection, which can be exploited by an attacker to execute arbitrary...
CVE-2024-20536
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...
Xibo CMS SQL注入漏洞
Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing an authenticated user to retrieve and modify arbitrary data from the database by injecting a specially crafted value into the sortBy...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
CVE-2024-20882
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...
DEBIAN-CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...
CVE-2023-42543
Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege...
Input validation
Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege...
CVE-2023-42543
Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege...
Security feature bypass
ColdFusion version 2021 update 1 and earlier and versions 2018.10 and earlier are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on...
CVE-2021-40698 ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass
ColdFusion version 2021 update 1 and earlier and versions 2018.10 and earlier are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on...