1680 matches found
PT-2023-21503 · Dell · Dell Bios
Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability to modify...
CVE-2023-35866
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...
Google Android Denial of Service Vulnerability (CNVD-2023-50825)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that is caused due to improper input validation in multiple functions across multiple files. An attacker can exploit this vulnerability to cause a denial of...
Adobe Commerce Arbitrary Code Execution Vulnerability
Adobe Commerce is the United States of America Odobie Adobe company of a business and brand-oriented digital commerce solutions. An arbitrary code execution vulnerability exists in Adobe Commerce, which can be exploited by an attacker to execute arbitrary code...
Google Android Buffer Overflow Vulnerability (CNVD-2023-52817)
Google Android is a Linux-based open source operating system from Google. A buffer overflow vulnerability exists in Google Android, which can be exploited by an attacker to remotely execute code without additional execute privileges...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that can be exploited by an attacker to send an installation request to an application...
CVE-2023-32115
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
Huawei HarmonyOS 代码问题漏洞
Huawei HarmonyOS is an operating system from Huawei China. HarmonyOS is an operating system from Huawei, China. It provides a full-scenario distributed operating system based on a microkernel. HarmonyOS has a security vulnerability that originates from an improper privilege checking vulnerability...
CVE-2023-2304 Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
Google Chrome Security Bypass Vulnerability (CNVD-2023-46111)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 114.0.5735.90, which stems from a mal-implementation issue in the Extensions API module. An attacker could exploit this vulnerability to bypass security...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.14. An attacker can exploit this vulnerability to perform cross-site scripting attacks...
Vip Video Analysis 跨站脚本漏洞
Vip Video Analysis is a vip video parsing application by yiwen personal developer. A cross-site scripting vulnerability exists in Vip Video Analysis version 1.0. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...
Adobe Substance 3D Painter Out-of-Bounds Read Vulnerability (CNVD-2023-40152)
Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Substance 3D Painter 8.3.0 and earlier versions, which can be exploited by an attacker to execute code in the current user's context...
Pimcore 跨站脚本漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...
Intel Processors 安全漏洞
Intel Processors are American Intel Corporation's offerings to interpret computer instructions and process data in computer software. A security vulnerability exists in Intel Processors. An attacker could exploit the vulnerability to escalate privileges...
Intel NUC 安全漏洞
Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in Intel NUC. An attacker could exploit this vulnerability to escalate privileges...
IBM QRadar Data Synchronization App Encryption Issue Vulnerability
IBM QRadar Data Synchronization App is a data resiliency solution from IBM USA. An encryption issue vulnerability exists in IBM QRadar Data Synchronization App versions 1.0 through 3.0.1, which stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the...
Esri Portal For ArcGIS 跨站请求伪造漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site request forgery vulnerability exists in Esri Portal For ArcGIS. An attack...
CVE-2023-30837 Vyper storage allocator overflow
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...
J2eeFAST 跨站脚本漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free backend framework platform . A cross-site scripting vulnerability exists in Dromara J2eeFAST version 2.6.0 and earlier versions. An attacker can exploit th...