9293 matches found
CVE-2023-37607
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter...
CVE-2023-41312
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically...
CVE-2023-20921
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2023-1666
A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. This vulnerability affects unknown code of the file users/classes/viewclass.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...
CVE-2023-1593
A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=saveclass. The manipulation of the argument description leads to cross site scripting...
CVE-2023-41866
Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3...
CVE-2023-1474
A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/questionpapers/managequestionpaper.php of the component GET Parameter Handler. The manipulation of the argument id leads to s...
CVE-2023-2781
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...
CVE-2023-48430
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...
CVE-2022-48072
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...
CVE-2022-48070
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...
CVE-2022-1076
A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is...
CVE-2022-20489
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-26631
Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter...
CVE-2022-34881
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01...
CVE-2021-32646
Roomer is a discord bot cog extension which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get the manage channel permissions in a private VC they have joined. This allowed them to make changes ...
CVE-2021-0307
In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional...
CVE-2020-8207
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...
CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout
wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...
CVE-2020-10582
A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...