112 matches found
CVE-2024-24215
An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request...
CVE-2024-24291
An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL...
CVE-2024-24291
An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL...
Information disclosure
An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid arguments. The product is not intended to always halt for contrived inputs...
PT-2023-9571
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 Oracle GraalVM for JDK versions 17.0.12, 21.0.4, 23 Oracle GraalVM Enterprise Edition versions 20.3.15, 21.3.11 Description The issue is related to the Serialization...
CVE-2023-45899
An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...
CVE-2023-41599
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal...
CVE-2023-41599
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal...
CVE-2023-39748
An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service DoS via a crafted GET request...
CVE-2023-30380
An issue in the component /dialog/selectmedia.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal...
Citrix Secure Access setup failed in Windows11 (ARM64 based)
CitrixSecure Accesssetup failed in Windows11 ARM64 based with the below error "Unable to manage network component. The condition can be transient. If it persists, it maybe because you're a member of the Network ConfigurationOperators group......"...
CVE-2023-20614
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615...
CVE-2022-46959
An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal...
CVE-2022-46959
An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal...
CVE-2023-22488 Missing authorization in Flarum
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...
CVE-2022-44140
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component...
CVE-2022-43255
GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gfodfnewiod at odf/odfcode.c...
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...
CVE-2022-33099
An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...
PT-2022-2416 · Oracle +11 · Mysql Server +10
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.37 and prior MySQL Server versions 8.0.28 and prior Description: A vulnerability in the MySQL Server product allows a high privileged attacker with network access via multiple protocols to compromise the server...