527 matches found
CVE-2024-48008
Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information...
KLA77760 DoS vulnerability in Microsoft Browser
Type confusion vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2024-12053 Related products Microsoft-Edge CVE list CVE-2024-12053 unknown Solution Install necessary updates from the Settings and more...
Remote Code Execution (RCE)
System.Formats.Nrbf is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient input validation, allowing an attacker to exploit it by sending specially crafted requests or loading malicious files into a vulnerable application...
CVE-2024-7352 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...
CVE-2024-21287
...
Siemens SINEC NMS Privilege Assignment Error Vulnerability
SINEC NMS is a new generation network management system for digital enterprises. The system enables centralized monitoring, management and configuration of the network. A privilege assignment error vulnerability exists in Siemens SINEC NMS, which can be exploited by an attacker to write arbitrary...
The vulnerability of the vfio component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the vfio component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-20514
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This...
CVE-2024-39753
An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...
Oracle MySQL 安全漏洞
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause MySQL Server to hang or crash frequently and repeatedly...
CVE-2024-47653
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to...
CVE-2023-26771
Taskcafe 0.3.2 is vulnerable to Cross-Site Scripting (XSS) via an SVG profile picture upload due to a lack of validation in the filetype. An authenticated attacker can upload a malicious SVG, with the payload executed when a victim opens the file. Affected component: upload handling for SVG profi...
Advantech ADAM-5550 Cross-Site Scripting Vulnerability
Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from a cross-site scripting vulnerability that stems from the device failing to properly eliminate malicious code when parsing HTTP requests to generate page output. An attacker can...
Google Chrome Security Bypass Vulnerability (CNVD-2024-49510)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome 129.0.6668.58 and earlier versions, which can be exploited by attackers to bypass security restrictions...
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
IBM Java 7.1 < 7.1.5.23 / 8.0 < 8.0.8.30 Multiple Vulnerabilities
The version of IBM Java installed on the remote host is prior to 7.1 7.1.5.23 / 8.0 8.0.8.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 16 2024 CPU advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...
CVE-2024-33960 SQL injection in Janobe products
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...
CVE-2024-33960
CVE-2024-33960 concerns a SQL injection in Janobe PayPal/Card Payment software v1.0. The vulnerability allows an attacker to craft a query via the parameter named “end” in the endpoint “/admin/mod_reports/printreport.php” and potentially retrieve information stored by the server. Several connecte...
Exploit for Path Traversal in Fujitsu Network_Edgiot_Gw1500_Firmware
CVE-2024-40617 Exploit PoC for CVE-2024-40617 Description...