73 matches found
GHSA-WH4M-6RH3-P4RQ Magento Open Source allows Improper Input Validation
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack...
CVE-2024-29185 FreeScout OS Command Injection vulnerability
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the phppath parameter is being executed as an OS command by the shellexec function, without validating it. This allows an...
GHSA-GGR8-3HWX-4F2M Magento Open Source allows SQL Injection
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
CVE-2023-38249 Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
CVE-2023-4986 Supcon InPlant SCADA Project.xml unknown vulnerability
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...
Hitachi Energy FOXMAN-UN and UNEM Products
1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN, UNEM Products Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could permit an attacker to access sensitive...
PT-2023-19459 · Konga · Konga
Name of the Vulnerable Software and Affected Versions: Konga version 2.8.3 Description: A problem was found in the Login API component, leading to insufficiently random values. The complexity of an attack is rather high, and the exploitability is difficult. The issue has been disclosed to the...
Shopify: Reflected XSS In Marketing Reports Page On *.myshopify.com/admin
The returnpagepathname parameter on the marketing reports page of a Shopify store was vulnerable to reflected cross-site scripting XSS when using the javascript: protocol. The vulnerability was assessed as having high attack complexity, as specific conditions were required for the XSS to execute...
CVE-2022-2142
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information...
CVE-2022-2142
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information...
CVE-2022-2142 Advantech iView
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information...
CVE-2022-2142 Advantech iView
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information...
CVE-2019-19126
A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...