CVE-2024-36411 SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

RPCMS Cross-Site Scripting Vulnerability (CNVD-2024-01190)

RPCMS is a software application, a web CMS system. A cross-site scripting vulnerability exists in RPCMS v3.5.5, which stems from the lack of effective filtering and escaping of user-supplied data in the component /logs/dopost.html, and can be exploited by an attacker to execute arbitrary Web scri...

Published apps and desktop shows error "The user name and password is incorrect"

The user name or password is incorrect at System.Security.Principal.WindowsIdentity.KerbS4ULogonString upn, SafeAccessTokenHandle& safeTokenHandle at System.Security.Principal.WindowsIdentity..ctorString sUserPrincipalName, String type at System.Security.Principal.WindowsIdentity..ctorString...

Out-of-Bounds Read

libbzip3.so is vulnerable to Out-of-Bounds Reads. The vulnerability exists in libbz3.c via the bz3decodeblock which allows an attacker to perform out-of bound reads causing an application crash...

Privilege escalation

Symantec Endpoint Detection and Response SEDR Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected fro...

Adobe Premiere Elements null pointer dereference vulnerability

Adobe Premiere Elements is a video editing software application from Adobe. Adobe Premiere Elements 2021 build 19.0 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit this vulnerability to cause a memory leak...

Adobe Premiere Elements Memory Out-of-Bounds Access Vulnerability (CNVD-2021-82409)

Adobe Premiere Elements is a video editing software application. 2021 build 19.0 and earlier versions of Adobe Premiere Elements contain a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...

Privilege Escalation

k3s is vulnerable to privilege escalation. The vulnerability allows an attacker to obtain additional privileges within the application...

Unspecified vulnerability in deep-override (CNVD-2021-47378)

deep-override is a software application. Provides a recursive object extension and override. A security vulnerability exists in deep-override versions 1.0.0 through 1.0.1, which can be exploited by an attacker to cause a denial of service and potentially lead to remote code execution...

CVE-2021-32490

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filterbv via crafted djvu file may lead to application crash and other consequences...

Unspecified Vulnerability in CubeCoders AMP

AMP is a software application. Used to track all issues and bugs within the CubeCoders AMP platform. A security vulnerability exists in CubeCoders AMP versions prior to 2.1.1.8, which can be exploited by attackers to cause code execution to be triggered by highly privileged users...

Pajbot Cross-Site Request Forgery Vulnerability

pajbot is a software application. A twitch chatbot. A cross-site request forgery vulnerability exists in versions prior to Pajbot 1.52, which stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could exploit the vulnerability to...

Emissary 代码问题漏洞

Emissary is a software application. A P2P-based data-driven workflow engine that runs on heterogeneous and potentially widely distributed multi-tier P2P network computing resources. A security vulnerability exists in Emissary 5.9.0, which can be exploited by an attacker to upload arbitrary files...

exiftool Injection Vulnerability

exiftool is a software application. Make metadata more accessible. An injection vulnerability exists in ExifTool versions 7.44 and earlier versions, which can be exploited by an attacker to arbitrarily execute code while parsing a malicious image...

Schneider Electric C-Bus Toolkit Path Traversal Vulnerability (CNVD-2021-29839)

Schneider Electric C-Bus Toolkit is a software application from Schneider Electric, France. It is used to assist in C-Bus installations. A path traversal vulnerability exists in versions of C-Bus Toolkit prior to V1.15.7, which can be exploited by an attacker to execute arbitrary code...

Selea CarPlateServer 4.0.1.6 Local Privilege Escalation

Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120 4.013201105 3.100200225 3.005191206 3.005191112 Summary: Our CPS Car Plate Server software is an advanced solution that can be installed on...

CVE-2020-5832

Symantec Data Center Security Manager Component, prior to 6.8.2 aka 6.8 MP2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected...

CVE-2020-5820

Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the...

Privilege escalation

Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the...