30 matches found
EUVD-2026-26201
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...
EUVD-2020-12026
Malware in sbrugna...
EUVD-2020-2347
Malware in sbrugna...
EUVD-2019-9921
Malware in sbrugna...
EUVD-2018-2266
Malware in sbrugna...
CVE-2024-51557
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted...
CVE-2024-2259 Reflected XXS Vulnerability in InstaRISPACS Software
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerabl...
bind9: Specific recursive query patterns may lead to an out-of-memory condition
A flaw was found in the named application, part of the bind9 package, which uses a cache database to speeds up DNS queries. To maintain its efficiency when running as a recursive name resolver, named performs a cache database clean up under certain conditions. This issue may allow an attacker to...
CVE-2023-51741
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...
CVE-2023-51733 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the...
CVE-2023-51730 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...
CVE-2023-51724 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of...
CVE-2023-51720 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...
CVE-2023-5391
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application...
Cisco Jabber for Windows Information Disclosure (cisco-sa-jabber-ttcgB9R3)
According to its self-reported version, Cisco Jabber is affected by a information disclosure vulnerability. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful...
Windows Kernel Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. The update addresses the vulnerability by...
CVE-2020-1145
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963...
CVE-2020-8895 DLL Hijacking in Google Earth Pro Windows installer
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system...
CVE-2020-0874
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774...
Information disclosure
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'...