KLA63958 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions. Below is a complete list of...

KLA63965 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilitie...

PT-2024-1649 · Microsoft · Dynamics 365 Sales

Name of the Vulnerable Software and Affected Versions: Dynamics 365 Sales affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Microsoft Dynamics 365, which can lead to spoofing attacks. A remote attacker can...

CVE-2023-40264

An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface...

CVE-2023-40264

An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface...

Path traversal

An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface...

CVE-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

Sql injection

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

Atos Unify OpenScape Path Traversal Vulnerability

Atos Unify OpenScape is a native SIP-based real-time Voice over IP system from Atos Unify. A path traversal vulnerability exists in Atos Unify OpenScape Voice Trace Manager V8 V8 prior to R0.9.11, which stems from allowing authenticated path traversal in the user interface...

CVE-2023-40264

An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface...

CVE-2024-24822

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually...

Pimcore Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in pimcore...

IBM SAN Volume Controller Trust Management Issue Vulnerability

IBM SAN Volume Controller is a storage virtualization system from International Business Machines IBM. The system provides a single point of control over storage resources and supports tiered storage, consolidated storage, and disaster recovery. A trust management issue vulnerability exists in IB...

The vulnerability of the component org.xwiki.platform:xwiki-platform-livetable-ui of the XWiki platform for creating collaborative web applications. The XWiki platform allows attackers to gain unauthorized access to protected information.

The vulnerability of the “org.xwiki.platform:xwiki-platform-livetable-ui” component of the XWiki platform involves the disclosure of information in an unauthorized manner. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

Allegro Cross-Site Scripting Vulnerability

Allegro is a cross-platform library open-sourced by Allegro primarily for video game and multimedia programming. A security vulnerability exists in Allegro AI ClearML. An attacker can exploit this vulnerability to execute a JavaScript payload when a user views the "Debug Samples" tab in the Web U...

TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue exists within the handling of the name field in the access control user interface. The issu...

CVE-2023-50947

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

IBM Business Automation Workflow Cross-Site Scripting Vulnerability

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site scripting vulnerability exists in IBM...

PT-2024-14024 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 22.0.2 through 23.0.2 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...

CVE-2023-47144

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...