Design/Logic Flaw

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

Buffer overflow

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low...

Server side request forgery (ssrf)

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...

Design/Logic Flaw

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easi...

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

Design/Logic Flaw

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

Buffer overflow

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Pod Admin. Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

Design/Logic Flaw

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the...

Stack overflow

In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub40E700 function within the cgibin is susceptible to stack overflow...

Design/Logic Flaw

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks...

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition:...

Design/Logic Flaw

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

Code injection

An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status...

Cross site scripting

A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title...

Input validation

Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7...

Design/Logic Flaw

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7...

Input validation

Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...

Input validation

Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7...

Code injection

An issue discovered in TOTOLINK X6000R V9.4.0cu.852B20230719 allows attackers to run arbitrary code via the sub410118 function of the shttpd program...

Design/Logic Flaw

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

Command injection

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, an...

Cross site scripting

A Stored Cross Site Scripting XSS vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter...

Stack overflow

A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy function...

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by GitHub...

Design/Logic Flaw

OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field...

Authorization

Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application...

Design/Logic Flaw

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

Sql injection

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editdistributor.php?id=...

Sql injection

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editretailer.php?id=...

Design/Logic Flaw

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

Design/Logic Flaw

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

Design/Logic Flaw

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

Design/Logic Flaw

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

Design/Logic Flaw

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

Sql injection

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expensebudget/admin/?page=reports/budget&datestart=2023-12-28&dateend=...

Sql injection

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editcategory.php?id=...

Design/Logic Flaw

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

Design/Logic Flaw

Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser...

Design/Logic Flaw

A GPU kernel can read sensitive data from another GPU kernel even from another user or app through an optimized GPU memory region called local memory on various architectures...

Command injection

A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely...

Cross site scripting

The WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...

Cross site request forgery (csrf)

The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cross site request forgery (csrf)

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

Cross site scripting

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...

Cross site request forgery (csrf)

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...

Design/Logic Flaw

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...