213680 matches found
Sql injection
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file adminclass.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has be...
Sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/vieworder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...
Sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manageproduct.php. The manipulation of the argument id leads to sql injection. The attack may be...
Directory traversal
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...
Input validation
A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors...
Input validation
An issue was discovered in Cloud Native Computing Foundation CNCF Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was...
Design/Logic Flaw
p2putil.c in iNet wireless daemon IWD through 2.15 allows attackers to cause a denial of service daemon crash or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails...
Design/Logic Flaw
A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to t...
Sql injection
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...
Design/Logic Flaw
A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...
Sql injection
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely...
Code injection
IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151...
Design/Logic Flaw
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740...
Input validation
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396...
Cross site scripting
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launch...
Design/Logic Flaw
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...
Cross site scripting
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the...
Design/Logic Flaw
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781...
Code injection
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 27253...
Cross site scripting
IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...
Command injection
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638...
Code injection
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service DoS and escalate privileges via the url parameter in the postProcess method...
Information disclosure
An issue was discovered in Webbax "Super Newsletter" supernewsletter module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information...
Design/Logic Flaw
An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...
Sql injection
SQL Injection vulnerability in MyPrestaModules "Product Catalog CSV, Excel Import" simpleimportproduct modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::construct and importProducts::addDataToDb methods...
Design/Logic Flaw
An issue was discovered in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess method...
Cross site scripting
Cross Site Scripting XSS vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL...
Design/Logic Flaw
An issue was discovered in Common-Services "So Flexibilite" soflexibilite module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file...
Path traversal
Path Traversal vulnerability in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage method...
Code injection
IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279...
Cross site scripting
A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospitalactivities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input leads ...
Cross site request forgery (csrf)
A vulnerability has been found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This vulnerability affects unknown code of the file /investigation/delete/ of the component Investigation Report Handler. The manipulation leads to cross-site request forgery. The attack can...
Cross site scripting
A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manageinvoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross si...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG after failure to insert delayed dir index item Instead of calling BUG when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquire...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scrmemcpyw is optimized to memcpy because memcpy...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damondotestapplythreeregions When CONFIGDAMONVADDRKUNITTEST=y and making CONFIGDEBUGKMEMLEAK=y and CONFIGDEBUGKMEMLEAKAUTOSCAN=y, the below memory leak is detected. Since commit 9f86d624292...
Cross site scripting
Cross Site Scripting XSS vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifsdemultiplexthread There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2isnetworknamedeleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved Adding a reserved memory region for the framebuffer memory the splash memory region set up by the bootloader. It fixes a kernel panic arm-smmu: Unhandled...
Open redirect
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on -hpdnotify callback The EDID returned by drmbridgegetedid needs to be freed...
Cross site scripting
Cross-site Scripting XSS - DOM in GitHub repository langchain-ai/chat-langchain prior to 0.0.0...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210probe If ofclkaddprovider fails in ca8210registerextclock, it calls clkunregister to release priv-clk and returns an error. However, the caller ca8210probe then calls ca8210remove,...
Authentication flaw
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211keylink is called by ieee80211gtkrekeyadd but returns 0 due to KRACK protection identical key reinstall, ieee80211gtkrekeyadd will still return a pointer into the key...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl-gpiobank' happens before the check for GPIO index validity, so out of bounds write may happen. Found by Linux Verification Center linuxtesting.org with SVACE...
Memory corruption
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc'ed for: sizeofstruct iwlnvmdata + sizeofstruct ieee80211channel + sizeofstruct ieee80211rate 'mvm-nvmdata' is a 'struct iwlnvmdata', so it is...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node0 at initialization After commit 61167ad5fecdea "mm: pass nid to reservebootmemregion" we get a panic if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle kernel pagin...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in applyalternatives Fei has reported that KASAN triggers during applyalternatives on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcuiswatching Read of size 4 at addr ff110003ee6419a0 by...