213680 matches found
Out-of-bounds
A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high...
Information disclosure
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...
Cross site scripting
Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...
Sql injection
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...
Input validation
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...
Sql injection
In the module "Import/Update Bulk Product from any Csv/Excel File Pro" baimporter up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions...
Cross site scripting
In the module "So Flexibilite" soflexibilite from Common-Services for PrestaShop 4.1.26, a guest authenticated customer can perform Cross Site Scripting XSS injection...
Design/Logic Flaw
In the module "Product Catalog CSV, Excel Import" simpleimportproduct = 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php...
Sql injection
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/searchsalesreport.php. The manipulation of the argument customer leads to sql injection. The attack may...
Xxe
XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...
Memory corruption
Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...
Sql injection
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
Cross site scripting
A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...
Race condition
In Srelay the SOCKS proxy and Relay v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service...
Design/Logic Flaw
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...
Design/Logic Flaw
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
Sql injection
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function deleteclass/deletestudent of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input...
Information disclosure
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
Cross site scripting
Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting XSS via adminer.php...
Authentication flaw
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...
Design/Logic Flaw
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...
Design/Logic Flaw
A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the...
Cross site request forgery (csrf)
Rejected reason: Accidental Request...
Memory corruption
libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp...
Remote code execution
UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...
Design/Logic Flaw
Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...
Design/Logic Flaw
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...
Hardcoded credentials
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The...
Input validation
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account...
Cross site scripting
A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component Manage Walkin Page. The manipulation of the argument Job Title leads to cross site scripting. The attack can...
Out-of-bounds
A vulnerability has been found in Beijing Baichuo Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. Th...
Design/Logic Flaw
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access...
Authentication flaw
A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access...
Cross site request forgery (csrf)
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...
Design/Logic Flaw
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Cross site request forgery (csrf)
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...
Cross site request forgery (csrf)
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...
Design/Logic Flaw
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Design/Logic Flaw
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Authentication flaw
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access...
Design/Logic Flaw
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Cross site request forgery (csrf)
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...
Cross site request forgery (csrf)
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: sctp: use callrcu to free endpoint This patch is to delay the endpoint free by calling callrcu to fix another use-after-free issue in sctpsockdump: BUG: KASAN: use-after-free in lockacquire+0x36d9/0x4c20 Call Trace:...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2ctransfer, ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy-pendingskb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unreferenced object...
Stack overflow
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5etxreporterdumpsq casts its void argument to struct mlx5etxqsq , but in TX-timeout-recovery flow the argument is actually of type struct mlx5etxtimeoutc...