213680 matches found
Design/Logic Flaw
A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...
Design/Logic Flaw
A maliciously crafted 3DM file in opennurbs.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...
Improper access control
code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control...
Code injection
An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4dbase.xdl64 file...
Information disclosure
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...
Authorization
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
Out-of-bounds
A maliciously crafted STP, CATPART or MODEL file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...
Design/Logic Flaw
An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the Guest role can change Custom dashboard projects settings contrary to permissions...
Cross site scripting
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."...
Default credentials
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their...
Design/Logic Flaw
A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...
Privilege escalation
An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admingroupmember permission, they may be able to make a group...
Hardcoded credentials
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
Cross site scripting
Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...
Information disclosure
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated...
Sql injection
A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in getnextnotice function...
Sql injection
A SQL Injection vulnerability in /pmb/opaccss/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value...
Unrestricted file upload
File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...
Sql injection
A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint...
Stack overflow
A stack overflow vulnerability in Tenda AC21 with firmware version USAC21V1.0reV16.03.08.15cnTDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi...
Server side request forgery (ssrf)
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...
Design/Logic Flaw
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...
Command injection
Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816A2v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter...
Stack overflow
A stack overflow vulnerability in Tenda AC6 with firmware version USAC6V5.0reV03.03.02.01cnTDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet...
Stack overflow
A stack overflow vulnerability in Tenda AC23 with firmware version USAC23V1.0reV16.03.07.45cnTDC01 allows attackers to run arbitrary commands via schedStartTime parameter...
Sql injection
SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in exportskos.php...
Sql injection
SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/exportz3950.php endpoint...
Command injection
Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/...
Improper access control
Archer Platform 6.8 before 6.14 P2 6.14.0.2 contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges...
Cross site scripting
Archer Platform 6.x before 6.14 P2 HF1 6.14.0.2.1 contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then...
Code injection
An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...
Directory traversal
Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...
Command injection
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and...
Command injection
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier...
Information disclosure
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled i.e., ELECTRONRUNASNODE can be used in production. This makes it easier for a compromised process to access banking information...
Cross site scripting
A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jspsettings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiat...
Design/Logic Flaw
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...
Buffer overflow
A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/tostr.c, and formatfractionalpartnsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected...
Cross site scripting
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content...
Buffer overflow
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addrresolv.c, and wsmanuflookupstr, size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected...
Path traversal
A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier o...
Code injection
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input hi leads to cross site scripting. The attack may be launch...
Command injection
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...
Sql injection
ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
Sql injection
ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection Time-based via the familyId GET parameter...
Sql injection
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
Sql injection
ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...
Sql injection
ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php...