Filtered by vendor
Subscriptions
Total
274592 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-12902 | 2024-12-23 | 8.4 High | ||
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials. | ||||
CVE-2023-6717 | 1 Redhat | 15 Amq Broker, Build Keycloak, Jboss Data Grid and 12 more | 2024-12-23 | 6 Medium |
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance. | ||||
CVE-2024-0874 | 1 Redhat | 3 Acm, Logging, Openshift | 2024-12-23 | 5.3 Medium |
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | ||||
CVE-2024-3727 | 1 Redhat | 18 Acm, Advanced Cluster Security, Ansible Automation Platform and 15 more | 2024-12-23 | 8.3 High |
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. | ||||
CVE-2024-1394 | 1 Redhat | 23 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 20 more | 2024-12-23 | 7.5 High |
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. | ||||
CVE-2024-50623 | 1 Cleo | 4 Harmomy, Harmony, Lexicom and 1 more | 2024-12-23 | 9.8 Critical |
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. | ||||
CVE-2023-39417 | 3 Debian, Postgresql, Redhat | 10 Debian Linux, Postgresql, Advanced Cluster Security and 7 more | 2024-12-23 | 7.5 High |
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | ||||
CVE-2024-11230 | 2024-12-23 | 6.4 Medium | ||
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-21726 | 2024-12-23 | 6.5 Medium | ||
Inadequate content filtering leads to XSS vulnerabilities in various components. | ||||
CVE-2024-40744 | 1 Tassosgr | 1 Convert Forms | 2024-12-23 | 9.8 Critical |
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. | ||||
CVE-2024-40745 | 2024-12-23 | 5.4 Medium | ||
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. | ||||
CVE-2024-12901 | 2024-12-23 | 5.3 Medium | ||
A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-12900 | 2024-12-23 | 6.3 Medium | ||
A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-54082 | 2024-12-23 | N/A | ||
home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user. | ||||
CVE-2024-52321 | 2024-12-23 | N/A | ||
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. | ||||
CVE-2024-47864 | 2024-12-23 | N/A | ||
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down. | ||||
CVE-2024-46873 | 2024-12-23 | N/A | ||
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker. | ||||
CVE-2024-45721 | 2024-12-23 | N/A | ||
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user. | ||||
CVE-2024-12899 | 2024-12-23 | 7.3 High | ||
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-12898 | 2024-12-23 | 6.3 Medium | ||
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php. The manipulation of the argument faculty_course_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |