Filtered by NVD-CWE-Other
Filtered by vendor Subscriptions
Total 29165 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5102 1 Sick 2 Apu0200, Apu0200 Firmware 2024-12-09 5.3 Medium
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.
CVE-2023-43697 1 Sick 2 Apu0200, Apu0200 Firmware 2024-12-09 6.5 Medium
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.
CVE-2023-29931 1 Laravels Project 1 Laravels 2024-12-07 9.8 Critical
laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.
CVE-2022-45287 1 Temenos 1 Cwx 2024-12-07 8.8 High
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.
CVE-2023-28094 1 Pega 1 Pega Platform 2024-12-07 8.1 High
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.
CVE-2024-49580 1 Jetbrains 1 Ktor 2024-12-06 5.3 Medium
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
CVE-2023-34673 1 Elenos 2 Etg150, Etg150 Firmware 2024-12-05 6.5 Medium
Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases.
CVE-2023-34671 1 Elenos 2 Etg150 Fm, Etg150 Fm Firmware 2024-12-05 8.8 High
Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases.
CVE-2023-27197 1 Paxtechnology 2 Pax A930, Pax A930 Firmware 2024-12-05 6.7 Medium
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.
CVE-2023-21172 1 Google 1 Android 2024-12-05 7.8 High
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015
CVE-2021-31635 1 Jfinal 1 Jfinal 2024-12-05 9.8 Critical
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
CVE-2023-36664 4 Artifex, Debian, Fedoraproject and 1 more 5 Ghostscript, Debian Linux, Fedora and 2 more 2024-12-05 7.8 High
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
CVE-2023-34672 1 Elenos 2 Etg150, Etg150 Firmware 2024-12-05 8.8 High
Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.
CVE-2021-30205 1 Dzzoffice 1 Dzzoffice 2024-12-05 5.3 Medium
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.
CVE-2023-25517 4 Citrix, Nvidia, Redhat and 1 more 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more 2024-12-04 7.1 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
CVE-2023-32553 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 5.3 Medium
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.
CVE-2023-32552 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 5.3 Medium
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553
CVE-2023-32528 1 Trendmicro 1 Mobile Security 2024-12-04 8.8 High
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527.
CVE-2023-32527 1 Trendmicro 1 Mobile Security 2024-12-04 8.8 High
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.
CVE-2024-0638 1 Checkmk 1 Checkmk 2024-12-04 8.2 High
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.