| CVE-2024-24026 | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | critical |
| CVE-2024-21494 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. | medium |
| CVE-2024-20107 | In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823. | medium |
| CVE-2024-20106 | In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590. | medium |
| CVE-2024-20104 | In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772. | high |
| CVE-2024-20103 | In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599. | critical |
| CVE-2024-20101 | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602. | critical |
| CVE-2024-1319 | The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts). | medium |
| CVE-2024-11831 | A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package. | medium |
| CVE-2024-0864 | Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. | critical |
| CVE-2023-6294 | The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | high |
| CVE-2023-51327 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | medium |
| CVE-2023-51326 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | medium |
| CVE-2023-51315 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters. | medium |
| CVE-2023-51314 | A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | high |
| CVE-2023-51301 | A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | high |
| CVE-2023-51052 | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | critical |
| CVE-2023-50386 | Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader. | high |
| CVE-2023-49032 | An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone. | critical |
| CVE-2023-44753 | A stored cross-site scripting (XSS) vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page. | medium |
| CVE-2023-44752 | An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php. | critical |
| CVE-2023-44040 | In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate. | medium |
| CVE-2023-41425 | Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. | medium |
| CVE-2023-39810 | An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | high |
| CVE-2023-36645 | SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function. | critical |
| CVE-2023-36644 | Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin. | medium |
| CVE-2023-36643 | Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function. | medium |
| CVE-2023-32835 | In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. | medium |
| CVE-2023-2745 | WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack. | medium |
| CVE-2023-26691 | Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on. | high |
| CVE-2023-26690 | File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu. | high |
| CVE-2023-26689 | An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request. | critical |
| CVE-2023-26688 | Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface. | medium |
| CVE-2023-26687 | Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on. | high |
| CVE-2023-26686 | File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop. | critical |
| CVE-2023-2603 | A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. | critical |
| CVE-2023-20249 | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | medium |
| CVE-2022-46414 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. | critical |
| CVE-2022-46411 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. | high |
| CVE-2022-46410 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands. | high |
| CVE-2022-46405 | Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. | high |
| CVE-2022-46391 | AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | medium |
| CVE-2022-46338 | g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | medium |
| CVE-2022-46089 | Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter. | medium |
| CVE-2022-45990 | A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. | medium |
| CVE-2022-45912 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution. | high |
| CVE-2022-45869 | A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. | medium |
| CVE-2022-45797 | An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | high |
| CVE-2022-45771 | An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. | high |
| CVE-2022-45769 | A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter. | medium |
