Total 262750 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-34834 1 Vermeg 1 Agile Reporter 2024-09-12 4.8 Medium
An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.
CVE-2023-27793 1 Ixpdata 1 Easyinstall 2024-09-12 7.8 High
An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.
CVE-2023-46375 1 Zentao 1 Biz 2024-09-12 8.8 High
ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2023-35182 1 Solarwinds 1 Access Rights Manager 2024-09-12 8.8 High
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
CVE-2023-25753 1 Apache 1 Shenyu 2024-09-12 6.5 Medium
There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch  https://github.com/apache/shenyu/pull/4776  .
CVE-2022-24402 1 Midnightblue 1 Tetra\ 2024-09-12 8.8 High
The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.
CVE-2022-24400 1 Midnightblue 1 Tetra\ 2024-09-12 7.5 High
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.
CVE-2022-26941 1 Motorola 4 Mtm5400, Mtm5400 Firmware, Mtm5500 and 1 more 2024-09-12 9.6 Critical
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.
CVE-2023-46376 1 Zentao 1 Biz 2024-09-12 7.5 High
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.
CVE-2023-27795 1 Ixpdata 1 Easyinstall 2024-09-12 7.8 High
An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.
CVE-2024-7961 2024-09-12 N/A
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
CVE-2023-30131 1 Ixpdata 1 Easyinstall 2024-09-12 9.8 Critical
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.
CVE-2023-46394 1 Gougucms 1 Gougucms 2024-09-12 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.
CVE-2023-30132 1 Ixpdata 1 Easyinstall 2024-09-12 7.8 High
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key.
CVE-2023-46490 1 Cacti 1 Cacti 2024-09-12 6.5 Medium
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.
CVE-2022-3901 1 Visioglobe 1 Visioweb 2024-09-12 7.2 High
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
CVE-2023-30633 1 Insyde 1 Insydeh2o 2024-09-12 5.3 Medium
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices).
CVE-2024-43412 1 Xibosignage 1 Xibo 2024-09-12 4.6 Medium
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xibo Library via the Generic File module to be referenced on Displays and in Layouts. This is intended functionality. When previewing these resources from the Library and Layout editor they are executed in the users browser. This will be disabled in future releases, and users are encouraged to use the new developer tools in 4.1 to design their widgets which require this type of functionality. This behavior has been changed in 4.1.0 to preview previewing of generic files. There are no workarounds for this issue.
CVE-2024-42903 1 Limesurvey 1 Limesurvey 2024-09-12 6.5 Medium
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
CVE-2023-46503 1 Pwncyn 1 Yxbookcms 2024-09-12 6.1 Medium
Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.