Total
262743 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-47111 | 1 Zitadel | 1 Zitadel | 2024-09-12 | 7.3 High |
ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3. | ||||
CVE-2023-43570 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2024-09-12 | 6.7 Medium |
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. | ||||
CVE-2023-41796 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-09-12 | 5.3 Medium |
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | ||||
CVE-2023-32087 | 1 Pega | 1 Platform | 2024-09-12 | 4.6 Medium |
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | ||||
CVE-2024-29015 | 1 Intel | 2 Oneapi Base Toolkit, Vtune Profiler | 2024-09-12 | 6.7 Medium |
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2023-32088 | 1 Pega | 1 Platform | 2024-09-12 | 4.6 Medium |
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | ||||
CVE-2023-32089 | 1 Pega | 1 Platform | 2024-09-12 | 4.6 Medium |
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | ||||
CVE-2024-28947 | 1 Intel | 1 Server Board S2600st Firmware | 2024-09-12 | 8.2 High |
Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2023-47784 | 1 Themepunch | 1 Slider Revolution | 2024-09-12 | 8.4 High |
Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15. | ||||
CVE-2024-28887 | 1 Intel | 3 Integrated Performance Primitives, Ipp Software, Oneapi Base Toolkit | 2024-09-12 | 6.7 Medium |
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-25561 | 1 Intel | 10 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 and 7 more | 2024-09-12 | 6.7 Medium |
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-3305 | 1 Utarit | 1 Soliclub | 2024-09-12 | N/A |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | ||||
CVE-2024-24977 | 1 Intel | 2 License Manager For Flexim, License Manager For Flexlm Product Software | 2024-09-12 | 6.7 Medium |
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2023-7047 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-09-12 | 4.4 Medium |
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. | ||||
CVE-2023-7057 | 1 Carmelogarcia | 1 Faculty Management System | 2024-09-12 | 3.5 Low |
A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744. | ||||
CVE-2023-46711 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-09-12 | 4.6 Medium |
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | ||||
CVE-2023-46989 | 1 Innovadeluxe | 1 Quick Order | 2024-09-12 | 7.8 High |
SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file. | ||||
CVE-2024-23908 | 1 Intel | 2 Flexlm License Daemons For Intel Fpga, Fpga Add-on | 2024-09-12 | 6.7 Medium |
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2023-7146 | 1 Masterlab | 1 Masterlab | 2024-09-12 | 6.3 Medium |
A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. | ||||
CVE-2024-0822 | 2 Ovirt, Redhat | 2 Ovirt-engine, Rhev Manager | 2024-09-12 | 7.5 High |
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. |