Total 262743 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-47111 1 Zitadel 1 Zitadel 2024-09-12 7.3 High
ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.
CVE-2023-43570 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-09-12 6.7 Medium
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.
CVE-2023-41796 1 Sunshinephotocart 1 Sunshine Photo Cart 2024-09-12 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.
CVE-2023-32087 1 Pega 1 Platform 2024-09-12 4.6 Medium
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
CVE-2024-29015 1 Intel 2 Oneapi Base Toolkit, Vtune Profiler 2024-09-12 6.7 Medium
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32088 1 Pega 1 Platform 2024-09-12 4.6 Medium
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
CVE-2023-32089 1 Pega 1 Platform 2024-09-12 4.6 Medium
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
CVE-2024-28947 1 Intel 1 Server Board S2600st Firmware 2024-09-12 8.2 High
Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-47784 1 Themepunch 1 Slider Revolution 2024-09-12 8.4 High
Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15.
CVE-2024-28887 1 Intel 3 Integrated Performance Primitives, Ipp Software, Oneapi Base Toolkit 2024-09-12 6.7 Medium
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-25561 1 Intel 10 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 and 7 more 2024-09-12 6.7 Medium
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-3305 1 Utarit 1 Soliclub 2024-09-12 N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
CVE-2024-24977 1 Intel 2 License Manager For Flexim, License Manager For Flexlm Product Software 2024-09-12 6.7 Medium
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-7047 2 Devolutions, Microsoft 2 Remote Desktop Manager, Windows 2024-09-12 4.4 Medium
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.
CVE-2023-7057 1 Carmelogarcia 1 Faculty Management System 2024-09-12 3.5 Low
A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744.
CVE-2023-46711 1 Buffalo 2 Vr-s1000, Vr-s1000 Firmware 2024-09-12 4.6 Medium
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.
CVE-2023-46989 1 Innovadeluxe 1 Quick Order 2024-09-12 7.8 High
SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file.
CVE-2024-23908 1 Intel 2 Flexlm License Daemons For Intel Fpga, Fpga Add-on 2024-09-12 6.7 Medium
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-7146 1 Masterlab 1 Masterlab 2024-09-12 6.3 Medium
A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability.
CVE-2024-0822 2 Ovirt, Redhat 2 Ovirt-engine, Rhev Manager 2024-09-12 7.5 High
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.