Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-3405 3 Acronis, Linux, Microsoft 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more 2025-02-03 8.8 High
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
CVE-2024-57362 2025-02-03 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54840. Reason: This candidate is a reservation duplicate of CVE-2024-54840. Notes: All CVE users should reference CVE-2024-54840 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2024-20142 2 Google, Mediatek 44 Android, Mt6739, Mt6761 and 41 more 2025-02-03 6.2 Medium
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.
CVE-2023-30417 1 Pearadmin 1 Pear Admin Boot 2025-02-03 5.4 Medium
A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.
CVE-2023-30404 1 Aigital 2 Wireless-n Repeater Mini Router, Wireless-n Repeater Mini Router Firmware 2025-02-03 9.8 Critical
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.
CVE-2023-30280 1 Netgear 4 R6700, R6700 Firmware, R6900 and 1 more 2025-02-03 9.8 Critical
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.
CVE-2023-30269 1 Cltphp 1 Cltphp 2025-02-03 8.1 High
CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.
CVE-2023-30267 1 Cltphp 1 Cltphp 2025-02-03 6.1 Medium
CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.
CVE-2023-30266 1 Cltphp 1 Cltphp 2025-02-03 8.8 High
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.
CVE-2023-30265 1 Cltphp 1 Cltphp 2025-02-03 6.5 Medium
CLTPHP <=6.0 is vulnerable to Directory Traversal.
CVE-2023-30177 1 Craftcms 1 Craft Cms 2025-02-03 6.1 Medium
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
CVE-2023-30112 1 Medicine Tracker System Project 1 Medicine Tracker System 2025-02-03 7.5 High
Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection.
CVE-2023-30111 1 Medicine Tracker System Project 1 Medicine Tracker System 2025-02-03 6.1 Medium
Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-30106 1 Medicine Tracker System Project 1 Medicine Tracker System 2025-02-03 6.1 Medium
Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.
CVE-2023-2291 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2025-02-03 7.8 High
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
CVE-2023-29836 1 Exelysis 1 Exelysis Unified Communications Solution 2025-02-03 6.1 Medium
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.
CVE-2023-29835 1 Wondershare 1 Dr.fone 2025-02-03 7.8 High
Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.
CVE-2023-29779 1 Sengled 2 E1e-g7f, E1e-g7f Firmware 2025-02-03 7.5 High
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.
CVE-2023-29596 1 Cmix Project 1 Cmix 2025-02-03 7.8 High
Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function.
CVE-2023-29442 1 Zohocorp 1 Manageengine Applications Manager 2025-02-03 6.1 Medium
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.