Search Results (366988 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31669 1 Webassembly 1 Webassembly Binary Toolkit 2025-01-31 5.5 Medium
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
CVE-2023-31664 1 Wso2 1 Api Manager 2025-01-31 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
CVE-2023-30507 1 Arubanetworks 1 Edgeconnect Enterprise 2025-01-31 4.9 Medium
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
CVE-2023-30506 1 Arubanetworks 1 Edgeconnect Enterprise 2025-01-31 7.2 High
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2023-30149 2 Ebewe, Prestashop 2 City Autocomplete, Prestashop 2025-01-31 9.8 Critical
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.
CVE-2023-29861 1 Flir 2 Dvtel Camera, Dvtel Camera Firmware 2025-01-31 9.8 Critical
An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device.
CVE-2023-29721 1 Sofawiki Project 1 Sofawiki 2025-01-31 9.8 Critical
SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.
CVE-2023-27518 1 Contec 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more 2025-01-31 8.8 High
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.
CVE-2024-40620 1 Rockwellautomation 1 Pavilion8 2025-01-31 7.5 High
CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.
CVE-2024-40619 1 Rockwellautomation 4 Controllogix 5580, Controllogix 5580 Firmware, Guardlogix 5580 and 1 more 2025-01-31 7.5 High
CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
CVE-2024-54155 1 Jetbrains 1 Youtrack 2025-01-31 3.7 Low
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVE-2024-54154 1 Jetbrains 1 Youtrack 2025-01-31 8 High
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVE-2024-5165 1 Eclipse 1 Ditto 2025-01-31 6.5 Medium
In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability. However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users.
CVE-2024-54153 1 Jetbrains 1 Youtrack 2025-01-31 3.1 Low
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVE-2024-52555 1 Jetbrains 1 Webstorm 2025-01-31 6.3 Medium
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
CVE-2023-39998 1 Muffingroup 1 Betheme 2025-01-31 8.2 High
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1.
CVE-2023-31615 1 Openlinksw 1 Virtuoso 2025-01-31 7.5 High
An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31614 1 Openlinksw 1 Virtuoso 2025-01-31 7.5 High
An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2023-31518 1 Teeworlds 1 Teeworlds 2025-01-31 5.5 Medium
A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.
CVE-2023-31460 1 Mitel 1 Mivoice Connect 2025-01-31 7.2 High
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters.