Search Results (366926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27973 1 Hp 76 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 73 more 2025-01-30 9.8 Critical
Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.
CVE-2023-29058 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 6.4 Medium
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
CVE-2023-30858 1 Denosaurs 1 Emoji 2025-01-30 5.3 Medium
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.
CVE-2023-29057 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 7.3 High
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.
CVE-2023-29056 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 5.3 Medium
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.
CVE-2023-25496 1 Lenovo 1 Drivers Management 2025-01-30 7.8 High
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.
CVE-2023-25495 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 4.9 Medium
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured
CVE-2023-2410 1 Oretnom23 1 Ac Repair And Services System 2025-01-30 6.3 Medium
A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704.
CVE-2023-2417 1 Ks-soft 1 Advanced Host Monitor 2025-01-30 5.3 Medium
A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability.
CVE-2023-2420 1 Mlecms 1 Mlecms 2025-01-30 6.3 Medium
A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability.
CVE-2023-30063 1 Dlink 2 Dir-890l, Dir-890l Firmware 2025-01-30 7.5 High
D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.
CVE-2023-30061 1 Dlink 2 Dir-879, Dir-879 Firmware 2025-01-30 7.5 High
D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.
CVE-2020-22429 1 Redox-os 1 Redox 2025-01-30 7.8 High
redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.
CVE-2017-11197 1 Cyberark 1 Viewfinity 2025-01-30 7.8 High
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.
CVE-2023-30466 1 Milesight 40 Ms-n1004-uc, Ms-n1004-uc Firmware, Ms-n1004-upc and 37 more 2025-01-30 9.8 Critical
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.
CVE-2023-31434 1 Evasys 1 Evasys 2025-01-30 5.4 Medium
The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.
CVE-2023-31433 1 Evasys 1 Evasys 2025-01-30 8.8 High
A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter.
CVE-2023-30792 1 Facebook 1 Lexical 2025-01-30 6.1 Medium
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.
CVE-2023-30403 1 Aigital 2 Wireless-n Repeater Mini Router, Wireless-n Repeater Mini Router Firmware 2025-01-30 7.5 High
An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user.
CVE-2023-2445 1 Devolutions 1 Devolutions Server 2025-01-30 4.9 Medium
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.