Search Results (366864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-43866 1 Ibm 1 Maximo Asset Management 2025-01-29 5.4 Medium
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.
CVE-2020-36065 1 Flycms Project 1 Flycms 2025-01-29 8.8 High
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
CVE-2020-23966 1 Victor Cms Project 1 Victor Cms 2025-01-29 9.8 Critical
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.
CVE-2020-21038 1 Typecho 1 Typecho 2025-01-29 6.1 Medium
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
CVE-2024-4141 1 Xpdfreader 1 Xpdf 2025-01-29 2.9 Low
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
CVE-2024-4568 1 Xpdfreader 1 Xpdf 2025-01-29 2.9 Low
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
CVE-2023-31183 1 Cybonet 1 Pineapp Mail Secure 2025-01-29 6.1 Medium
Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.
CVE-2024-4976 1 Xpdfreader 1 Xpdf 2025-01-29 5.5 Medium
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
CVE-2024-2971 1 Xpdfreader 1 Xpdf 2025-01-29 2.9 Low
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
CVE-2023-28068 1 Dell 1 Command \| Monitor 2025-01-29 7.3 High
Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path
CVE-2023-30434 1 Ibm 2 Elastic Storage System, Spectrum Scale 2025-01-29 6.2 Medium
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.
CVE-2023-2534 1 Otrs 1 Otrs 2025-01-29 7.6 High
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.
CVE-2022-22313 1 Ibm 1 Qradar Data Synchronization 2025-01-29 4.4 Medium
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370.
CVE-2023-2560 1 Newbinggogo Project 1 Newbinggogo 2025-01-29 3.5 Low
A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167.
CVE-2023-2564 1 Scanservjs Project 1 Scanservjs 2025-01-29 10 Critical
OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.
CVE-2023-31181 1 Wjjsoft 1 Innokb 2025-01-29 7.5 High
WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal
CVE-2023-30551 2 Linuxfoundation, Redhat 2 Rekor, Openshift 2025-01-29 7.5 High
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.
CVE-2024-55193 1 Openimageio 1 Openimageio 2025-01-29 6.5 Medium
OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
CVE-2023-30837 1 Vyperlang 1 Vyper 2025-01-29 7.5 High
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
CVE-2023-30840 1 Linuxfoundation 1 Fluid 2025-01-29 5.8 Medium
Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes. Once the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster. To exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means. Version 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended.