Search Results (366589 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29242 1 Intel 6 Oneapi Ai Analytics Toolkit, Oneapi Base Toolkit, Oneapi Dl Framework Developer Toolkit and 3 more 2025-01-24 6.7 Medium
Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-31199 1 Intel 1 Solid State Drive Toolbox 2025-01-24 7.1 High
Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-30768 1 Intel 128 Server Board S1200btl, Server Board S1200btl Firmware, Server Board S1200btlr and 125 more 2025-01-24 7.1 High
Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-32075 1 Pimcore 1 Customer Management Framework 2025-01-24 4.3 Medium
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.
CVE-2024-3251 1 Oretnom23 1 Computer Laboratory Management System 2025-01-24 6.3 Medium
A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/?page=borrow/view_borrow. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259100.
CVE-2024-3140 1 Oretnom23 1 Computer Laboratory Management System 2025-01-24 3.5 Low
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915.
CVE-2024-3139 1 Oretnom23 1 Computer Laboratory Management System 2025-01-24 5.4 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability.
CVE-2024-3131 1 Oretnom23 1 Computer Laboratory Management System 2025-01-24 6.3 Medium
A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258874 is the identifier assigned to this vulnerability.
CVE-2024-28951 1 Openatom 1 Openharmony 2025-01-24 5.5 Medium
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.
CVE-2024-3388 1 Paloaltonetworks 2 Pan-os, Prisma Access 2025-01-24 4.1 Medium
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
CVE-2023-32058 1 Vyperlang 1 Vyper 2025-01-24 7.5 High
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.
CVE-2023-31985 1 Edimax 2 Br-6428ns, Br-6428ns Firmware 2025-01-24 9.8 Critical
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.
CVE-2023-31983 1 Edimax 2 Br-6428ns, Br-6428ns Firmware 2025-01-24 9.8 Critical
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.
CVE-2023-31922 1 Quickjs Project 1 Quickjs 2025-01-24 7.5 High
QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.
CVE-2023-31921 1 Jerryscript 1 Jerryscript 2025-01-24 5.5 Medium
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.
CVE-2023-31920 1 Jerryscript 1 Jerryscript 2025-01-24 5.5 Medium
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.
CVE-2023-31146 1 Vyperlang 1 Vyper 2025-01-24 7.5 High
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.
CVE-2023-30246 1 Judging Management System Project 1 Judging Management System 2025-01-24 9.8 Critical
SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter.
CVE-2023-30130 1 Craftcms 1 Craft Cms 2025-01-24 8.8 High
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
CVE-2023-2682 1 Catontechnology 1 Caton Live 2025-01-24 6.3 Medium
A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.