Search Results (366572 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31631 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31630 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31629 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31628 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31627 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31626 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31616 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-30333 1 Perfree 1 Perfreeblog 2025-01-23 9.8 Critical
An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.
CVE-2023-30124 1 Lavalite 1 Lavalite 2025-01-23 5.4 Medium
LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2024-1221 3 Apple, Linux, Papercut 4 Macos, Linux Kernel, Papercut Mf and 1 more 2025-01-23 3.1 Low
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.
CVE-2024-11598 1 Ivanti 1 Application Control 2025-01-23 7.8 High
Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-11597 1 Ivanti 1 Performance Manager 2025-01-23 7.8 High
Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-0860 1 Softing 2 Edgeaggregator, Edgeconnector 2025-01-23 8 High
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
CVE-2024-26262 1 Ebmtech 1 Uniweb\/solipacs Webserver 2025-01-23 8.8 High
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .
CVE-2024-26261 1 Hgiga 4 Oaklouds-organization-2.0, Oaklouds-organization-3.0, Oaklouds-webbase-2.0 and 1 more 2025-01-23 9.8 Critical
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
CVE-2024-26260 1 Hgiga 4 Oaklouds-organization-2.0, Oaklouds-organization-3.0, Oaklouds-webbase-2.0 and 1 more 2025-01-23 9.8 Critical
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
CVE-2024-1523 1 E-web 1 Fs-ezviewer 2025-01-23 8.8 High
EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator.
CVE-2024-1482 1 Github 1 Enterprise Server 2025-01-23 7.1 High
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-24775 1 F5 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more 2025-01-23 7.5 High
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-23979 1 F5 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more 2025-01-23 7.5 High
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated