Search Results (366567 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-25156 1 Fortra 1 Goanywhere Managed File Transfer 2025-01-23 6.5 Medium
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.
CVE-2024-1623 1 Sagemcom 2 F\@st 3686, F\@st 3686 Firmware 2025-01-23 7.7 High
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.
CVE-2025-0221 1 I0bit 1 Protected Folder 2025-01-23 5.5 Medium
A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-0223 1 I0bit 1 Protected Folder 2025-01-23 5.5 Medium
A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-0222 1 I0bit 1 Protected Folder 2025-01-23 5.5 Medium
A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-46596 1 Algosec 1 Fireflow 2025-01-23 5.1 Medium
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)
CVE-2024-26264 1 Ebmtech 1 Risweb 2025-01-23 9.8 Critical
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.
CVE-2024-26263 2 Ebm Technologies, Ebmtech 2 Risweb, Risweb 2025-01-23 5.3 Medium
EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.
CVE-2024-25983 2 Fedoraproject, Moodle 2 Fedora, Moodle 2025-01-23 3.5 Low
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
CVE-2023-6881 1 Zephyrproject 1 Zephyr 2025-01-23 7.3 High
Possible buffer overflow in is_mount_point
CVE-2023-4538 1 Comarch 1 Erp Xl 2025-01-23 6.2 Medium
The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2.
CVE-2023-4539 1 Comarch 1 Erp Xl 2025-01-23 7.5 High
Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2.
CVE-2024-57770 1 Jfinaloa Project 1 Jfinaloa 2025-01-23 8.8 High
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVE-2024-57769 1 Jfinaloa Project 1 Jfinaloa 2025-01-23 8.8 High
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
CVE-2023-31679 1 Videogo Project 1 Videogo 2025-01-23 7.5 High
Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter.
CVE-2023-31678 1 Videogo Project 1 Videogo 2025-01-23 5.3 Medium
Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended.
CVE-2023-31677 1 Luowice 1 Luowice 2025-01-23 7.5 High
Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter.
CVE-2023-31613 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31612 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-31611 1 Openlinksw 1 Virtuoso 2025-01-23 7.5 High
An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.