Search Results (364976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37148 1 Glpi-project 1 Glpi 2025-01-07 8.1 High
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.
CVE-2024-37147 1 Glpi-project 1 Glpi 2025-01-07 4.3 Medium
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.
CVE-2024-52000 1 Combodo 1 Itop 2025-01-07 6.1 Medium
Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic escaping of error messages when rendering on the page. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-31456 1 Glpi-project 1 Glpi 2025-01-07 7.7 High
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
CVE-2024-52001 1 Combodo 1 Itop 2025-01-07 4.3 Medium
Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-52002 1 Combodo 1 Itop 2025-01-07 8.8 High
Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-32539 1 Hornerautomation 2 Cscape, Cscape Envisionrv 2025-01-07 7.8 High
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.
CVE-2023-32289 1 Hornerautomation 2 Cscape, Cscape Envisionrv 2025-01-07 7.8 High
The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-32281 1 Hornerautomation 2 Cscape, Cscape Envisionrv 2025-01-07 7.8 High
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-22833 1 Palantir 1 Foundry 2025-01-07 7.6 High
Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.
CVE-2021-33223 1 Seeddms 1 Seeddms 2025-01-07 8.8 High
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.
CVE-2022-25834 1 Percona 1 Xtrabackup 2025-01-07 7.8 High
In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
CVE-2023-33537 1 Tp-link 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more 2025-01-07 8.1 High
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.
CVE-2023-33536 1 Tp-link 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more 2025-01-07 8.1 High
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.
CVE-2023-33510 1 Jeecg P3 Biz Chat Project 1 Jeecg P3 Biz Chat 2025-01-07 7.5 High
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.
CVE-2023-33496 1 Xxl-rpc Project 1 Xxl-rpc 2025-01-07 9.8 Critical
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.
CVE-2023-33284 1 Marvalglobal 1 Msm 2025-01-07 8.8 High
Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server.
CVE-2023-33283 1 Marvalglobal 1 Msm 2025-01-07 5.5 Medium
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key.
CVE-2023-20889 1 Vmware 1 Vrealize Network Insight 2025-01-07 7.5 High
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
CVE-2023-20888 1 Vmware 1 Vrealize Network Insight 2025-01-07 8.8 High
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.