Search Results (364930 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-3172 1 Froxlor 1 Froxlor 2025-01-06 7.2 High
Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.
CVE-2023-3173 1 Froxlor 1 Froxlor 2025-01-06 9.8 Critical
Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.
CVE-2023-3188 1 Owncast Project 1 Owncast 2025-01-06 6.5 Medium
Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.
CVE-2023-3190 1 Teampass 1 Teampass 2025-01-06 4.6 Medium
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-3191 1 Teampass 1 Teampass 2025-01-06 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-3192 1 Froxlor 1 Froxlor 2025-01-06 5.4 Medium
Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
CVE-2024-13037 1 1000projects 1 Attendance Tracking Management System 2025-01-06 6.3 Medium
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been classified as critical. Affected is the function attendance_report of the file /admin/report.php. The manipulation of the argument course_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12106 1 Progress 1 Whatsup Gold 2025-01-06 9.4 Critical
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
CVE-2023-1899 1 Atlascopco 2 Power Focus 6000, Power Focus 6000 Firmware 2025-01-06 9.4 Critical
Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller.
CVE-2024-12108 2 Microsoft, Progress 2 Windows, Whatsup Gold 2025-01-06 9.6 Critical
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
CVE-2023-1898 1 Atlascopco 2 Power Focus 6000, Power Focus 6000 Firmware 2025-01-06 9.4 Critical
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session.
CVE-2024-12791 1 Codezips 1 E-commerce Site 2025-01-06 7.3 High
A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-26062 1 Nokia 1 Web Element Manager 2025-01-06 7 High
A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network.
CVE-2023-34940 1 Asus 2 Rt-n10lx, Rt-n10lx Firmware 2025-01-06 7.5 High
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-27836 1 Tp-link 2 Tl-wpa8630p, Tl-wpa8630p Firmware 2025-01-06 9.8 Critical
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.
CVE-2023-26298 1 Hp 1 Hp Device Manager 2025-01-06 8.8 High
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26297 1 Hp 1 Hp Device Manager 2025-01-06 8.8 High
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26296 1 Hp 1 Hp Device Manager 2025-01-06 8.8 High
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26295 1 Hp 1 Hp Device Manager 2025-01-06 9.8 Critical
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVE-2023-26294 1 Hp 1 Hp Device Manager 2025-01-06 7.8 High
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.