Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-12355 1 Razormist 1 Phone Contact Manager System 2024-12-12 3.3 Low
A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper input validation. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2024-12353 1 Razormist 1 Phone Contact Manager System 2024-12-12 3.3 Low
A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2023-35846 1 Virtualsquare 1 Picotcp 2024-12-12 7.5 High
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
CVE-2023-35844 1 Lightdash 1 Lightdash 2024-12-12 7.5 High
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
CVE-2023-35843 1 Nocodb 1 Nocodb 2024-12-12 7.5 High
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
CVE-2023-35840 1 Std42 1 Elfinder 2024-12-12 6.5 Medium
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
CVE-2023-34657 1 Eyoucms 1 Eyoucms 2024-12-12 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
CVE-2023-34642 1 Kioware 1 Kioware 2024-12-12 7.8 High
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
CVE-2023-34641 1 Kioware 1 Kioware 2024-12-12 7.8 High
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
CVE-2023-34603 1 Jeecg 1 Jeecgboot 2024-12-12 7.5 High
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
CVE-2023-34602 1 Jeecg 1 Jeecgboot 2024-12-12 7.5 High
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
CVE-2023-34167 1 Huawei 1 Emui 2024-12-12 5.3 Medium
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-34166 1 Huawei 1 Emui 2024-12-12 7.5 High
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
CVE-2023-34163 1 Huawei 1 Emui 2024-12-12 7.5 High
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-34162 1 Huawei 1 Emui 2024-12-12 7.5 High
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.
CVE-2023-34161 1 Huawei 1 Emui 2024-12-12 7.5 High
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-34160 1 Huawei 1 Emui 2024-12-12 5.3 Medium
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-34159 1 Huawei 1 Emui 2024-12-12 9.8 Critical
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
CVE-2023-34158 1 Huawei 1 Emui 2024-12-12 5.3 Medium
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-31366 1 Amd 1 Uprof 2024-12-12 3.3 Low
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.