Search Results (120756 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3445 1 Oretnom23 1 Laundry Shop Management System 2025-01-17 6.3 Medium
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.
CVE-2024-3428 1 Argie 1 Online Courseware 2025-01-17 3.5 Low
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600.
CVE-2023-22598 1 Inhandnetworks 4 Inrouter302, Inrouter302 Firmware, Inrouter615-s and 1 more 2025-01-16 7.2 High
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with privileged access to the local web interface or the cloud account managing the affected devices could push a specially crafted configuration update file to gain root access. This could lead to remote code execution with root privileges.
CVE-2022-4616 1 Deltaww 2 Dx-3021l9, Dx-3021l9 Firmware 2025-01-16 7.2 High
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions.
CVE-2022-43483 1 Sewio 1 Real-time Location System Studio 2025-01-16 9.1 Critical
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.
CVE-2022-45444 1 Sewio 1 Real-time Location System Studio 2025-01-16 10 Critical
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.
CVE-2022-47911 1 Sewio 1 Real-time Location System Studio 2025-01-16 9.1 Critical
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.
CVE-2023-23582 1 Snapav 2 Wattbox Wb-300-ip-3, Wattbox Wb-300-ip-3 Firmware 2025-01-16 5.3 Medium
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.
CVE-2022-4634 1 Deltaww 2 Cncsoft, Screeneditor 2025-01-16 7.8 High
All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0123 1 Deltaww 1 Dopsoft 2025-01-16 7.8 High
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-0124 1 Deltaww 1 Dopsoft 2025-01-16 7.8 High
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-0249 1 Deltaww 1 Diascreen 2025-01-16 7.8 High
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
CVE-2023-0250 1 Deltaww 1 Diascreen 2025-01-16 7.8 High
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0251 1 Deltaww 1 Diascreen 2025-01-16 7.8 High
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-23551 1 Controlbyweb 2 X-600m, X-600m Firmware 2025-01-16 9.1 Critical
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-22805 1 Ls-electric 2 Xbc-dn32u, Xbc-dn32u Firmware 2025-01-16 6.5 Medium
LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.
CVE-2023-0755 3 Ge, Ptc, Rockwellautomation 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more 2025-01-16 9.8 Critical
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
CVE-2023-0754 3 Ge, Ptc, Rockwellautomation 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more 2025-01-16 9.8 Critical
The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.
CVE-2023-0847 1 Dash7-alliance 1 Dash7 Alliance Protcol 2025-01-16 5.3 Medium
The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.
CVE-2023-1256 1 Aveva 2 Aveva Plant Scada, Telemetry Server 2025-01-16 9.8 Critical
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.