Search Results (366567 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27285 1 Ibm 2 Aspera Cargo, Aspera Connect 2025-01-08 8.4 High
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625.
CVE-2023-3067 1 Trilium Project 1 Trilium 2025-01-08 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4.
CVE-2023-3069 1 Corebos 1 Corebos 2025-01-08 9.8 Critical
Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3070 1 Corebos 1 Corebos 2025-01-08 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3071 1 Tsolucio 1 Corebos 2025-01-08 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-3073 1 Corebos 1 Corebos 2025-01-08 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc.
CVE-2023-3074 1 Corebos 1 Corebos 2025-01-08 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
CVE-2023-33733 1 Reportlab 1 Reportlab 2025-01-08 7.8 High
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
CVE-2023-33693 2 Microsoft, Tsingsee 2 Windows, Easyplayerpro 2025-01-08 7.8 High
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.
CVE-2023-33524 1 Advent 1 Tamale Rms 2025-01-08 5.3 Medium
Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app.
CVE-2023-33518 1 Emoncms 1 Emoncms 2025-01-08 5.3 Medium
emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.
CVE-2023-33410 1 Minical 1 Minical 2025-01-08 8.8 High
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.
CVE-2023-33409 1 Minical 1 Minical 2025-01-08 6.5 Medium
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.
CVE-2022-46088 1 Oretnom23 1 Online Flight Booking Management System 2025-01-08 6.1 Medium
Online Flight Booking Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the feedback form.
CVE-2024-23328 1 Dataease 1 Dataease 2025-01-08 9.1 Critical
Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0.
CVE-2024-12898 1 1000projects 1 Attendance Tracking Management System 2025-01-08 6.3 Medium
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php. The manipulation of the argument faculty_course_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-12899 1 1000projects 1 Attendance Tracking Management System 2025-01-08 7.3 High
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-33690 1 Sonicjs 1 Sonicjs 2025-01-08 6.5 Medium
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS.
CVE-2024-32967 1 Zitadel 1 Zitadel 2025-01-08 5.3 Medium
Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade.
CVE-2024-41953 1 Zitadel 1 Zitadel 2025-01-08 4.3 Medium
Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker, without privileges, could send out altered notifications that are part of the registration processes. An attacker could create a malicious link, where the injected code would be rendered as part of the email. On the user's detail page, the username was also not sanitized and would also render HTML, giving an attacker the same vulnerability. While it was possible to inject HTML including javascript, the execution of such scripts would be prevented by most email clients and the Content Security Policy in Console UI. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8 2.53.9, and 2.52.3.