Search Results (364935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9978 1 Openatom 1 Openharmony 2024-12-11 5.5 Medium
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2024-55268 1 Phpgurukul 1 Covid 19 Testing Management System 2024-12-11 6.1 Medium
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.
CVE-2024-48703 1 Anujk305 1 Medical Card Generation System 2024-12-11 4.8 Medium
PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.
CVE-2023-3315 1 Jenkins 1 Team Concert 2024-12-11 4.3 Medium
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2023-35866 1 Keepassxc 1 Keepassxc 2024-12-11 5.5 Medium
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."
CVE-2023-35853 1 Oisf 1 Suricata 2024-12-11 9.8 Critical
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
CVE-2023-2684 1 Wpfactory 1 File Renaming On Upload 2024-12-11 4.8 Medium
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-29546 1 Mozilla 2 Firefox, Firefox Focus 2024-12-11 6.5 Medium
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
CVE-2023-25736 1 Mozilla 1 Firefox 2024-12-11 9.8 Critical
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.
CVE-2023-25733 1 Mozilla 1 Firefox 2024-12-11 7.5 High
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.
CVE-2020-20725 1 Taogogo 1 Taocms 2024-12-11 6.1 Medium
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
CVE-2020-20070 1 Diaowen 1 Dwsurvey 2024-12-11 6.1 Medium
Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.
CVE-2020-20067 1 Ebcms 1 Ebcms 2024-12-11 8.8 High
File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter.
CVE-2019-25136 1 Mozilla 1 Firefox 2024-12-11 10 Critical
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.
CVE-2024-12082 1 Openatom 1 Openharmony 2024-12-11 5.5 Medium
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2023-35847 1 Virtualsquare 1 Picotcp 2024-12-11 7.5 High
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
CVE-2023-35848 1 Virtualsquare 1 Picotcp 2024-12-11 7.5 High
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
CVE-2023-35849 1 Virtualsquare 1 Picotcp 2024-12-11 7.5 High
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
CVE-2023-35855 1 Valvesoftware 1 Counter-strike 2024-12-11 9.8 Critical
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
CVE-2023-35856 1 Nintendo 1 Mario Kart Wii 2024-12-11 9.8 Critical
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.