Total
277587 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27114 | 2 So Planning, Soplanning | 2 Simple Online Planning, Soplanning | 2025-01-09 | 9.8 Critical |
| A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02. | ||||
| CVE-2024-21875 | 1 Badge.team | 1 Hacker Hotel Badge 2024 | 2025-01-09 | 6.5 Medium |
| Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3. | ||||
| CVE-2021-4406 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 9.1 Critical |
| An administrator is able to execute commands as root via the alerts management dialog | ||||
| CVE-2021-42079 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 6.2 Medium |
| An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. | ||||
| CVE-2021-42080 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 7.4 High |
| An attacker is able to launch a Reflected XSS attack using a crafted URL. | ||||
| CVE-2021-42082 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 7.8 High |
| Local users are able to execute scripts under root privileges. | ||||
| CVE-2021-42081 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 9.1 Critical |
| An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. | ||||
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2025-01-09 | 9.1 Critical |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | ||||
| CVE-2023-25912 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 5.3 Medium |
| The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values. | ||||
| CVE-2023-22584 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 7.5 High |
| The Danfoss AK-EM100 stores login credentials in cleartext. | ||||
| CVE-2023-22585 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 9 Critical |
| The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. | ||||
| CVE-2023-25911 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 9.9 Critical |
| The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters. | ||||
| CVE-2023-22583 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 10 Critical |
| The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | ||||
| CVE-2023-22586 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 7.7 High |
| The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. | ||||
| CVE-2023-22582 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 9 Critical |
| The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. | ||||
| CVE-2023-25914 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-09 | 8.8 High |
| Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise. | ||||
| CVE-2023-25913 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-09 | 7.5 High |
| Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information. | ||||
| CVE-2023-25915 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-09 | 9.9 Critical |
| Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. | ||||
| CVE-2025-0194 | 1 Gitlab | 1 Gitlab | 2025-01-09 | 6.5 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner. | ||||
| CVE-2023-6710 | 2 Modcluster, Redhat | 3 Mod Proxy Cluster, Enterprise Linux, Jboss Core Services | 2025-01-09 | 5.4 Medium |
| A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. | ||||