Total
276814 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40657 | 1 Nikon | 1 Nis-elements Viewer | 2025-01-07 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. Crafted data in a PSD file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15073. | ||||
| CVE-2022-40656 | 1 Nikon | 1 Nis-elements Viewer | 2025-01-07 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. Crafted data in a ND2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15072. | ||||
| CVE-2022-40655 | 1 Nikon | 1 Nis-elements Viewer | 2025-01-07 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15071. | ||||
| CVE-2023-40696 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | 5.9 Medium |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939. | ||||
| CVE-2023-23474 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | 3.7 Low |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403. | ||||
| CVE-2023-47640 | 1 Datahub Project | 1 Datahub | 2025-01-07 | 6.4 Medium |
| DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-44292 | 1 Apple | 1 Macos | 2025-01-07 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. | ||||
| CVE-2024-44293 | 1 Apple | 1 Macos | 2025-01-07 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information. | ||||
| CVE-2023-47545 | 1 Fatcatapps | 1 Forms For Mailchimp By Optin Cat | 2025-01-07 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin <= 2.5.4 versions. | ||||
| CVE-2023-47544 | 1 Atarim | 1 Visual Collaboration | 2025-01-07 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions. | ||||
| CVE-2023-47533 | 1 Wpdevart | 1 Countdown And Countup\, Woocommerce Sales Timer | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions. | ||||
| CVE-2023-47532 | 1 Themeum | 1 Wp Crowdfunding | 2025-01-07 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions. | ||||
| CVE-2023-47528 | 1 Sajjad67 | 1 Wp Edit Username | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajjad Hossain Sagor WP Edit Username plugin <= 1.0.5 versions. | ||||
| CVE-2024-44298 | 1 Apple | 1 Macos | 2025-01-07 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts. | ||||
| CVE-2023-47524 | 1 Codebard | 1 Patron Button And Widgets For Patreon | 2025-01-07 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requires PHP 8.x) in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. | ||||
| CVE-2023-47522 | 1 Photofeed | 1 Photo Feed | 2025-01-07 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin <= 2.2.1 versions. | ||||
| CVE-2024-12841 | 1 Emlog | 1 Emlog | 2025-01-07 | 4.3 Medium |
| A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3120 | 1 Oretnom23 | 1 Service Provider Management System | 2025-01-07 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799. | ||||
| CVE-2024-12843 | 1 Emlog | 1 Emlog | 2025-01-07 | 4.3 Medium |
| A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-47583 | 1 Fujielectric | 1 Tellus | 2025-01-07 | 7.8 High |
| Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be executed. | ||||