| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033. |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. |
| The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application. |
| Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. |
| A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory.
This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution. |
| In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597. |
| Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1. |
| A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information. |
| Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. |
| Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. |
| Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=. |
| An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file. |
| Information disclosure due to buffer overread in Core |
| Information disclosure due to buffer overread in Core |
