| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. |
| An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. |
| Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. |
| The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit. |
| An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. |
| An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs. |
| The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. |
| In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. |
| An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. |
| Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network |
| A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. |
| The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS). |
| An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. |
| An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). |
| Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. |
| Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. |
| An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. |
| In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. |
| An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs. |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header. |
