Search Results (37209 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-36377 1 Jetbrains 1 Teamcity 2025-01-27 6.5 Medium
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
CVE-2024-36376 1 Jetbrains 1 Teamcity 2025-01-27 6.5 Medium
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
CVE-2023-32070 1 Xwiki 2 Rendering, Xwiki 2025-01-27 9.1 Critical
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.
CVE-2023-28357 1 Rocket.chat 1 Rocket.chat 2025-01-27 4.3 Medium
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to.
CVE-2023-20880 1 Vmware 2 Aria Operations, Cloud Foundation 2025-01-27 6.7 Medium
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVE-2023-20877 1 Vmware 2 Cloud Foundation, Vrealize Operations 2025-01-27 8.8 High
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
CVE-2022-43465 1 Intel 1 Setup And Configuration Software 2025-01-27 5 Medium
Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2022-45128 1 Intel 1 Endpoint Management Assistant 2025-01-27 5 Medium
Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2022-41610 1 Intel 2 Endpoint Management Assistant Configuration Tool, Manageability Commander 2025-01-27 5 Medium
Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-35112 1 Ibm 1 Control Center 2025-01-27 5.4 Medium
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-30192 1 Prestashop 1 Possearchproducts 2025-01-27 9.8 Critical
Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().
CVE-2023-28359 1 Rocket.chat 1 Rocket.chat 2025-01-27 5.3 Medium
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.
CVE-2023-28325 1 Rocket.chat 1 Rocket.chat 2025-01-27 6.5 Medium
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.
CVE-2023-2642 1 Online Exam System Project 1 Online Exam System 2025-01-24 6.3 Medium
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. This affects an unknown part of the file adminpanel/admin/facebox_modal/updateCourse.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228771.
CVE-2023-25007 1 Autodesk 1 3ds Max Usd 2025-01-24 7.8 High
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.
CVE-2024-25937 1 Deltaww 1 Diaenergie 2025-01-24 8.8 High
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
CVE-2024-29870 1 Sapplica 1 Sentrifugo 2025-01-24 9.8 Critical
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
CVE-2024-29871 1 Sapplica 1 Sentrifugo 2025-01-24 9.8 Critical
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
CVE-2024-29872 1 Sapplica 1 Sentrifugo 2025-01-24 9.8 Critical
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
CVE-2024-29874 1 Sapplica 1 Sentrifugo 2025-01-24 9.8 Critical
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.