Search Results (37177 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-22833 1 Palantir 1 Foundry 2025-01-07 7.6 High
Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.
CVE-2023-34958 1 Chamilo 1 Chamilo Lms 2025-01-06 4.3 Medium
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
CVE-2023-32749 1 Pydio 1 Cells 2025-01-06 8.8 High
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
CVE-2023-29766 1 Appcrossx 1 Crossx 2025-01-06 7.8 High
An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.
CVE-2023-29761 1 Urbanandroid 1 Sleep 2025-01-06 5.5 Medium
An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29759 1 Flightaware 1 Flightaware 2025-01-06 5.5 Medium
An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
CVE-2023-29758 1 Leap 1 Blue Light Filter 2025-01-06 5.5 Medium
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-33557 1 Thedaylightstudio 1 Fuel Cms 2025-01-06 8.8 High
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.
CVE-2023-27716 1 Kafkaui-lite Project 1 Kafkaui-lite 2025-01-06 9.8 Critical
An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.
CVE-2024-13035 1 Code-projects 1 Chat System 2025-01-06 6.3 Medium
A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-32220 1 Milesight 2 Ncr\/camera, Ncr\/camera Firmware 2025-01-06 8.2 High
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.
CVE-2023-32219 1 Mazda 2 Mazda, Mazda Firmware 2025-01-06 6.5 Medium
A Mazda model (2015-2016) can be unlocked via an unspecified method.
CVE-2023-31671 1 Webbax 1 Postfinance 2025-01-06 9.8 Critical
PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().
CVE-2023-30150 1 Leotheme 1 Leocustomajax 2025-01-06 9.8 Critical
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
CVE-2023-21245 1 Google 1 Android 2025-01-06 7.8 High
In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-13037 1 1000projects 1 Attendance Tracking Management System 2025-01-06 6.3 Medium
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been classified as critical. Affected is the function attendance_report of the file /admin/report.php. The manipulation of the argument course_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12791 1 Codezips 1 E-commerce Site 2025-01-06 7.3 High
A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-24546 1 Arista 1 Cloudvision Portal 2025-01-06 8.1 High
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.
CVE-2023-3208 1 Roadflow 1 Roadflow 2025-01-06 6.3 Medium
A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Affected by this issue is some unknown functionality of the file /Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05 of the component Login. The manipulation of the argument sidx/sord leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-12792 1 Codezips 1 E-commerce Site 2025-01-06 7.3 High
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.