Total
277590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3228 | 1 Fossbilling | 1 Fossbilling | 2025-01-02 | 5.7 Medium |
| Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. | ||||
| CVE-2023-3229 | 1 Fossbilling | 1 Fossbilling | 2025-01-02 | 6.5 Medium |
| Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. | ||||
| CVE-2024-29029 | 2 Memos, Usememos | 2 Memos, Memos | 2025-01-02 | 6.1 Medium |
| memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file. | ||||
| CVE-2023-3230 | 1 Fossbilling | 1 Fossbilling | 2025-01-02 | 7.5 High |
| Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0. | ||||
| CVE-2023-2638 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2025-01-02 | 5.9 Medium |
| Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited. | ||||
| CVE-2023-3233 | 1 Crmeb | 1 Crmeb | 2025-01-02 | 6.3 Medium |
| A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-0837 | 3 Apple, Microsoft, Teamviewer | 3 Macos, Windows, Remote | 2025-01-02 | 6.6 Medium |
| An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. | ||||
| CVE-2023-1049 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-01-02 | 7.8 High |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | ||||
| CVE-2023-34000 | 1 Woocommerce | 1 Stripe Payment Gateway | 2025-01-02 | 7.5 High |
| Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. | ||||
| CVE-2023-2637 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2025-01-02 | 7.3 High |
| Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited. | ||||
| CVE-2023-2569 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2025-01-02 | 7.8 High |
| A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||
| CVE-2022-43684 | 1 Servicenow | 1 Servicenow | 2025-01-02 | 9.9 Critical |
| ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls. | ||||
| CVE-2023-3238 | 1 Otcms | 1 Otcms | 2025-01-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231509 was assigned to this vulnerability. | ||||
| CVE-2024-2072 | 1 Remyandrade | 1 Flashcard Quiz App | 2025-01-02 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the argument question/answer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255387. | ||||
| CVE-2024-2073 | 1 Oretnom23 | 1 Block Inserter For Dynamic Content | 2025-01-02 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388. | ||||
| CVE-2024-45401 | 1 Stripe | 1 Stripe Cli | 2025-01-02 | 7.6 High |
| stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability. | ||||
| CVE-2024-56520 | 2025-01-02 | 7.3 High | ||
| An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed. | ||||
| CVE-2024-56519 | 2025-01-02 | 7.5 High | ||
| An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | ||||
| CVE-2024-56318 | 2025-01-02 | 7.5 High | ||
| In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service. | ||||
| CVE-2024-56317 | 2025-01-02 | 7.5 High | ||
| In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service. | ||||