| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
|
An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kharim Tomlinson WP Next Post Navi allows Stored XSS.This issue affects WP Next Post Navi: from n/a through 1.8.3. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0. |
| HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files. |
| Out-of-bounds write vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver |
| The configuration file containing database logins and passwords is readable by any local user. |
| An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed. |
| An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file. |
| On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing. |
| In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS). |
| An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP connections. |
| The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to apply and remove watermarks from images. |
| An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file |
| A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences. |
| Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL. |
| SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().` |
| A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service. |
| Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL. |