| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Kerberos Elevation of Privilege Vulnerability |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| Windows TCP/IP Remote Code Execution Vulnerability |
| Microsoft OfficePlus Elevation of Privilege Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Azure Stack Hub Elevation of Privilege Vulnerability |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Microsoft Teams for iOS Spoofing Vulnerability |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Windows Network Virtualization Remote Code Execution Vulnerability |
| Windows Network Virtualization Remote Code Execution Vulnerability |
| Windows Bluetooth Driver Information Disclosure Vulnerability |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker can exploit this vulnerability by intercepting requests and manipulating the 'name' parameter to specify arbitrary file paths. This allows the attacker to read sensitive files on the server, leading to information leakage, including API keys and private information. The issue affects version 20240310 of the application. |
| A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's `id` attribute to a value of 0. This issue affects the current version of the software, with the latest commit id `57984fa85c31988b2eff429adfc654c46e0c342a`. By exploiting this vulnerability, an attacker, with manager or admin privileges, can render a chosen account completely inaccessible. The application's mechanism for suspending accounts does not provide a means to reverse this condition through the UI, leading to uncontrolled resource consumption. The vulnerability is introduced due to the lack of input validation and sanitization in the user modification endpoint and the middleware's token validation logic. This issue has been addressed in version 1.0.0 of the software. |
