| Page(s) : 1 ... 12 13 14 15 16 17 18 19 20 21 [22] 23 24 25 26 27 28 29 30 31 32 ... | Result(s) : 34024 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2024-01-23 | CVE-2024-23636 | cve | SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to ... |
| 9.8 | 2024-01-23 | CVE-2024-22076 | cve | MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. |
| 9.8 | 2024-01-22 | CVE-2021-42141 | cve | An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_ex... |
| 9.8 | 2024-01-22 | CVE-2023-48118 | cve | SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page. |
| 9.8 | 2024-01-22 | CVE-2024-0778 | cve | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function se... |
| 9.1 | 2024-01-22 | CVE-2022-45790 | cve | The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gai... |
| 9.8 | 2024-01-22 | CVE-2024-0204 | cve | Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. |
| 9.8 | 2024-01-22 | CVE-2024-0783 | cve | A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The man... |
| 9.8 | 2024-01-22 | CVE-2024-0784 | cve | A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the ar... |
| 9.8 | 2024-01-22 | CVE-2017-20189 | cve | In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrus... |
| 9.8 | 2024-01-22 | CVE-2024-23751 | cve | LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQue... |
| 9.8 | 2024-01-22 | CVE-2024-23752 | cve | GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDF... |
| 9.8 | 2024-01-22 | CVE-2024-23771 | cve | darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side ch... |
| 9.8 | 2024-01-21 | CVE-2024-23730 | cve | The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. |
| 9.8 | 2024-01-21 | CVE-2024-23731 | cve | The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument. |
| 9.8 | 2024-01-21 | CVE-2024-0769 | cve | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the f... |
| 9.8 | 2024-01-20 | CVE-2021-31314 | cve | File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server. |
| 9.8 | 2024-01-20 | CVE-2023-51892 | cve | An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. |
| 9.8 | 2024-01-20 | CVE-2023-51927 | cve | YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. |
| 9.8 | 2024-01-20 | CVE-2023-51928 | cve | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary cod... |
| Page(s) : 1 ... 12 13 14 15 16 17 18 19 20 21 [22] 23 24 25 26 27 28 29 30 31 32 ... | Result(s) : 34024 |
