| Page(s) : 1 ... 44 45 46 47 48 49 50 51 52 53 [54] 55 56 57 58 59 60 61 62 63 64 ... | Result(s) : 39744 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2023-12-15 | CVE-2023-33220 | cve | During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer ... |
| 9.8 | 2023-12-15 | CVE-2023-33221 | cve | When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap b... |
| 9.8 | 2023-12-15 | CVE-2023-33222 | cve | When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received wh... |
| 9.8 | 2023-12-15 | CVE-2023-48376 | cve | SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker ... |
| 9.8 | 2023-12-15 | CVE-2023-29234 | cve | A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommen... |
| 9.8 | 2023-12-15 | CVE-2023-46279 | cve | Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes ... |
| 9.8 | 2023-12-15 | CVE-2023-48384 | cve | ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulner... |
| 9.8 | 2023-12-15 | CVE-2023-48388 | cve | Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system op... |
| 9.8 | 2023-12-15 | CVE-2023-48390 | cve | Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arb... |
| 9.8 | 2023-12-15 | CVE-2023-48392 | cve | Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token pa... |
| 9.8 | 2023-12-15 | CVE-2023-40954 | cve | A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 throug... |
| 9.8 | 2023-12-15 | CVE-2023-48050 | cve | SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows ... |
| 9.8 | 2023-12-15 | CVE-2023-48371 | cve | ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload a... |
| 9.8 | 2023-12-15 | CVE-2023-48372 | cve | ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrar... |
| 9.8 | 2023-12-15 | CVE-2023-48049 | cve | A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary... |
| 10 | 2023-12-14 | CVE-2023-45894 | cve | The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code... |
| 9.8 | 2023-12-14 | CVE-2023-4489 | cve | The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S... |
| 9.8 | 2023-12-14 | CVE-2023-50073 | cve | EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php. |
| 9.8 | 2023-12-14 | CVE-2023-50563 | cve | Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. |
| 9.8 | 2023-12-14 | CVE-2023-47261 | cve | Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileg... |
| Page(s) : 1 ... 44 45 46 47 48 49 50 51 52 53 [54] 55 56 57 58 59 60 61 62 63 64 ... | Result(s) : 39744 |
