| Page(s) : 1 ... 152 153 154 155 156 157 158 159 160 161 [162] 163 164 165 166 167 168 169 170 171 172 ... | Result(s) : 312940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-05 | CVE-2025-27513 | cve | OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and t... |
| N/A | 2025-03-05 | CVE-2025-27515 | cve | Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially by... |
| N/A | 2025-03-05 | CVE-2025-2003 | cve | Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. |
| N/A | 2025-03-05 | CVE-2024-51144 | cve | Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=fl... |
| N/A | 2025-03-05 | CVE-2025-27517 | cve | Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This v... |
| N/A | 2025-03-05 | CVE-2024-57174 | cve | A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the u... |
| N/A | 2025-03-05 | CVE-2025-25362 | cve | A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. |
| N/A | 2025-03-05 | CVE-2025-25632 | cve | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. |
| N/A | 2025-03-05 | CVE-2025-25634 | cve | A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src lead... |
| N/A | 2025-03-05 | CVE-2025-27516 | cve | Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls th... |
| N/A | 2025-03-05 | CVE-2025-27508 | cve | Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms th... |
| N/A | 2025-03-05 | CVE-2024-12799 | cve | Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow... |
| N/A | 2025-03-05 | CVE-2025-1714 | cve | Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the se... |
| N/A | 2025-03-05 | CVE-2023-38693 | cve | Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via ... |
| N/A | 2025-03-05 | CVE-2025-21095 | cve | Path traversal may lead to arbitrary file download. The score without least privilege principle violation is as calculated below. In combination with other issues it may facil... |
| N/A | 2025-03-05 | CVE-2025-22212 | cve | A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL comm... |
| N/A | 2025-03-05 | CVE-2025-23416 | cve | Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facil... |
| N/A | 2025-03-05 | CVE-2025-24494 | cve | Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'U... |
| N/A | 2025-03-05 | CVE-2025-24521 | cve | External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issue... |
| N/A | 2025-03-05 | CVE-2025-27411 | cve | REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3. |
| Page(s) : 1 ... 152 153 154 155 156 157 158 159 160 161 [162] 163 164 165 166 167 168 169 170 171 172 ... | Result(s) : 312940 |
