| Page(s) : 1 ... 245 246 247 248 249 250 251 252 253 254 [255] 256 257 258 259 260 261 262 263 264 265 ... | Result(s) : 43290 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2023-11-20 | CVE-2023-5640 | cve | The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users... |
| 9.8 | 2023-11-20 | CVE-2023-5652 | cve | The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a fun... |
| 9.8 | 2023-11-20 | CVE-2023-38823 | cve | Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. |
| 9.8 | 2023-11-20 | CVE-2023-46990 | cve | Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. |
| 9.8 | 2023-11-20 | CVE-2023-48176 | cve | An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). |
| 9.8 | 2023-11-20 | CVE-2023-29155 | cve | Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain adm... |
| 9.8 | 2023-11-20 | CVE-2023-35762 | cve | Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. |
| 9.8 | 2023-11-20 | CVE-2022-46337 | cve | A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk De... |
| 9.8 | 2023-11-20 | CVE-2023-46302 | cve | Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Sub... |
| 9.8 | 2023-11-20 | CVE-2023-46700 | cve | SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attac... |
| 9.8 | 2023-11-18 | CVE-2023-4214 | cve | The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset c... |
| 9.8 | 2023-11-18 | CVE-2023-43177 | cve | CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. |
| 9.8 | 2023-11-18 | CVE-2023-48028 | cve | kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response... |
| 9.8 | 2023-11-17 | CVE-2023-6188 | cve | A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipul... |
| 9.8 | 2023-11-17 | CVE-2023-44324 | cve | Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthen... |
| 9.8 | 2023-11-17 | CVE-2023-38316 | cve | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting t... |
| 9.8 | 2023-11-17 | CVE-2023-41101 | cve | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. ... |
| 9.8 | 2023-11-17 | CVE-2023-45387 | cve | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via ... |
| 9.8 | 2023-11-17 | CVE-2023-48031 | cve | OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat fi... |
| 9.8 | 2023-11-17 | CVE-2023-48648 | cve | Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkd... |
| Page(s) : 1 ... 245 246 247 248 249 250 251 252 253 254 [255] 256 257 258 259 260 261 262 263 264 265 ... | Result(s) : 43290 |
