Page(s) : 1 ... 86 87 88 89 90 91 92 93 94 95 [96] 97 98 99 100 101 102 103 104 105 106 ... | Result(s) : 39843 |
Alerts
DATE | NAME | CATEGORIES | DETAIL | |
---|---|---|---|---|
9.8 | 2023-10-21 | CVE-2023-45666 | cve | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays... |
9.8 | 2023-10-20 | CVE-2023-37824 | cve | Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. |
9.8 | 2023-10-20 | CVE-2023-5682 | cve | A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manip... |
9.8 | 2023-10-20 | CVE-2023-34051 | cve | VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted ap... |
9.8 | 2023-10-20 | CVE-2020-36706 | cve | The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/s... |
9.8 | 2023-10-20 | CVE-2023-39680 | cve | Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. |
9.8 | 2023-10-20 | CVE-2023-4402 | cve | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_product... |
9.8 | 2023-10-20 | CVE-2023-4488 | cve | The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated at... |
9.3 | 2023-10-20 | CVE-2023-5576 | cve | The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secre... |
9.8 | 2023-10-20 | CVE-2023-5533 | cve | The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and incl... |
9.6 | 2023-10-19 | CVE-2023-41895 | cve | Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that spe... |
9 | 2023-10-19 | CVE-2023-41896 | cve | Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the W... |
9.6 | 2023-10-19 | CVE-2023-41897 | cve | Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the... |
9.8 | 2023-10-19 | CVE-2023-43986 | cve | DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. |
9.8 | 2023-10-19 | CVE-2023-45381 | cve | In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` |
9.6 | 2023-10-19 | CVE-2023-45992 | cve | A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute pers... |
10 | 2023-10-19 | CVE-2022-42150 | cve | TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. |
9.8 | 2023-10-19 | CVE-2023-38584 | cve | In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control... |
9.8 | 2023-10-19 | CVE-2023-43492 | cve | In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control ... |
9.8 | 2023-10-19 | CVE-2023-45376 | cve | In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL... |
Page(s) : 1 ... 86 87 88 89 90 91 92 93 94 95 [96] 97 98 99 100 101 102 103 104 105 106 ... | Result(s) : 39843 |