ID | CVSS | Summary | Last (major) update | Published | |
CVE-2024-2604 | None |
A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The
|
19-03-2024 - 04:15 | 18-03-2024 - 21:15 | |
CVE-2024-28757 | None |
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
|
19-03-2024 - 03:15 | 10-03-2024 - 05:15 | |
CVE-2023-47995 | None |
Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.
|
19-03-2024 - 03:15 | 09-01-2024 - 23:15 | |
CVE-2023-47997 | None |
An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
|
19-03-2024 - 03:15 | 10-01-2024 - 00:15 | |
CVE-2024-2622 | None |
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/e
|
19-03-2024 - 02:15 | 19-03-2024 - 02:15 | |
CVE-2023-40275 | None |
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2023-40276 | None |
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2023-40277 | None |
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2023-40280 | None |
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2024-2620 | None |
A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2024-2621 | None |
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of th
|
19-03-2024 - 01:15 | 19-03-2024 - 01:15 | |
CVE-2024-23225 | None |
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protectio
|
19-03-2024 - 01:00 | 05-03-2024 - 20:16 | |
CVE-2024-23296 | None |
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report
|
19-03-2024 - 01:00 | 05-03-2024 - 20:16 | |
CVE-2024-24578 | None |
RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28237 | None |
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a w
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28248 | None |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope o
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28249 | None |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a no
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28250 | None |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-e
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28855 | None |
ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28864 | None |
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occu
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2024-28865 | None |
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this i
|
18-03-2024 - 22:15 | 18-03-2024 - 22:15 | |
CVE-2023-49298 | None |
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: t
|
18-03-2024 - 22:15 | 24-11-2023 - 19:15 | |
CVE-2023-6710 | None |
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias
|
18-03-2024 - 22:15 | 12-12-2023 - 22:15 | |
CVE-2013-20001 | 5.0 |
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the config
|
18-03-2024 - 22:15 | 12-02-2021 - 20:15 | |
CVE-2024-22412 | None |
ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access co
|
18-03-2024 - 21:15 | 18-03-2024 - 21:15 | |
CVE-2024-23333 | None |
LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cau
|
18-03-2024 - 21:15 | 18-03-2024 - 21:15 | |
CVE-2024-25654 | None |
Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data st
|
18-03-2024 - 20:15 | 18-03-2024 - 20:15 | |
CVE-2024-25655 | None |
Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successful
|
18-03-2024 - 20:15 | 18-03-2024 - 20:15 | |
CVE-2024-25656 | None |
Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead
|
18-03-2024 - 20:15 | 18-03-2024 - 20:15 | |
CVE-2024-25657 | None |
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites.
|
18-03-2024 - 20:15 | 18-03-2024 - 20:15 | |
CVE-2024-22988 | None |
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
|
18-03-2024 - 20:15 | 23-02-2024 - 23:15 | |
CVE-2023-49085 | None |
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vu
|
18-03-2024 - 20:15 | 22-12-2023 - 17:15 | |
CVE-2023-49088 | None |
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers the
|
18-03-2024 - 20:15 | 22-12-2023 - 17:15 | |
CVE-2023-49084 | None |
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary c
|
18-03-2024 - 20:15 | 21-12-2023 - 23:15 | |
CVE-2023-49086 | None |
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack.
Exploitation of the vulnerability is possible for an aut
|
18-03-2024 - 20:15 | 22-12-2023 - 00:15 | |
CVE-2023-39364 | None |
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepass
|
18-03-2024 - 20:15 | 05-09-2023 - 22:15 | |
CVE-2023-39513 | None |
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. Thes
|
18-03-2024 - 20:15 | 05-09-2023 - 21:15 | |
CVE-2023-39360 | None |
Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.ph
|
18-03-2024 - 20:15 | 05-09-2023 - 21:15 | |
CVE-2023-39361 | None |
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest user
|
18-03-2024 - 20:15 | 05-09-2023 - 21:15 | |
CVE-2023-39515 | None |
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data w
|
18-03-2024 - 20:15 | 05-09-2023 - 21:15 | |
CVE-2023-39357 | None |
Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the
|
18-03-2024 - 20:15 | 05-09-2023 - 22:15 | |
CVE-2023-39362 | None |
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and o
|
18-03-2024 - 20:15 | 05-09-2023 - 22:15 | |
CVE-2023-39516 | None |
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. Thes
|
18-03-2024 - 20:15 | 05-09-2023 - 22:15 | |
CVE-2023-39365 | None |
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has bee
|
18-03-2024 - 20:15 | 05-09-2023 - 22:15 | |
CVE-2024-20760 | None |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed i
|
18-03-2024 - 19:40 | 18-03-2024 - 18:15 | |
CVE-2024-20761 | None |
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus
|
18-03-2024 - 19:40 | 18-03-2024 - 18:15 | |
CVE-2024-20762 | None |
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this is
|
18-03-2024 - 19:40 | 18-03-2024 - 18:15 | |
CVE-2024-20754 | None |
Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources s
|
18-03-2024 - 19:40 | 18-03-2024 - 18:15 | |
CVE-2024-20763 | None |
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this is
|
18-03-2024 - 19:40 | 18-03-2024 - 18:15 | |
CVE-2024-20763 | None |
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this is
|
18-03-2024 - 19:40 | 18-03-2024 - 18:15 |