U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 227,954 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2021-47154

The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Published: March 18, 2024; 1:15:06 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2018-25099

In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.

Published: March 18, 2024; 1:15:06 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28745

Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.

Published: March 18, 2024; 12:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27757

flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."

Published: March 18, 2024; 12:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2581

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability.

Published: March 17, 2024; 11:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2577

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080.

Published: March 17, 2024; 11:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24539

FusionPBX before 5.2.0 does not validate a session.

Published: March 17, 2024; 11:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-47037

Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.

Published: March 17, 2024; 11:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-47036

Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later.

Published: March 17, 2024; 11:15:05 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2576

A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument admin_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257079.

Published: March 17, 2024; 10:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2575

A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability.

Published: March 17, 2024; 10:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2574

A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257077 was assigned to this vulnerability.

Published: March 17, 2024; 10:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24230

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.

Published: March 17, 2024; 10:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-52159

A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.

Published: March 17, 2024; 10:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2573

A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file /task-info.php. The manipulation leads to execution after redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257076.

Published: March 17, 2024; 9:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2572

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075.

Published: March 17, 2024; 9:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2571

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage-admin.php. The manipulation leads to execution after redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257074 is the identifier assigned to this vulnerability.

Published: March 17, 2024; 9:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-40747

Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.

Published: March 17, 2024; 9:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-40160

Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.

Published: March 17, 2024; 9:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-39933

Insufficient verification vulnerability exists in Broadcast Mail CGI (pmc.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server's execution privilege.

Published: March 17, 2024; 9:15:48 PM -0400
V3.x:(not available)
V2.0:(not available)