Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CVSS Version: 3
- CVSS V3 Severity: Critical (9-10)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-7243 |
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution. Published: March 01, 2024; 4:15:07 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-1709 |
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. Published: February 21, 2024; 11:15:50 AM -0500 |
V3.1: 10.0 CRITICAL V2.0:(not available) |
CVE-2024-23809 |
A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: February 20, 2024; 11:15:10 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-23606 |
An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: February 20, 2024; 11:15:09 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-23310 |
A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: February 20, 2024; 11:15:09 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-23305 |
An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: February 20, 2024; 11:15:08 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-22097 |
A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: February 20, 2024; 11:15:08 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-21812 |
An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: February 20, 2024; 11:15:08 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-21795 |
A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Published: February 20, 2024; 11:15:08 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-45318 |
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. Published: February 20, 2024; 10:15:08 AM -0500 |
V3.1: 10.0 CRITICAL V2.0:(not available) |
CVE-2024-1651 |
Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. Published: February 19, 2024; 7:15:14 PM -0500 |
V3.1: 10.0 CRITICAL V2.0:(not available) |
CVE-2024-1644 |
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI. Published: February 19, 2024; 7:15:14 PM -0500 |
V3.1: 9.9 CRITICAL V2.0:(not available) |
CVE-2024-1297 |
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. Published: February 19, 2024; 7:15:14 PM -0500 |
V3.1: 10.0 CRITICAL V2.0:(not available) |
CVE-2024-1597 |
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. Published: February 19, 2024; 8:15:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-23479 |
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Published: February 15, 2024; 4:15:10 PM -0500 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2024-23477 |
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. Published: February 15, 2024; 4:15:09 PM -0500 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2024-23476 |
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. Published: February 15, 2024; 4:15:09 PM -0500 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2023-40057 |
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. Published: February 15, 2024; 4:15:08 PM -0500 |
V3.1: 9.0 CRITICAL V2.0:(not available) |
CVE-2023-7081 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSÄ°L Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024. Published: February 15, 2024; 11:15:46 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-5155 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8. Published: February 15, 2024; 11:15:45 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |