Search Results (Refine Search)
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-46294 |
An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute. Published: May 01, 2024; 4:15:12 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33431 |
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. Published: May 01, 2024; 3:15:27 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33430 |
An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. Published: May 01, 2024; 3:15:27 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33429 |
Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. Published: May 01, 2024; 3:15:27 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33428 |
Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. Published: May 01, 2024; 3:15:27 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33424 |
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section. Published: May 01, 2024; 3:15:27 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33393 |
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. Published: May 01, 2024; 3:15:27 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33304 |
SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. Published: May 01, 2024; 3:15:26 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33300 |
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. Published: May 01, 2024; 3:15:26 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33292 |
SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. Published: May 01, 2024; 3:15:26 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-29011 |
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. Published: May 01, 2024; 3:15:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-26504 |
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. Published: May 01, 2024; 3:15:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25458 |
An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port. Published: May 01, 2024; 3:15:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25355 |
s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component. Published: May 01, 2024; 3:15:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-24313 |
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php component. Published: May 01, 2024; 3:15:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-24312 |
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. Published: May 01, 2024; 3:15:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-22830 |
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level. Published: May 01, 2024; 3:15:22 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-26793 |
libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c. Published: May 01, 2024; 3:15:21 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-23022 |
Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. Published: May 01, 2024; 3:15:21 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-23021 |
Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. Published: May 01, 2024; 3:15:21 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |