Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-6399 1 Zyxel 44 Atp100, Atp100 Firmware, Atp100w and 41 more 2025-01-21 5.7 Medium
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
CVE-2024-3968 1 Microfocus 1 Imanager 2025-01-21 7.8 High
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
CVE-2023-33252 1 0kims 1 Snarkjs 2025-01-21 7.5 High
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
CVE-2023-1696 1 Huawei 2 Emui, Harmonyos 2025-01-21 7.5 High
The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.
CVE-2024-1382 1 Nicdarkthemes 1 Restaurant Reservations 2025-01-21 8.8 High
The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible.
CVE-2024-1169 1 Themekraft 1 Post Form 2025-01-21 7.5 High
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.
CVE-2024-1170 1 Themekraft 1 Post Form 2025-01-21 8.2 High
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.
CVE-2024-3872 1 Mattermost 1 Mattermost Mobile 2025-01-21 3.1 Low
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.
CVE-2024-34717 1 Prestashop 1 Prestashop 2025-01-21 5.3 Medium
PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.
CVE-2024-2966 1 Bdthemes 1 Element Pack 2025-01-21 5.3 Medium
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details.
CVE-2023-23299 1 Garmin 1 Connect-iq 2025-01-21 7.5 High
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.
CVE-2024-1218 1 Kaliforms 1 Contact Form Builder 2025-01-19 4.3 Medium
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.
CVE-2023-28390 1 Icom 4 Sr-7100vn, Sr-7100vn\#31, Sr-7100vn\#31 Firmware and 1 more 2025-01-17 6.8 Medium
Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed.
CVE-2023-52712 1 Huawei 2 Curiem-wfg9b, Curiem-wfg9b Firmware 2025-01-17 7.8 High
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM
CVE-2024-54101 1 Huawei 2 Emui, Harmonyos 2025-01-17 6.2 Medium
Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-25915 1 Danfoss 2 Ak-sm 800a, Ak-sm 800a Firmware 2025-01-17 9.9 Critical
Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system.
CVE-2023-31994 1 Hanwhavision 860 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 857 more 2025-01-17 5.3 Medium
Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02.
CVE-2023-28015 1 Hcl 1 Domino Appdev Pack 2025-01-17 5.3 Medium
The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability.   During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not.  The attacker could use this information to focus a brute force attack on valid users.
CVE-2022-24806 4 Debian, Fedoraproject, Net-snmp and 1 more 16 Debian Linux, Fedora, Net-snmp and 13 more 2025-01-17 6.5 Medium
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVE-2024-28235 1 Contao 1 Contao 2025-01-17 8.4 High
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.