Vulnerabilities (CVE)

Total 232816 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-45706 2024-03-28 N/A 2.0 LOW
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.
CVE-2023-45715 2024-03-28 N/A 3.5 LOW
The console may experience a service interruption when processing file names with invalid characters.
CVE-2024-30598 2024-03-28 N/A N/A
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.
CVE-2024-0259 2024-03-28 N/A 7.3 HIGH
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
CVE-2024-31135 2024-03-28 N/A 6.1 MEDIUM
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
CVE-2024-31138 2024-03-28 N/A 4.6 MEDIUM
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
CVE-2024-29898 2024-03-28 N/A 4.9 MEDIUM
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.
CVE-2023-35121 2024-03-28 N/A 7.8 HIGH
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-47039 2024-03-28 N/A 7.8 HIGH
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
CVE-2023-47038 2 Perl, Redhat 2 Perl, Enterprise Linux 2024-03-28 N/A 7.8 HIGH
A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
CVE-2013-4558 1 Apache 2 Mod Dav Svn, Subversion 2024-03-28 3.5 LOW N/A
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
CVE-2024-29227 2024-03-28 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29236 2024-03-28 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-29235 2024-03-28 N/A 5.4 MEDIUM
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2024-25923 2024-03-28 N/A 5.3 MEDIUM
Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0.
CVE-2024-30228 2024-03-28 N/A 9.9 CRITICAL
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.
CVE-2024-2091 2024-03-28 N/A 5.4 MEDIUM
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2022-45850 2024-03-28 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.
CVE-2024-25924 2024-03-28 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.
CVE-2024-30595 2024-03-28 N/A N/A
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.