| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue. |
| The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. |
| The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme: from n/a through 2.6. |
| A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02. |
| A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default. |
| The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level.
The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. |
| The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data.
The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. |
| A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device.
The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. |
| In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics. |
| The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root. |
| RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network. |
| During the initial setup of the device the user connects to an access
point broadcast by the Sight Bulb Pro. During the negotiation, AES
Encryption keys are passed in cleartext. If captured, an attacker may be
able to decrypt communications between the management app and the Sight
Bulb Pro which may include sensitive information such as network
credentials. |
| Unauthenticated users on an adjacent network with the Sight Bulb Pro can
run shell commands as root through a vulnerable proprietary TCP
protocol available on Port 16668. This vulnerability allows an attacker
to run arbitrary commands on the Sight Bulb Pro by passing a well formed
JSON string. |
| TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `<tabber>` tag. Version 3.1.1 contains a patch for the bug. |
| PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory. |
| Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges. |
| ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and output of HTTP headers within `AsyncWebHeader.cpp`. Unsanitized input allows attackers to inject CR (`\r`) or LF (`\n`) characters into header names or values, leading to arbitrary header or response manipulation. Manipulation of HTTP headers and responses can enable a wide range of attacks, making the severity of this vulnerability high. A fix is available at pull request 211 and is expected to be part of version 3.7.9. |
