| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
|
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited |
| Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected. |
| Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. |
| OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack. |
| DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface. |
| An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. |
| An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts. |
| A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. |
| Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash. |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. |
| An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. |
| An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. |
| An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. |
