| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. |
| An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function |
| YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. |
| ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. |
| Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. |
| SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. |
| An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. |
| ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. |
| Loftware Spectrum before 5.1 allows SSRF. |
| Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. |
| Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.This issue affects Medicare: from n/a through 2.1.0. |
| TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. |
| Incorrect Privilege Assignment vulnerability in PT Norther Lights Production MapSVG allows Privilege Escalation.This issue affects MapSVG: from n/a before 8.6.13. |
| Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a before 8.6.13. |
| Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a before 8.6.13. |
| Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php |
