Total
224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3805 | 2025-04-21 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2025-3804 | 2025-04-21 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26633 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-04-17 | N/A | 7.0 HIGH |
| Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2021-27493 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-17 | 6.4 MEDIUM | 6.1 MEDIUM |
| Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. | |||||
| CVE-2022-4064 | 1 Dalli Project | 1 Dalli | 2025-03-28 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.3 is able to address this issue. The patch is identified as 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to upgrade the affected component. | |||||
| CVE-2023-6123 | 1 Opentext | 1 Alm Octane | 2025-03-18 | N/A | 7.5 HIGH |
| Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. | |||||
| CVE-2025-1611 | 2025-02-24 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0697 | 2025-01-24 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10914 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-24 | 7.6 HIGH | 8.1 HIGH |
| A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-21864 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access. | |||||
| CVE-2023-46689 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-45315 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-42773 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-4730 | 1 Graphite Project | 1 Graphite | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216744. | |||||
| CVE-2022-4729 | 1 Graphite Project | 1 Graphite | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743. | |||||
| CVE-2022-4728 | 1 Graphite Project | 1 Graphite | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4727 | 1 Openmrs | 1 Appointment Scheduling Module | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation of the argument notes leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.17.0 is able to address this issue. The name of the patch is 2ccbe39c020809765de41eeb8ee4c70b5ec49cc8. It is recommended to upgrade the affected component. The identifier VDB-216741 was assigned to this vulnerability. | |||||
| CVE-2022-4726 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-216739. | |||||
| CVE-2022-4642 | 1 Tatoeba | 1 Tatoeba2 | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version prod_2022-10-30 is able to address this issue. The name of the patch is 91110777fc8ddf1b4a2cf4e66e67db69b9700361. It is recommended to upgrade the affected component. The identifier VDB-216501 was assigned to this vulnerability. | |||||
| CVE-2022-4640 | 1 Mingsoft | 1 Mcms | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499. | |||||