This vulnerability allows an attacker to execute malicious code remotely on a H3C GR-1800AX MiniGRW1B0V100R007 device by manipulating the "aspForm" parameter.
This vulnerability can give an attacker full control over the device, allowing them to steal sensitive data, disrupt network operations, or use the device as a launching point for further attacks.
This vulnerability allows an attacker to inject malicious code into the "Website Name" parameter of a MyBB v1.8.38 installation, which can then be executed by other users who visit the affected website.
This vulnerability enables attackers to steal user data, take control of user accounts, or perform other malicious actions on behalf of the user. This can lead to unauthorized access, data breaches, and other security incidents.
This vulnerability allows attackers to inject malicious code into the Page banner parameter on the Configuration page of Piwigo v14.5.0, which can execute arbitrary web scripts or HTML.
This allows attackers to steal user data, take control of user sessions, or perform other malicious actions on behalf of the user.
This vulnerability allows attackers to upload malicious files to a HkCms system (version 2.3.2.240702 or earlier) through a weakness in the getFileName method in the Upload.php file.
This vulnerability enables attackers to upload harmful files, potentially leading to malware infections, data breaches, or other security incidents.
This vulnerability allows an attacker to send a large file upload request to a server using the Litestar framework, which can cause the server to use excessive memory and potentially crash.
This can lead to a Denial of Service (DoS) attack, making the server unavailable to users and causing disruptions to the service.
This vulnerability in Querydsl 5.1.0 allows an attacker to inject malicious SQL or HQL code into the orderBy clause of a JPAQuery, which can lead to unauthorized access and manipulation of sensitive data.
This vulnerability is a problem because it can allow an attacker to bypass security controls, access and modify sensitive data, and potentially take control of the affected system. This can lead to serious consequences, including data breaches, financial losses, and reputational damage.
This vulnerability in MBed OS 6.16.0 allows an attacker to cause a buffer overflow in the hci parsing software by manipulating the length of certain packets, leading to a potential denial of service.
This vulnerability can be easily exploited to crash the system or disrupt its functionality, causing a denial of service. Although it is unlikely to be exploited further to gain control of the system, it still poses a significant risk to system stability and availability.
This vulnerability allows an attacker to cause a buffer overflow in MBed OS 6.16.0 when parsing HCI reports. This happens because the software doesn't validate the addresses of the reports, which can lead to the corruption of a report's length field, causing a memcpy operation to overwrite the buffer.
This vulnerability can lead to a buffer overflow, which can cause the system to crash or allow an attacker to execute malicious code.
This vulnerability in MBed OS 6.16.0 allows an attacker to cause a buffer overflow by sending a specially crafted HCI packet with a length value less than 3. This can also lead to an integer overflow when large length values are supplied.
This vulnerability can lead to a denial of service, which means an attacker can crash the system or make it unavailable. While it may not be possible to exploit the system further, the denial of service can still cause significant disruption and impact.
This vulnerability allows attackers to access and view all transactions performed by a company by sending a specially crafted web request to eSoft Planner 3.24.08271-USA.
This is a problem because it could allow unauthorized access to sensitive financial information, which could be used for malicious purposes such as fraud or identity theft.
This vulnerability allows attackers to inject malicious code into the "Name" parameter of eSoft Planner 3.24.08271-USA, which can then be executed by other users who access the affected area.
This type of attack, known as stored cross-site scripting (XSS), can let hackers steal sensitive information, take control of user accounts, or perform other malicious actions on behalf of the affected users.
This vulnerability allows an attacker to inject malicious code into the Camp Details module of eSoft Planner, which can execute arbitrary code in a user's browser.
This allows an attacker to steal sensitive information, take control of the user's session, or perform other malicious actions on the user's behalf, all without the user's knowledge or consent.
This vulnerability allows attackers to figure out which email addresses are associated with valid user accounts on eSoft Planner 3.24.08271-USA by exploiting a difference in how the system responds to valid and invalid email accounts in the "Forgot your Login?" module.
This vulnerability is a problem because it enables attackers to gather a list of valid user email accounts, which can be used to launch targeted phishing attacks, spam campaigns, or even brute-force password guessing attempts.
This vulnerability allows attackers to inject malicious code into the Rental Availability module of eSoft Planner, which can then be executed in a user's browser.
This can lead to unauthorized actions being taken on the user's behalf, such as stealing sensitive information or taking control of the user's session.
This vulnerability allows attackers to send a specially crafted request to the Instructor Appointment Availability module of eSoft Planner, causing the system to become unresponsive or crash.
This can lead to a Denial of Service (DoS), making it impossible for legitimate users to access the system, resulting in disruption of services and potential loss of productivity.
This vulnerability allows an attacker to overflow a buffer in the arp_sys_asp function of the D-LINK DI-8003 device, version 16.07.16A1, by sending a malformed notify parameter.
This buffer overflow can potentially allow an attacker to crash the device or execute malicious code, leading to a denial of service or unauthorized access to the device.
This vulnerability allows an attacker to overflow a buffer in the D-LINK DI-8003 router's tgfile_htm function using the fn parameter, potentially leading to malicious code execution.
If exploited, this vulnerability could allow an attacker to take control of the router, steal sensitive information, or disrupt network traffic, compromising the security and stability of the network.
This vulnerability allows an attacker to overflow a buffer in MBed OS 6.16.0 by sending a specially crafted HCI packet. This can lead to an arbitrary write, where the attacker can write data to any location in memory.
This vulnerability can be exploited by an attacker to take control of the system, allowing them to execute malicious code or steal sensitive information. It can also cause the system to crash or become unstable.
This vulnerability allows an attacker to send a specially crafted HCI packet to MBed OS 6.16.0, causing the software to allocate a buffer that is too small to hold the packet data. This can lead to a buffer overflow of up to 65 KB.
This vulnerability is a problem because it can be easily exploited to cause a denial of service, making the system unavailable or unstable. Although it is generally not possible to exploit this vulnerability further, it still poses a significant risk to system reliability and availability.
A vulnerability in MBed OS 6.16.0 allows an attacker to send a specially crafted HCI packet with an invalid identifier, which can cause a buffer overflow and allow the attacker to write arbitrary data to the system.
This vulnerability can be exploited by an attacker to gain control of the system, allowing them to overwrite sensitive data and potentially gain unauthorized access.
This vulnerability allows attackers to inject malicious code into specific fields of an email message in Zimbra Collaboration (ZCS) through 10.0, which can then be stored and executed when the victim views their contact list.
This vulnerability enables attackers to perform unauthorized actions, such as sending arbitrary emails, accessing mailbox contents, and altering profile pictures, all without the victim's knowledge or consent.
This vulnerability allows an attacker to trick a user into opening a malicious file in the Briefcase module of Zimbra Collaboration (ZCS), which can execute harmful JavaScript code in the user's browser session.
This vulnerability enables an attacker to steal sensitive information, take control of the user's account, or perform actions on their behalf, which can lead to unauthorized access, data breaches, and other security issues.
This vulnerability allows an attacker who has already gained access to a Kasda LinkSmart Router KW5515 (version 1.7 or earlier) to execute any operating system command they want by manipulating certain parameters in the router's web interface.
This is a problem because it gives the attacker full control over the router, allowing them to steal sensitive information, disrupt network traffic, or even take over the entire network.
This vulnerability allows attackers to remotely execute commands on the D-LINK DI-8400 router with firmware version v16.07.26A1 by exploiting the msp_info_htm function using the flag and cmd parameters.
This vulnerability can give attackers full control of the router, allowing them to perform malicious actions such as stealing sensitive information, installing malware, or using the router for DDoS attacks.
This vulnerability allows an attacker who is already logged in to execute arbitrary operating system commands on a Kasda KW6512 router by manipulating certain parameters on the Quick Setup and Internet pages.
This allows the attacker to take control of the router and execute malicious commands, potentially leading to unauthorized access, data theft, or disruption of network services.
This vulnerability allows an attacker to inject malicious code into the /index.php/setpage/admin/pageAE.html file of 115cms through the "tid" argument, leading to Cross-Site Scripting (XSS).
This vulnerability can be exploited remotely, allowing an attacker to inject malicious scripts that can steal sensitive information, take control of user sessions, or perform other malicious actions on behalf of the user.
This vulnerability allows an attacker to inject malicious code into a webpage through the "tid" argument in the /index.php/admin/web/appurladd.html file, which can lead to Cross-Site Scripting (XSS).
This vulnerability allows an attacker to remotely inject malicious code, which can steal user data, take control of the user's session, or perform other malicious actions. If exploited, it can compromise the security of the affected system and its users.
N/A
N/A
This vulnerability allows an attacker to block internet traffic through a VPN (Virtual Private Network) connection, leading to a denial of service.
This can cause problems for users who rely on the internet for their daily activities, and can lead to disruptions in productivity and communication. Since user interaction is required for exploitation, this vulnerability can be triggered unintentionally by a user.
This vulnerability allows an attacker to read sensitive information from a device's Bluetooth connection without needing any special access or user interaction.
This is a problem because it could lead to the unauthorized disclosure of private information, which could potentially be used for malicious purposes.
This vulnerability allows an attacker to read sensitive information from a device over Bluetooth without needing any special privileges or user interaction.
This vulnerability is a problem because it allows an attacker to access confidential information without the user's knowledge or permission, potentially leading to data breaches or other malicious activities.
This vulnerability allows an attacker to read information from outside the intended boundaries of a program, potentially disclosing sensitive data.
This vulnerability can be exploited remotely without the need for user interaction, and can lead to the disclosure of sensitive information without requiring additional execution privileges.
This vulnerability allows an attacker to read sensitive information from a device's Bluetooth connection, even after the connection has been terminated.
This is a problem because it allows an attacker to access confidential data without needing any special privileges or user interaction, which could lead to the exposure of sensitive information.
This vulnerability allows an attacker to read sensitive information from the Bluetooth service on a device by exploiting an integer overflow in the btif_hd.cc file.
This vulnerability is a problem because it allows an attacker to access private information without needing any additional privileges or user interaction, which can lead to confidentiality breaches.
This vulnerability allows an attacker to read sensitive information from a Bluetooth device's memory, potentially revealing confidential data.
This vulnerability is a problem because it can be exploited remotely, without the need for user interaction, and doesn't require any special privileges. This makes it easily accessible to attackers, who can use it to steal sensitive information.
This vulnerability allows an attacker to read sensitive information from a Bluetooth device without needing any special privileges or user interaction.
This can lead to the unauthorized disclosure of sensitive information, which could be used to exploit other vulnerabilities or compromise the security of the device and its data.
CVE-2018-9479 allows an attacker to write data outside of a designated boundary in the sdp_server.cc component, potentially leading to remote code execution.
This vulnerability is a problem because it can be exploited remotely without requiring any user interaction, and can lead to an attacker gaining control of the system without needing additional privileges.
This vulnerability allows an attacker to write data outside of a designated buffer in the SDP server, which can lead to remote code execution.
This vulnerability is a problem because it can be exploited by an attacker to remotely execute code without needing any additional privileges, and it doesn't require any user interaction. This means an attacker could potentially take control of a system without the user even realizing it.
This vulnerability allows an attacker to bypass authentication in the development options section of the Settings app, potentially leading to local privilege escalation.
This vulnerability is a problem because it allows an attacker to gain elevated privileges without needing additional execution privileges, which could lead to unauthorized access to sensitive information or system control.
This vulnerability allows an attacker to write data to a stack location outside of its intended boundaries through a Bluetooth connection, potentially leading to remote escalation of privilege.
This vulnerability is a problem because it allows an attacker to gain elevated access to a system without the need for user interaction, potentially leading to unauthorized access to sensitive data and system control.
This vulnerability allows an attacker to send malicious data to the MediaPlayer.java component, which can cause a serialization/deserialization mismatch. This can lead to a local escalation of privilege, giving the attacker elevated access to the system.
This vulnerability is a problem because it can allow an attacker to gain higher privileges on the system without needing any additional execution privileges. This can lead to unauthorized access to sensitive data and system resources.
This vulnerability allows an attacker to write data outside of its intended boundaries in the xmlMemStrdupLoc function, which can lead to remote code execution in an unprivileged process.
This vulnerability is a problem because it can allow an attacker to run malicious code on a vulnerable system, potentially leading to unauthorized access, data theft, or other malicious activities.
This vulnerability allows an attacker to exploit a type confusion issue in the deserialization constructor of NanoAppFilter.java, leading to potential data loss.
This vulnerability can be used to escalate privileges on the system server without needing additional execution privileges, giving an attacker unauthorized access and control over the system.
This vulnerability allows an attacker to write data outside of the intended boundaries in an application, potentially leading to remote escalation of privilege.
This vulnerability is a problem because it can allow an unprivileged attacker to gain elevated access to a system or app, potentially leading to unauthorized actions or data theft.
A vulnerability in Password Pusher's rate limiter allows attackers to bypass it by forging proxy headers, enabling them to send unlimited traffic to the site.
This vulnerability can cause a denial of service, potentially crashing the site and making it unavailable to users.
This vulnerability allows an attacker to delete arbitrary files on a system running DedeBIZ v6.3.0, using the /admin/file_manage_view component.
This is a problem because an attacker could exploit this vulnerability to delete critical system files or sensitive data, leading to data loss, system crashes, or even complete system compromise.
This vulnerability allows attackers to upload a specially crafted file to the /admin/file_manage_control component of DedeBIZ v6.3.0, which can then be executed to run arbitrary code.
This can lead to unauthorized access and control of the system, compromising sensitive data and potentially causing significant damage.
This vulnerability allows attackers to upload malicious files to the /admin/friendlink_edit component of DedeBIZ v6.3.0, which can lead to the execution of arbitrary code.
This vulnerability is a problem because it allows attackers to gain control of the system, potentially leading to unauthorized access, data theft, or system compromise.
This vulnerability allows an attacker to inject malicious SQL code into the SemCms system through the ldgid parameter in the SEMCMS_SeoAndTag.php component, giving them the ability to execute arbitrary code.
This vulnerability can lead to unauthorized access to sensitive data, modification of database information, and potentially even complete system compromise.
This vulnerability allows an attacker to access sensitive files on a system by exploiting a weakness in the print labelling function of Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier.
This vulnerability is a problem because it can allow an attacker to obtain sensitive information, which could lead to unauthorized access, data breaches, or other security issues.
This vulnerability allows a remote attacker to gain higher-level access and control over an Audimex EE system, version 15.1.20 or earlier.
This is a problem because it gives an unauthorized person the ability to perform actions that can compromise the security and integrity of the system, potentially leading to data breaches, system crashes, or other malicious activities.
This vulnerability allows an attacker to inject malicious code into the /index.php/admin/web/useradmin.html file of a 115cms system by manipulating the "ks" argument, which can lead to a cross-site scripting (XSS) attack.
This is a problem because it can allow an attacker to steal user data, take control of user sessions, or perform unauthorized actions on behalf of the user.
This vulnerability allows an attacker to inject malicious scripts into the /index.php/admin/web/set.html file of 115cms, leading to Cross-Site Scripting (XSS) attacks.
This vulnerability can be exploited remotely, allowing an attacker to steal user data, take control of user sessions, or perform other malicious actions on behalf of the user.
This vulnerability allows an attacker to inject malicious code into a webpage through the "ks" argument in the /index.php/admin/web/file.html file, leading to a Cross-Site Scripting (XSS) attack.
This vulnerability allows an attacker to steal user data, take control of user sessions, or perform unauthorized actions on behalf of the user, which can lead to serious security breaches.
This vulnerability allows an attacker to inject malicious code into the /app/admin/view/web_user.html file in 115cms, leading to a Cross-Site Scripting (XSS) attack.
This vulnerability allows an attacker to remotely execute malicious scripts on a user's browser, potentially stealing sensitive information, taking control of the user's session, or performing unwanted actions on their behalf.
This vulnerability allows an attacker to create a fake shortcut on a device, which could be used to gain higher privileges on the device.
This vulnerability is a problem because it could allow an attacker to elevate their privileges on a device, giving them access to sensitive information and allowing them to perform malicious actions.
This vulnerability in the DownloadManager.java file allows an attacker to read and write arbitrary files without permission, potentially leading to unauthorized access to sensitive information and modification of important files.
This is a problem because it allows an attacker to access and alter sensitive data without needing any additional privileges, and can be exploited without any user interaction.
This vulnerability allows an attacker to inject malicious SQL code into the Code4Berry Decoration Management System 1.0, specifically in the file /decoration/admin/btndates_report.php, by manipulating the "fromdate" and "todate" arguments.
This vulnerability can be exploited remotely, allowing an attacker to gain unauthorized access to sensitive data or disrupt system operations. The vendor has not responded to the disclosure, leaving systems potentially vulnerable.
This vulnerability allows an attacker to manipulate the User Permission Handler in Code4Berry Decoration Management System 1.0, leading to permission issues.
This vulnerability is a problem because it can be exploited remotely, allowing an unauthorized user to gain elevated privileges and access sensitive information or systems.
This vulnerability allows an attacker to exploit the User Handler component in Code4Berry Decoration Management System 1.0, specifically in the file /decoration/admin/userregister.php, leading to permission issues.
This is a critical issue because it can be exploited remotely, giving an attacker access to sensitive areas of the system without proper authorization. This can lead to unauthorized changes, data breaches, or even a takeover of the system.
This vulnerability allows an attacker to exploit the "update_image.php" file in the Decoration Management System, specifically the User Image Handler component, by manipulating the "productimage1" argument. This can be done remotely.
This vulnerability allows an attacker to bypass access controls, potentially leading to unauthorized access to sensitive information or systems. Since the exploit has been made public, it's highly likely that attackers will attempt to exploit this vulnerability.
This vulnerability allows an attacker to trick the 2FAuth web app into making unauthorized requests to arbitrary URLs and store the response as an image file on the server.
This vulnerability is a problem because it enables an attacker to access sensitive information or systems that are accessible from the application, but not directly accessible to the attacker. This can lead to unauthorized data access, system compromise, or other malicious activities.
This vulnerability allows an attacker to inject malicious code into the HTML5 Lyrics Karaoke Player, which can then be executed by users visiting the affected website. This is known as a Reflected Cross-Site Scripting (XSS) attack.
This vulnerability allows attackers to steal user data, take control of user sessions, or perform other malicious actions on behalf of the user. It can also lead to the spread of malware,icious code, or unauthorized access to sensitive information.
This vulnerability allows an attacker to inject malicious code into the Weather Atlas Widget, which can then be executed by users interacting with the affected webpage.
This vulnerability can lead to cross-site scripting (XSS) attacks, which can steal user data, take control of user sessions, or perform unauthorized actions on the user's behalf.
This vulnerability allows an attacker to inject malicious code into a web page, which can then be executed by users who visit the page. This is known as a Reflected Cross-Site Scripting (XSS) attack.
This vulnerability can be exploited to steal user data, take control of user sessions, or even redirect users to phishing or malware sites. It can also be used to launch further attacks on the website or its users.
This vulnerability allows an attacker to inject malicious code into a website, which can then be executed by unsuspecting users when they visit the site.
This can lead to unauthorized actions being taken on the user's behalf, such as stealing sensitive information, taking control of the user's session, or redirecting them to phishing sites.
This vulnerability allows an attacker to inject malicious code or HTML into the search input field on the admin search invoice page and client search invoice page of Anuj Kumar's Client Management System Version 1.2.
If an attacker is able to inject malicious code, they can trick users into divulging sensitive information, take control of their sessions, or perform unauthorized actions on their behalf.
This vulnerability allows an attacker to upload a malicious PHP script to a Boat Booking System by exploiting a weakness in the image upload feature.
This means that an attacker could potentially execute malicious code on the system, leading to unauthorized access, data theft, or system damage.
This vulnerability allows an attacker to manipulate the generation of code in Pega Platform, potentially leading to unauthorized access or malicious code execution.
This vulnerability is highly severe (rated 9.1 out of 10) because it could give attackers control over the system, allowing them to steal sensitive data, disrupt operations, or inject malware.
This vulnerability allows an attacker to gain higher privileges than intended in upKeeper Instant Privilege Access, giving them unauthorized access to sensitive data and systems.
This vulnerability is a problem because it allows an attacker to escalate their privileges, giving them the ability to perform malicious actions that they would not normally be able to do. This can lead to data breaches, system compromise, and other security issues.
This vulnerability allows an attacker to escalate their privileges on a system using upKeeper Instant Privilege Access, giving them unauthorized access to sensitive data and controls.
This vulnerability is a problem because it allows an attacker to gain elevated access to a system, potentially leading to data breaches, system compromise, or unauthorized changes to sensitive systems.
This vulnerability allows an attacker to upload a malicious SVG image to the 2FAuth web app, which can execute JavaScript code and compromise a user's session and access to their security tokens.
This vulnerability is a problem because it enables an attacker to hijack a user's session and gain access to sensitive security tokens, allowing them to gain unauthorized access to the user's 2FA accounts.
This vulnerability in the PublishPress Revisions plugin for WordPress allows attackers with Subscriber-level access or higher to extract sensitive data, including revisions of posts and pages, using the 'actAjaxRevisionDiffs' function.
This vulnerability puts sensitive information at risk of being exposed to unauthorized users, which can lead to unauthorized access, data breaches, and other security issues.
The Clone plugin for WordPress has a vulnerability that allows attackers to inject malicious PHP code into the system by exploiting a flaw in the 'recursive_unserialized_replace' function.
This vulnerability can be used by attackers to delete files, access sensitive data, or even execute malicious code, potentially leading to serious security breaches and data loss.
This vulnerability allows a local attacker to execute arbitrary code on a system by overflowing a buffer in OllyDbg version 1.10, due to a lack of proper bounds checking.
This vulnerability is a problem because it enables an attacker to gain unauthorized control of a system, potentially leading to data breaches, system crashes, or other malicious activities.
This CVE candidate was issued in error and should not be used.
Since this CVE was mistakenly created, it does not refer to a legitimate vulnerability, and any attempts to address it would be unnecessary and potentially confusing.
This vulnerability allows an attacker to trick a user into performing unintended actions on a website, which can lead to unauthorized access to sensitive data, including the ability to inject malicious SQL code.
This vulnerability is a problem because it can allow an attacker to gain unauthorized access to sensitive data, disrupt website functionality, and potentially take control of the website.
This vulnerability allows an attacker to include and execute malicious PHP files on a vulnerable nBlocks system, giving them access to sensitive information and potentially leading to remote code execution.
This vulnerability is a problem because it can allow an attacker to take control of the system, access sensitive data, and potentially disrupt the entire system. This can lead to data breaches, system compromise, and other serious security issues.
This vulnerability allows an attacker to access and include local files on a server, potentially leading to sensitive information disclosure or code execution.
This vulnerability can give an attacker access to sensitive files on the server, which can lead to serious security breaches, such as stealing sensitive data, taking control of the server, or launching further attacks.
This vulnerability allows an attacker to access and include local files on a server by manipulating the pathnames in the WebCodingPlace Ultimate Classified Listings plugin.
This allows an attacker to access sensitive information, escalate privileges, or even take control of the server, leading to a significant security breach.
This vulnerability allows an attacker to access files on a server by manipulating the URL path in the Corporate Zen Contact Page With Google Map plugin, version 1.6.1 and earlier, using a technique called Path Traversal.
This vulnerability is a problem because an attacker can use it to access sensitive files on the server, potentially leading to unauthorized data access, modification, or deletion, which can compromise the security and integrity of the system.
This vulnerability allows an attacker to trick a user into performing unintended actions on a website (Cross-Site Request Forgery or CSRF) and inject malicious objects into the Buying Buddy IDX CRM system.
This vulnerability can be exploited to manipulate user data, gain unauthorized access, or steal sensitive information. It's particularly concerning because users may unknowingly perform malicious actions, making it difficult to detect and respond to the attack.
This vulnerability allows an attacker to inject malicious objects into the QRMenu Restaurant QR Menu Lite system by deserializing untrusted data.
This vulnerability could lead to severe consequences, such as arbitrary code execution, data theft, or system compromise, as the injected objects can manipulate the system's behavior.
This vulnerability allows an attacker to access and manipulate files outside of the intended directory, known as a "Path Traversal" attack, in the WPOPAL Opal Woo Custom Product Variation plugin.
This vulnerability can lead to unauthorized access, modification, or deletion of sensitive files, which can compromise the security and integrity of the affected system.
This vulnerability allows an attacker to inject malicious objects into the Geolocator system by deserializing untrusted data, potentially giving them control over the system.
This vulnerability can lead to a complete takeover of the system, allowing the attacker to steal data, disrupt operation, or inject malware. The severity score of 9.8 indicates that this is a highly critical vulnerability that requires immediate attention.
This vulnerability in UserPlus allows an attacker to gain higher privileges than intended, giving them unauthorized access to sensitive features and data.
This vulnerability is a significant concern because it can lead to a privilege escalation attack, where an attacker can gain control of the system or access sensitive information, potentially causing data breaches, unauthorized changes, or even complete system compromise.
This vulnerability in Quick Learn allows an attacker to inject objects into the system, which can lead to modifications of object prototype attributes. This is known as "prototype pollution."
This vulnerability can allow an attacker to manipulate the behavior of the system, leading to unauthorized access, data tampering, or even complete system takeover. Given its high severity rating of 9.8, this vulnerability poses a significant risk to the system and its data.
This vulnerability allows an attacker to inject malicious objects into the Xpresslane Fast Checkout system by deserializing untrusted data.
This vulnerability can lead to the execution of arbitrary code, allowing attackers to take control of the system and steal sensitive information. The severity of this vulnerability is very high, with a rating of 9.8.
This vulnerability allows an attacker to inject malicious objects into the system by deserializing untrusted data in the Mark O'Donnell Team Rosters software.
This vulnerability allows an attacker to gain control over the system, potentially leading to data breaches, unauthorized access, or even complete system takeover.
This vulnerability allows an attacker to gain higher privileges in the deco.Agency de:branding system without needing to authenticate.
This is a serious issue because it gives unauthorized users the ability to access sensitive data and perform actions that they shouldn't be allowed to, potentially leading to data breaches, system tampering, or other malicious activities.
This vulnerability allows an attacker to access a critical function in the Banner System without needing to authenticate (prove who they are).
This is a problem because it enables an attacker to gain elevated privileges, which means they can perform actions that they shouldn't be able to, potentially causing harm to the system or stealing sensitive information.
This vulnerability allows an attacker to store malicious code (Cross-site Scripting or XSS) in django CMS Attributes Fields, which can then be executed when a user visits the affected webpage.
This vulnerability can lead to unauthorized access to sensitive user data, theft of login credentials, or unwanted actions being performed on the user's behalf.
This vulnerability allows an attacker to upload malicious files, manipulate input data, and inject script-related HTML tags in a web page, leading to Stored XSS attacks.
This vulnerability enables attackers to inject malicious scripts that can steal user data, take control of user sessions, or perform unauthorized actions on the affected website. This can lead to sensitive information exposure, privilege escalation, and other severe security consequences.
This vulnerability allows unauthorized users to modify data in WordPress projects managed by the WP Project Manager plugin. Specifically, attackers can create milestones, task lists, and tasks, or delete tasks in any project without being authenticated.
This vulnerability is a problem because it allows malicious actors to access and alter sensitive project data without permission, potentially disrupting project workflow, causing data loss, or leading to unauthorized access to sensitive information.
This vulnerability allows users to access lists of course badges for courses they shouldn't have access to in Moodle.
This vulnerability compromises access control, potentially revealing sensitive information about courses or users who aren't meant to see it, and could lead to unauthorized access or data breaches.
This vulnerability in Moodle allows certain passwords to be bypassed or weakened when restricting access to a lesson activity with a password, specifically when using "magic hash" values.
This vulnerability compromises the security of password-protected lesson activities in Moodle, potentially allowing unauthorized access to sensitive information or restricted areas.
This vulnerability allows users to delete OAuth2-linked accounts that don't belong to them in Moodle.
This vulnerability gives unauthorized access to other users' accounts, which can lead to data tampering, unauthorized access to sensitive information, and potential security breaches.
This vulnerability in Moodle allows users to access information they don't have permission to see by exploiting a flaw in dynamic tables.
This vulnerability can lead to unauthorized data disclosure, as users can retrieve sensitive information they shouldn't have access to, potentially causing data breaches or other security issues.
This vulnerability allows attackers with Contributor-level access or higher to inject malicious scripts into WordPress pages using the Getwid – Gutenberg Blocks plugin, affecting versions up to 2.0.12.
This vulnerability enables attackers to inject arbitrary web scripts that will execute whenever a user accesses an injected page, potentially leading to hacking, data theft, or other malicious activities.
This vulnerability allows an attacker to execute arbitrary code on an Android device by exploiting a flaw in the Car App Android Jetpack Library's deserialization logic, which can construct arbitrary Java classes.
This vulnerability can lead to arbitrary code execution, giving an attacker control over the device and allowing them to access sensitive information or perform malicious actions.