Total
1295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3018 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-04-11 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2903 | 1 Nfine | 1 Nfine Rapid Development Platform | 2024-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-1557 | 1 E-commerce System Project | 1 E-commerce System | 2024-04-11 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to improper access controls. The attack may be launched remotely. VDB-223550 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1491 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-04-11 | 3.2 LOW | 5.5 MEDIUM |
| A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability. | |||||
| CVE-2023-1490 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-04-11 | 3.2 LOW | 5.5 MEDIUM |
| A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376. | |||||
| CVE-2023-1489 | 1 Wisecleaner | 1 Wise System Monitor | 2024-04-11 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is the function 0x9C402088 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375. | |||||
| CVE-2023-1486 | 1 Wisecleaner | 1 Wise Force Deleter | 2024-04-11 | 3.2 LOW | 7.1 HIGH |
| A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223372. | |||||
| CVE-2023-1453 | 1 Watchdog | 1 Anti-virus | 2024-04-11 | 3.2 LOW | 7.1 HIGH |
| A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1432 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. VDB-223214 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1007 | 1 Filseclab | 1 Twister Antivirus | 2024-04-11 | 4.3 MEDIUM | 7.8 HIGH |
| A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740. | |||||
| CVE-2023-0998 | 1 Alphaware Simple E-commerce System Project | 1 Alphaware Simple E-commerce System | 2024-04-11 | 6.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability. | |||||
| CVE-2023-0963 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2024-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability. | |||||
| CVE-2022-1958 | 1 Filecloud | 1 Filecloud | 2024-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960. | |||||
| CVE-2019-25157 | 1 Ethex | 1 Ethex Contracts | 2024-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271. | |||||
| CVE-2015-10057 | 1 Little-apps | 1 Little Software Stats | 2024-04-11 | 4.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability. | |||||
| CVE-2014-125054 | 1 Reddit-on-rails Project | 1 Reddit-on-rails | 2024-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-2731 | 2024-04-10 | N/A | 5.4 MEDIUM | ||
| Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. | |||||
| CVE-2024-2217 | 2024-04-10 | N/A | 7.5 HIGH | ||
| gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication. | |||||
| CVE-2024-29055 | 2024-04-10 | N/A | 7.2 HIGH | ||
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
| CVE-2024-29990 | 2024-04-10 | N/A | 9.0 CRITICAL | ||
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||||