Ugrás a tartalomra

Riasztások

2025. február 24.

NA - CVE-2024-56897 - Improper access control in the HTTP server in...

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to...
security-database.com
Tovább
2025. február 24.

NA - CVE-2025-25460 - A stored Cross-Site Scripting (XSS)...

A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript...
security-database.com
Tovább
2025. február 24.

NA - CVE-2025-26803 - The http parser in Phusion Passenger 6.0.21...

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
security-database.com
Tovább
2025. február 24.

NA - CVE-2025-22495 - An improper input validation vulnerability was...

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability...
security-database.com
Tovább
2025. február 24.

NA - CVE-2025-26200 - SQL injection in SLIMS v.9.6.1 allows a remote...

SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.
security-database.com
Tovább
2025. február 24.

NA - CVE-2025-26201 - Credential disclosure vulnerability via the...

Credential disclosure vulnerability via the /staff route in GreaterWMS
security-database.com
Tovább
2025. február 24.

NA - CVE-2024-54820 - XOne Web Monitor v02.10.2024.530 framework...

XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and...
security-database.com
Tovább
2025. február 24.

NA - CVE-2024-57026 - TawkTo Widget Version

TawkTo Widget Version
security-database.com
Tovább
2025. február 24.

NA - CVE-2025-27112 - Navidrome is an open source web-based music...

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication...
security-database.com
Tovább
2025. február 24.

NA - CVE-2025-27133 - WeGIA is a Web manager for charitable...

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This...
security-database.com
Tovább
Nyelv