| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue. |
| A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks. |
| Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via Code Injection (CAPEC-242). This requires an authenticated user who has the workflowsManagement:executeWorkflow privilege. |
| Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileged user can extract sensitive information including database credentials, into the email body via template evaluation. This issue has been fixed in versions 0.57.13 and 0.58.7. To workaround this issue, users can disable notifications in their Metabase instance to disallow access to the vulnerable endpoints. |
| A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier |
| A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier |
| A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier |
| A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier |
| A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier |
| A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier |
| A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: This vulnerability was partially mitigated in versions 3.9.4 and 3.9.6. |
| A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the argument img leads to server-side request forgery. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2. |
| A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the argument sortField/sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2. |
| Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files (bypassing the protections of the escapeHTML parameter). As certain events fire without any additional user interaction, visiting a standalone viewer URL that points to a malicious config file — without additional user interaction — is sufficient to trigger the vulnerability and execute arbitrary JavaScript code, which can, for example, replace the contents of the page with arbitrary content and make it appear to be hosted by the website hosting the standalone viewer HTML file. This issue has been fixed in version 2.5.7. To workaround, setting the Content-Security-Policy header to script-src-attr 'none' will block execution of inline event handlers, mitigating this vulnerability. Don't host pannellum.htm on a domain that shares cookies with user authentication to mitigate XSS risk. |
| A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
| Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories. |
| A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can lead to inefficient regular expression complexity. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5fb0a8a318a2ed87f4022a1f56e742424ba94052. A patch should be applied to remediate this issue. |
