| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions. |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. |
| IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques. |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. |
| A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. A patch should be applied to remediate this issue. |
| An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request. |
| An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts. |
| IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. |
| A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges. |
| An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software. |
| The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. |
| Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information. |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component. |
| Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. |
| Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. |
