Show filters
309,685 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-36112

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user's `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require…
0
Attacker Value
Unknown

CVE-2024-23580

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values.
0
Attacker Value
Unknown

CVE-2024-23579

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values.
0
Attacker Value
Unknown

CVE-2023-30314

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of service.
0
Attacker Value
Unknown

CVE-2023-30312

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
An issue discovered in routers running Openwrt 18.06, 19.07, 21.02, 22.03 and beyond allows attackers to hijack TCP sessions which could lead to a denial of service.
0
Attacker Value
Unknown

CVE-2024-35548

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
** DISPUTED ** A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
0
Attacker Value
Unknown

CVE-2024-35511

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php.
0
Attacker Value
Unknown

CVE-2024-35240

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
0
Attacker Value
Unknown

CVE-2024-35239

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of the patched versions (13.0.1, 12.2.2, 10.5.3, 8.13.13).
0
Attacker Value
Unknown

CVE-2024-35226

Disclosure Date: May 28, 2024 (last updated May 29, 2024)
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability.
0