Show filters
2,285 Total Results
Displaying 121-130 of 2,285
Sort by:
Attacker Value
Unknown

CVE-2024-5624

Disclosure Date: August 29, 2024 (last updated February 26, 2025)
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session
Attacker Value
Unknown

CVE-2024-5623

Disclosure Date: August 29, 2024 (last updated February 26, 2025)
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
Attacker Value
Unknown

CVE-2024-5622

Disclosure Date: August 29, 2024 (last updated February 26, 2025)
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
Attacker Value
Unknown

CVE-2024-7885

Disclosure Date: August 21, 2024 (last updated February 26, 2025)
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Attacker Value
Unknown

CVE-2023-4730

Disclosure Date: August 17, 2024 (last updated February 26, 2025)
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts.
0
Attacker Value
Unknown

CVE-2024-40705

Disclosure Date: August 15, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.
Attacker Value
Unknown

CVE-2024-40704

Disclosure Date: August 15, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.
Attacker Value
Unknown

CVE-2024-41727

Disclosure Date: August 14, 2024 (last updated February 26, 2025)
In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attacker Value
Unknown

CVE-2024-41723

Disclosure Date: August 14, 2024 (last updated February 26, 2025)
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attacker Value
Unknown

CVE-2024-41164

Disclosure Date: August 14, 2024 (last updated February 26, 2025)
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.