Show filters
42 Total Results
Displaying 1-10 of 42
Sort by:
Attacker Value
Unknown

CVE-2024-7130

Disclosure Date: November 21, 2024 (last updated January 05, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kion Computer KION Exchange Programs Software allows Reflected XSS.This issue affects KION Exchange Programs Software: before 1.21.9092.29966.
0
Attacker Value
Unknown

CVE-2024-51829

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Figoli Quinn & Associates Mobile Kiosk allows Stored XSS.This issue affects Mobile Kiosk: from n/a through 1.3.0.
0
Attacker Value
Unknown

CVE-2022-4974

Disclosure Date: October 16, 2024 (last updated October 16, 2024)
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Attacker Value
Unknown

CVE-2024-3461

Disclosure Date: May 14, 2024 (last updated February 13, 2025)
KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.
Attacker Value
Unknown

CVE-2024-3460

Disclosure Date: May 14, 2024 (last updated February 13, 2025)
In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs.  In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window.
Attacker Value
Unknown

CVE-2024-3459

Disclosure Date: May 14, 2024 (last updated February 12, 2025)
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.
Attacker Value
Unknown

CVE-2023-36659

Disclosure Date: September 15, 2023 (last updated October 08, 2023)
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).
Attacker Value
Unknown

CVE-2023-36657

Disclosure Date: September 15, 2023 (last updated October 08, 2023)
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.
Attacker Value
Unknown

CVE-2023-36658

Disclosure Date: September 15, 2023 (last updated October 08, 2023)
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.
Attacker Value
Unknown

CVE-2023-3635

Disclosure Date: July 12, 2023 (last updated October 26, 2023)
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.