Topics

Sort by:
Attacker Value
Low

CVE-2016-7103

Disclosure Date: March 15, 2017 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Attacker Value
Moderate

CVE-2024-21413

Disclosure Date: February 13, 2024 (last updated February 24, 2024)
Microsoft Outlook Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-2022-31791

Disclosure Date: September 06, 2022 (last updated October 08, 2023)
WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Attacker Value
Very High

CVE-2022-26318

Disclosure Date: March 04, 2022 (last updated October 07, 2023)
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Attacker Value
Moderate

CVE-2024-27199

Disclosure Date: March 04, 2024 (last updated March 05, 2024)
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
2
Attacker Value
Very High

CVE-2024-27198

Disclosure Date: March 04, 2024 (last updated March 06, 2024)
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Attacker Value
High

CVE-2024-23334

Disclosure Date: January 29, 2024 (last updated February 06, 2024)
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Attacker Value
Unknown

CVE-2024-21423

Disclosure Date: February 23, 2024 (last updated February 24, 2024)
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Attacker Value
Very High

CVE-2023-47218

Disclosure Date: February 13, 2024 (last updated February 13, 2024)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
2
Attacker Value
Low

CVE-2024-1548

Disclosure Date: February 20, 2024 (last updated February 21, 2024)
A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
1