| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise. |
| FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as the SQLite user database) to gain administrative access, or to upload malicious scripts to execute arbitrary code. |
| A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process. |
| Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue. |
| A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation. |
| A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. |
| Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network. |
| Windows Cryptographic Services Security Feature Bypass Vulnerability |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. |
| Microsoft SharePoint Remote Code Execution Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Xbox Wireless Adapter Remote Code Execution Vulnerability |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability |
| Windows Enroll Engine Security Feature Bypass Vulnerability |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| Windows Win32k Elevation of Privilege Vulnerability |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability |
