Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-25260 1 Stimulsoft 1 Designer 2025-02-19 7.5 High
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
CVE-2023-20860 2 Redhat, Vmware 9 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 6 more 2025-02-19 7.5 High
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
CVE-2022-48356 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.
CVE-2022-48347 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48346 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-46415 1 Dji 2 Spark, Spark Firmware 2025-02-19 9.1 Critical
DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.
CVE-2022-46387 2 Cmder, Maximus5 2 Cmder, Conemu 2025-02-19 9.8 Critical
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
CVE-2022-24972 1 Tp-link 2 Tl-wr940n, Tl-wr940n Firmware 2025-02-19 6.5 Medium
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.
CVE-2023-24366 1 Rconfig 1 Rconfig 2025-02-19 6.5 Medium
An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request.
CVE-2019-8963 1 Flexera 1 Flexnet Publisher 2025-02-19 7.5 High
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.
CVE-2024-9946 1 Heateor 1 Super Socializer 2025-02-19 8.1 High
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68.
CVE-2022-48359 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48357 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.
CVE-2022-47924 1 Csaf-validator-lib Project 1 Csaf-validator-lib 2025-02-19 6.5 Medium
An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation.
CVE-2023-28597 2 Microsoft, Zoom 4 Windows, Rooms, Virtual Desktop Infrastructure and 1 more 2025-02-19 8.3 High
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
CVE-2023-26549 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-25261 1 Stimulsoft 2 Designer, Viewer 2025-02-19 9.8 Critical
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.
CVE-2020-8889 1 Shipstation 1 Shipstation 2025-02-19 7.5 High
The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.
CVE-2025-24373 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2025-02-19 6.5 Medium
woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to "guest." and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-25661 1 Google 1 Tensorflow 2025-02-19 6.5 Medium
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.