| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser. |
| Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. |
| This vulnerability affects Firefox < 143.0.3. |
| A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation.
For more information, please refer to section 'Security Update for Armoury Crate App' in the ASUS Security Advisory. |
| An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine. |
| A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. |
| Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. |
| SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information. |
| SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server. |
| Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names. |
| Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses. |
| A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. |
| A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. |
| A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. |
| A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. |
| A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects
Kiloview NDI N30
and was fixed in Firmware version later than 2.02.0246 |
| Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network |
| Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains. |
