CVE Catalog

A critical SQL injection vulnerability has been identified in Needyamin Library Card System version 1.0. The issue arises in the admin.php file within the Login component, where the application fails to properly sanitize the email and password input, allowing for malicious SQL code to be executed. This vulnerability can be exploited remotely, potentially leading to unauthorized access and manipulation of the application's database.

A floating-point exception vulnerability has been identified in the Bento4 media processing library, specifically within the 'mp42hevc' component. This vulnerability arises in the 'AP4_TfraAtom::AP4_TfraAtom' function, where improper handling of data can lead to a floating-point exception, potentially causing a denial-of-service condition.

A buffer overflow vulnerability has been identified in Bento4's mp42avc application, specifically in the commit related to this issue. This vulnerability allows a local attacker to execute arbitrary code by exploiting the AP4_MemoryByteStream::WritePartial function. The issue arises from improper handling of data, leading to memory corruption that can be manipulated to execute malicious code.

A buffer overflow vulnerability has been identified in Bento4's mp42avc application, specifically in the commit related to this issue. This vulnerability allows a local attacker to execute arbitrary code by exploiting the AP4_File::ParseStream function and related stream parsing functions. The issue arises from improper handling of data streams, leading to memory corruption that can be manipulated to execute malicious code.

A vulnerability exists in Safety Production Process Management System version 1.0, allowing remote attackers to escalate privileges, execute arbitrary code, and access sensitive information. This issue arises from inadequate password handling, as the application improperly validates the password and account number parameters.

A vulnerability allowing LDAP injection has been identified in Teedy versions 1.9 to 1.12, when LDAP connection is enabled. The issue arises from inadequate sanitization of user input in the username field of the login form. This flaw allows an unauthenticated attacker to manipulate LDAP queries, potentially leading to the creation of arbitrary user accounts and password spraying attacks.

A Cross-Site Request Forgery (CSRF) vulnerability exists in Teedy versions through 1.12, due to inadequate CSRF protection. This flaw allows unauthenticated remote attackers to manipulate users into performing unintended actions, such as altering profile details or modifying application data. While most API requests are susceptible, those involving password changes are not, as passwords cannot be predicted by an attacker. The absence of a 'SameSite' attribute in the session cookie further complicates matters, leaving POST CSRF exploitation reliant on the victim's browser.

A HTML injection vulnerability exists in Celk Sistemas Celk Saude version 3.1.252.1. This vulnerability allows remote attackers to inject arbitrary HTML code through the 'erro' parameter.

A reflected cross-site scripting vulnerability has been identified in Celk Sistemas Celk Saude version 3.1.252.1. This vulnerability allows remote attackers to inject arbitrary JavaScript code via the 'erro' parameter.

A vulnerability exists in the Software AG webMethods Integration Server version 10.15.0 prior to Core_Fix7, specifically on the /WmAdmin/,/invoke/vm.server/login login page. This vulnerability allows remote attackers to access the administration panel and obtain hostname and version information. Exploitation involves sending an arbitrary username and a blank password to the login URI.

A denial-of-service vulnerability has been identified in ISC BIND 9's DNS-over-HTTPS (DoH) implementation. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. The vulnerability allows clients to exhaust a DNS resolver's CPU and memory by flooding it with crafted valid or invalid HTTP/2 traffic. As a result, the server can become overwhelmed, causing high resource usage and disrupting DoH connections for other clients.

A denial-of-service vulnerability has been identified in ISC BIND 9, specifically in versions 9.11.0 prior to 9.11.37, 9.16.0 prior to 9.16.50, 9.18.0 prior to 9.18.32, 9.20.0 prior to 9.20.4, 9.21.0 prior to 9.21.3, as well as in the BIND Supported Preview Edition versions 9.11.3-S1 prior to 9.11.37-S1, 9.16.8-S1 prior to 9.16.50-S1, and 9.18.11-S1 prior to 9.18.32-S1. This vulnerability allows for excessive CPU resource consumption by exploiting zones crafted to generate responses with numerous records in the Additional section. An attacker can send multiple such queries, causing either the authoritative server or an independent resolver to process these queries using disproportionate resources. This exploitation can lead to a significant degradation of server performance, especially for resolvers, and effectively prevent the server from responding to other client queries.

A vulnerability in Kube-Audit-Rest prior to version 1.0.16 allows for the unintentional disclosure of Kubernetes secret values in the audit log. This issue arises when the 'full-elastic-stack' example vector configuration is applied to a real cluster, as it fails to properly redact secret data before it is logged.

A vulnerability exists in the Snowflake Connector for Python, specifically in versions 2.3.7 through 3.13.0, when temporary credential caching is enabled. On Linux systems, the connector caches temporary credentials in a file that is readable by all users. This issue arises when using EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods with temporary credential caching turned on.

A vulnerability exists in the Snowflake Connector for Python, specifically in versions 2.7.12 through 3.13.0, where the OCSP response cache is serialized using pickle. This serialization method can be exploited to achieve local privilege escalation, particularly if an attacker can write to the OCSP response cache file.

A SQL injection vulnerability has been identified in the Snowflake Connector for Python, specifically in the 'snowflake.connector.pandas_tools' module. This issue affects versions 2.2.5 through 3.13.0. The vulnerability arises because a function in the 'pandas_tools' module does not properly sanitize all input arguments, allowing an attacker to inject malicious SQL that is executed within the context of the current session.

A vulnerability exists in the Snowflake Connector for .NET, specifically in versions 2.0.12 through 4.2.0 on Linux and macOS. The issue arises because files downloaded from stages are temporarily stored in a world-readable local directory. This configuration allows unauthorized users on the same machine to access these files during their brief existence. The vulnerability has been addressed in version 4.3.0 of the connector.

A critical deserialization vulnerability has been identified in multiple Aridius OpenCart modules, specifically in the 'News' component, up to version 20240927. This vulnerability arises from the 'loadMore' function, where untrusted data is deserialized without proper validation, leading to PHP object injection. The issue can be exploited remotely without authentication, potentially allowing attackers to write arbitrary files or execute remote code, compromising the affected site.

A command injection vulnerability has been identified in mySCADA myPRO Manager versions prior to 1.3 and myPRO Runtime versions prior to 9.2.1. The issue arises because the application does not properly sanitize POST requests containing email information, allowing attackers to execute arbitrary commands on the affected system.

A command injection vulnerability has been identified in mySCADA myPRO Manager versions prior to 1.3 and myPRO Runtime versions prior to 9.2.1. The issue arises because the application does not properly sanitize POST requests sent to a specific port, allowing attackers to execute arbitrary commands on the affected system.

A stack-based buffer overflow vulnerability has been identified in GNU Binutils versions prior to 2.43. The issue arises in the 'disassemble_bytes' function within 'binutils/objdump.c', where improper handling of the 'buf' argument creates the potential for a stack-based overflow. This vulnerability can be exploited remotely, although the attack's complexity is considered high, requiring user interaction.

A vulnerability allowing the insertion of sensitive information into log files has been identified in ABB FLEXON versions through 9.3.4. This issue may lead to improper disclosure of information via HTTPS access.

A vulnerability exists in ABB FLXEON versions through 9.3.4, due to inadequate session management that fails to properly validate the Origin in WebSockets. This flaw allows unauthorized HTTPS requests to be sent, potentially leading to unauthorized actions or data exposure.

A code injection vulnerability has been identified in GitHub Enterprise Server. This vulnerability allows attackers to inject malicious code into the query selector via the identity property in the message handling function. The injected code can exfiltrate sensitive data by manipulating the DOM, including authentication tokens. To exploit this vulnerability, the victim must be logged into GitHub and interact with a malicious webpage controlled by the attacker, which contains a hidden iframe. This issue affects all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0.

A vulnerability exists in regclient, a Docker and OCI Registry Client written in Go, prior to version 0.7.1. This issue allows a malicious registry to return a different digest for a pinned manifest, potentially leading to undetected manipulation. The vulnerability arises because the client may not properly validate the digest against the registry's response, allowing discrepancies to go unnoticed.

A vulnerability exists in the Snowflake JDBC Driver, specifically in versions 3.6.8 through 3.21.0, that relates to how temporary credentials are cached on Linux systems. When temporary credential caching is enabled and certain authentication methods are used, the driver stores these credentials in a local file with world-readable permissions. This issue could expose sensitive information to other users on the same system.

A vulnerability in the Snowflake JDBC Driver has been identified, allowing for local privilege escalation on Windows systems. This issue arises when the EXTERNALBROWSER authentication method is used. An attacker with write access to a directory in the %PATH% can place a malicious executable that, when executed, escalates privileges to the user running the JDBC Driver. The vulnerability affects Snowflake JDBC Driver versions 3.2.3 through 3.21.0.

A vulnerability exists in the Snowflake Connector for Node.js, specifically in versions 1.12.0 through 2.0.1 on Linux. The issue arises from improper file permission checks for the temporary credential cache. An attacker with write access to the local cache directory could bypass these checks, allowing them to manipulate how temporary credentials are stored and accessed. This flaw is particularly relevant when using the EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods, which cache credentials in a local file.

A vulnerability exists in Akamai Enterprise Application Access (EAA) versions prior to January 17, 2025. This issue allows an admin who knows another tenant's 128-bit connector GUID to execute debug commands on that connector.

A vulnerability in IBM Aspera Faspex versions 5.0.0 to 5.0.10 could allow the unintentional disclosure of sensitive username information. This issue arises from an observable response discrepancy that could be exploited to infer username details.

A vulnerability in IBM Aspera Faspex versions 5.0.0 to 5.0.10 allows privileged users to make system changes without appropriate access controls. This issue stems from improper access management, which could lead to unauthorized modifications within the system.

A vulnerability exists in IBM Aspera Faspex versions 5.0.0 to 5.0.10, where the application does not enforce strong password requirements by default. This oversight makes it easier for attackers to compromise user accounts.

A vulnerability exists in IBM Aspera Faspex versions 5.0.0 to 5.0.10 due to the lack of default strong password requirements. This weakness makes it easier for attackers to compromise user accounts.

A vulnerability exists in the Snowflake PHP PDO Driver, specifically in versions 0.2.0 through 3.0.3. The issue arises when unsupported queries, such as PUT or GET operations on stages, are executed. The driver fails to properly handle the return value of these queries, misinterpreting an error code as the number of returned columns. This oversight leads to a signed-to-unsigned conversion error, causing a PHP runtime error that crashes the application using the driver. Snowflake has addressed this vulnerability in version 3.1.0.

A vulnerability in Twig, a PHP template language, was identified regarding the null coalesce operator (??). In versions 3.16.0 prior to 3.19.0, output escaping was not applied to the expression on the left side of the operator, potentially leading to improper handling of output. This issue has been addressed in Twig version 3.19.0.

A denial-of-service vulnerability has been identified in the password reset interface of RuoYi version 4.8.0. This issue allows attackers with admin privileges to duplicate the login name of any user account, including the admin account. The duplication of the login name prevents the user from logging in, effectively causing a denial-of-service condition.

A vulnerability in RuoYi version 4.8.0 allows authenticated users to escalate privileges by assigning themselves higher-level roles. The issue arises because the role assignment interface fails to properly validate whether the new role has greater privileges than the current one. As a result, users can manipulate their roles to gain unauthorized access to additional functionalities.

A SQL injection vulnerability has been identified in RuoYi version 4.8.0. The issue arises in the monitor online list endpoint, specifically through the orderby parameter. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

An elevation of privilege vulnerability exists in RuoYi version 4.8.0, allowing unauthorized users with system monitoring privileges to view the admin session ID. This exposure can be exploited to impersonate admin users by using a crafted cookie that includes the captured session ID.

A vulnerability exists in the image_picker Android package, specifically in versions 0.8.5+6 through 0.8.12+17. The issue arises because the filenames generated by the image_picker are not properly sanitized, creating a risk when interacting with malicious document providers. This lack of sanitization may enable a user with a harmful document provider to select an image file that could overwrite internal files in the app's cache.

A vulnerability in the file_selector_android package, specifically in versions 0.5.1 through 0.5.1+11, allows malicious document providers to select files that can overwrite internal app cache files. This issue arises because the package fails to properly sanitize file names from document providers, creating a risk for users with malicious providers installed.

A privilege escalation vulnerability has been identified in ManageEngine Applications Manager versions through 174000. The issue arises from incorrect authorization in the 'update user' function, allowing delegated admins to gain unauthorized admin access by modifying user group parameters via the API.

A stored cross-site scripting vulnerability has been identified in the Target Video Easy Publish plugin for WordPress, affecting all versions through 3.8.3. The issue arises from inadequate input sanitization and output escaping on user-supplied attributes within the 'brid_override_yt' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A use-after-free vulnerability has been identified in the DevTools component of Google Chrome. This issue affects versions prior to 132.0.6834.159 and has been classified as medium severity. The vulnerability allows remote attackers to potentially exploit heap corruption by using a specially crafted Chrome extension.

A denial-of-service vulnerability has been identified in Trellix HX versions through 10.0.0. An attacker with access to the HX console can send specially-crafted data that triggers malicious detection. This, in turn, causes the consumer process to parse files with exponential entity expansions, leading to a denial-of-service condition.

A local privilege escalation vulnerability exists in Cloudflare Octorpki versions prior to 1.4.0. The issue arises because Octorpki, when copying files with rsync, improperly uses the '-a' flag, which transfers binaries with the SUID bit set as root. This misconfiguration, combined with another vulnerability that leads Octorpki to process a malicious TAL file, could create a vector for local privilege escalation.

A cross-site scripting (XSS) vulnerability has been identified in Axios versions prior to 1.7.8. The issue arises in the 'lib/helpers/isURLSameOrigin.js' file, where the library improperly uses a DOM method to determine URL origins. This flaw allows unvalidated data to be set as HTML attributes, potentially leading to XSS attacks by executing malicious scripts or code in the user's browser.

A denial-of-service vulnerability has been identified in multiple Moxa switch series, including PT, EDS, ICS, IKS, and SDS. This vulnerability arises from an out-of-bounds write issue caused by inadequate input validation, allowing data to be written beyond the limits of the buffer. Exploitation of this vulnerability can disrupt normal operations by overwriting memory and potentially causing system crashes or reboots. The vulnerability is particularly concerning when the affected switches are exposed to public networks, where attackers could remotely disrupt operations.

A stored cross-site scripting vulnerability has been identified in the Flexible Wishlist for WooCommerce plugin, specifically in versions through 1.2.25. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts into pages. These scripts are executed when users access the compromised pages.

A reflected cross-site scripting vulnerability has been identified in the Competition Form WordPress plugin, affecting versions through 2.0. The issue arises because the plugin fails to properly sanitize and escape a parameter before displaying it on the page. This vulnerability could be exploited against users with high privileges, such as administrators.