CVE Catalog

A vulnerability exists in certain Qualcomm drivers, applications, or SMMU clients that allows for uncontrolled resource consumption. This issue arises when these entities attempt to access global registers through the SMMU, potentially leading to performance degradation or resource exhaustion.

A buffer over-read vulnerability has been identified in various chipsets of Qualcomm Snapdragon products, specifically within the Automotive Autonomy technology area. This vulnerability allows information disclosure while invoking the mailbox read API, potentially leading to unauthorized access to sensitive data.

A buffer over-read vulnerability has been identified in the audio component of certain Qualcomm chipsets. This vulnerability allows for information disclosure by invoking the callback function of the sound model driver from the Audio Digital Signal Processor (ADSP). The issue arises for every valid opcode received from the sound model driver, leading to the unintentional exposure of sensitive information.

A vulnerability has been identified in certain Qualcomm products that allows for information disclosure. This issue arises when processing IOCTL calls related to releasing a trusted virtual machine process or opening a channel without properly initializing the process. As a result, sensitive information may be inadvertently exposed.

A memory corruption vulnerability has been identified in certain Qualcomm products, arising from the handling of frame command IOCTL calls. This issue could potentially be exploited to cause unintended behavior or damage to memory.

A use-after-free vulnerability has been identified in various chipsets of Qualcomm products, including those in the Automotive Software platform based on QNX, Windows WLAN Host, and several chipsets used in mobile and automotive applications. This vulnerability allows memory corruption by improperly managing DMA buffers during IOCTL operations, which could potentially be exploited to cause unauthorized memory access or manipulation.

A memory corruption vulnerability has been identified in certain Qualcomm chipsets within the computer vision component. This issue arises from a lack of input parameter validation for the number of fences in fence frame IOCTL calls, which can lead to memory corruption.

A vulnerability allowing information disclosure has been identified in Qualcomm automotive chipsets. This issue arises when the mailbox write API is invoked with messages larger than the mailbox size, leading to unintended information exposure.

A buffer overflow vulnerability has been identified in various chipsets of Qualcomm products, including those in the Snapdragon 8 Gen 3 Mobile Platform and several Windows WLAN Host chipsets. This vulnerability allows for memory corruption by processing IPA statistics when no active clients are registered, potentially leading to unauthorized memory access or manipulation.

A SQL injection vulnerability has been identified in the Email Subscribers by Icegram Express WordPress plugin, affecting versions prior to 5.7.44. The issue arises because the plugin fails to properly sanitize and escape a parameter before incorporating it into a SQL statement. This oversight enables administrators to execute SQL injection attacks.

A stored cross-site scripting vulnerability has been identified in the Icegram Engage WordPress plugin, affecting versions prior to 3.1.32. The issue arises because the plugin fails to properly sanitize and escape certain campaign settings, potentially allowing users with author privileges and above to inject malicious scripts that are stored and executed later.

A stored cross-site scripting vulnerability has been identified in the Pods WordPress plugin, affecting versions prior to 3.2.8.1. The issue arises because the plugin fails to properly sanitize and escape certain settings. This flaw enables high-privilege users, such as administrators, to execute stored cross-site scripting attacks, even in environments where the unfiltered_html capability is restricted, such as multisite setups.

A cross-site scripting (XSS) vulnerability has been identified in the Tourmaster WordPress plugin, affecting versions prior to 5.3.4. The issue arises because the plugin fails to properly sanitize and escape certain parameters before displaying them on the page. This oversight could enable unauthenticated users to execute XSS attacks.

A critical out-of-bounds write vulnerability has been identified in the Modem component of various MediaTek chipsets. This issue arises from a missing bounds check, which could allow remote code execution. The vulnerability can be exploited if a user equipment (UE) connects to a rogue base station controlled by an attacker. Notably, no additional execution privileges are required for exploitation, and user interaction is not needed.

A vulnerability exists in the WLAN STA driver that allows a client to be deceived into connecting to an access point (AP) with a fake SSID. This could result in remote information disclosure without requiring additional execution privileges. Exploitation does not need user interaction.

A vulnerability has been identified in the MediaTek WLAN Station (STA) driver, where improper exception handling creates a reachable assertion. This issue could lead to a local denial-of-service condition, but only if the attacker has already gained system privileges. Exploitation does not require user interaction.

A vulnerability has been identified in the Modem component of certain MediaTek chipsets, where an out-of-bounds write can occur due to an improper bounds check. This vulnerability could lead to local escalation of privileges, but requires that the attacker has already obtained System privileges. The issue can be exploited without user interaction.

A logic error in the Modem component of various MediaTek chipsets can cause a system crash, leading to a remote denial-of-service condition. This vulnerability does not require additional execution privileges or user interaction for exploitation.

A denial-of-service vulnerability has been identified in the MediaTek Modem component, affecting various chipsets. The issue arises from improper input validation, which can lead to a system crash. This vulnerability can be exploited remotely without requiring additional execution privileges or user interaction.

A vulnerability exists in the WLAN Station (STA) firmware of certain MediaTek chipsets, where improper input validation can lead to an out-of-bounds write. This vulnerability could be exploited to execute code remotely (or from an adjacent position) without requiring additional execution privileges. Exploitation does not need user interaction.

A vulnerability has been identified in the MediaTek WLAN STA driver, where improper input validation creates a potential out-of-bounds write condition. This vulnerability could be exploited to execute code remotely (or from a proximal/adjacent position) without requiring additional execution privileges. Notably, user interaction is not necessary for exploitation. The issue affects various chipsets, including MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, and MT8893. The vulnerability is present in the Android operating system versions 13.0, 14.0, and 15.0, as well as in the Yocto versions 3.3, 4.0, and 5.0.

A vulnerability exists in MediaTek's V6 DA due to a missing bounds check, allowing for a possible out-of-bounds write. This issue could lead to local escalation of privilege, but requires physical access to the device and user interaction for exploitation.

A vulnerability exists in MediaTek's V6 DA due to a missing bounds check, allowing for a possible out-of-bounds write. This issue could lead to local escalation of privileges, but requires physical access to the device and user interaction for exploitation.

A vulnerability exists in MediaTek's V6 DA due to a missing bounds check, allowing for a possible out-of-bounds write. This issue could lead to local escalation of privilege, but requires physical access to the device and user interaction for exploitation.

A vulnerability has been identified in the power component of certain MediaTek chipsets, where a missing bounds check could lead to an out-of-bounds write. This vulnerability allows for local escalation of privilege, but requires that the attacker has already obtained System privileges. The issue does not require user interaction to exploit.

A vulnerability allowing local escalation of privilege has been identified in the m4u component of certain MediaTek chipsets. This issue arises from a possible out-of-bounds write caused by a missing bounds check, which could be exploited if a malicious actor has already gained System privileges. The vulnerability does not require user interaction for exploitation. Affected chipsets include MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8673, and MT8768. The vulnerability affects several different software versions, including Android 12.0, 13.0, 14.0, and 15.0.

A critical vulnerability allowing unrestricted file uploads has been identified in Zhenfeng13 My-Blog version 1.0. The issue resides in the upload function of the uploadController.java file, where uploaded files are not properly restricted. This flaw enables remote attackers to upload potentially malicious files, such as JSP web shells, which could be executed on the server.

A critical vulnerability allowing unrestricted file uploads has been identified in Zhenfeng13 My-Blog version 1.0. The issue arises in the 'uploadFileByEditomd' function within 'src/main/java/com/site/blog/my/core/controller/admin/BlogController.java'. This vulnerability can be exploited remotely by manipulating the 'editormd-image-file' argument, potentially leading to the upload of malicious files such as JSP web shells.

A cross-site scripting (XSS) vulnerability has been identified in ZeroWdd Studentmanager version 1.0. The issue arises in the 'submitAddPermission' function within the 'PermissionController.java' file. The vulnerability allows for the injection of malicious scripts through the 'url' parameter, which is not properly sanitized before being processed. This flaw can be exploited remotely, and there is a possibility that other parameters may also be affected.

A critical SQL injection vulnerability has been identified in Codezips Project Management System version 1.0. The issue resides in the file '/pages/forms/course.php', specifically within the 'course_name' parameter. This vulnerability allows remote attackers to inject malicious SQL queries, potentially leading to unauthorized database access, sensitive data leakage, data manipulation or deletion, and in some cases, system control or service interruption. The vulnerability does not require authentication, which adds to its severity.

A cross-site scripting (XSS) vulnerability has been identified in ZeroWdd Studentmanager version 1.0. The issue arises in the 'submitAddRole' function within the 'RoleController' file, where the input parameter 'name' is not properly sanitized. This lack of input validation allows for the injection of malicious scripts, which can be executed in the context of the user's browser. The vulnerability can be exploited remotely.

A critical SQL injection vulnerability has been identified in Codezips Blood Bank Management System version 1.0. The issue resides in the '/successadmin.php' file, where the 'psw' parameter is manipulated to inject malicious SQL queries. This vulnerability can be exploited remotely, allowing attackers to gain unauthorized access to the database, leak sensitive data, tamper with information, and potentially disrupt services.

A critical SQL injection vulnerability has been identified in Codezips Gym Management System version 1.0. The issue resides in the 'm_id' parameter of the '/dashboard/admin/submit_payments.php' file. This vulnerability allows remote attackers to inject arbitrary SQL code, potentially leading to unauthorized database access, data manipulation, and full system compromise.

A critical SQL injection vulnerability has been identified in Code-Projects Responsive Hotel Site version 1.0. The issue arises in an unknown function within the file /admin/print.php, where the 'pid' parameter is not properly sanitized or parameterized. This lack of input validation allows attackers to inject malicious SQL code, potentially manipulating database queries. The vulnerability can be exploited remotely, and the details of the exploit have been made public.

A critical SQL injection vulnerability has been identified in Code-Projects Travel Management System version 1.0. The issue arises in the file 'enquiry.php', where the 'pid' parameter and several other parameters ('t1' through 't7') are processed without proper sanitization or parameterization. This lack of input validation allows attackers to inject malicious SQL code, potentially manipulating database queries to extract sensitive information. The vulnerability can be exploited remotely.

A cross-site scripting vulnerability has been identified in the Local Storage Todo App version 1.0, created by Code-Projects. The issue arises in the file '/js-todo-app/index.html', where the 'Add' argument can be manipulated to execute malicious scripts. This vulnerability can be exploited remotely and has been publicly disclosed.

A vulnerability allowing information disclosure has been identified in several Provision-ISR products, including the SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) models, and the NVR5-8200PX, all versions prior to December 20, 2024. The issue arises from an unknown functionality in the file '/server.js', which can be exploited remotely.

A null pointer dereference vulnerability has been identified in IObit Protected Folder versions through 13.6.0.5. The issue arises in the IOCTL Handler component, specifically within the IURegistryFilter.sys library, and is triggered by certain function calls. This vulnerability requires local access to exploit and can lead to application crashes or unexpected exits.

A null pointer dereference vulnerability has been identified in IObit Protected Folder versions prior to 13.6.0.5. The issue arises in the IOCTL Handler component, specifically within the IUProcessFilter.sys library, where certain function calls can be manipulated to cause a null pointer dereference. This vulnerability requires local exploitation.

A null pointer dereference vulnerability has been identified in IOBit Protected Folder versions through 1.3.0. This issue arises in the IOCTL Handler component, specifically within the function 0x22200c of the pffilter.sys library. The vulnerability allows for a local denial-of-service condition. Although the vendor was notified about this issue, there has been no response.

A stored cross-site scripting vulnerability has been identified in osuuu LightPicture versions through 1.2.2. The issue resides in the SVG file upload feature of the API, where the application fails to properly sanitize uploaded SVG files. This lack of validation allows for the execution of embedded JavaScript in the context of the user's browser when the image is viewed. The vulnerability can be exploited remotely by uploading a maliciously crafted SVG file via the upload API.

A cross-site scripting (XSS) vulnerability has been identified in the Trimble SPS851 device running version 488.01. The issue arises in the Ethernet Configuration Menu, where the Hostname field can be manipulated to inject a reflected XSS payload. This vulnerability can be exploited remotely. When the injected payload is submitted, it triggers a pop-up containing session information, indicating successful execution of the script.

A cross-site scripting (XSS) vulnerability has been identified in Emlog Pro versions through 2.4.3. The issue arises in the cover image upload feature within the file '/admin/article.php?action=upload_cover'. The vulnerability allows remote attackers to upload SVG files containing malicious XML, which is not properly sanitized before being processed.

A critical server-side request forgery (SSRF) vulnerability has been identified in Wangl1989 MySiteForMe version 1.0. The issue arises in the 'doContent' function of the 'FileController' Java file, where the 'content' argument is not properly validated. This lack of filtering allows remote attackers to manipulate requests, potentially leading to unauthorized access to internal resources or services.

A critical vulnerability allowing arbitrary file upload has been identified in Wangl1989 MySiteForMe version 1.0. The issue resides in the LocalUploadServiceImpl file, where the upload function fails to properly validate file types. This flaw enables remote attackers to upload malicious JSP or HTML files, potentially leading to the execution of harmful scripts on the server.

A cross-site scripting (XSS) vulnerability has been identified in Wangl1989 MySiteForMe version 1.0. The issue arises in the RestResponse function of the SiteController file, where incoming data is not properly sanitized, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely.

A critical vulnerability allowing remote command execution has been identified in Wangl1989 MySiteForMe version 1.0. The issue arises in the 'rememberMeManager' function within 'src/main/java/com/mysiteforme/admin/config/ShiroConfig.java', where improper handling of data leads to deserialization vulnerabilities.

A reflected cross-site scripting vulnerability has been identified in Emlog Pro version 2.4.3. The issue resides in the admin/twitter.php file, within the Subpage Handler component. This vulnerability allows remote attackers to inject malicious JavaScript into the URL, which is then executed in the context of the user's browser.

A critical vulnerability allowing unrestricted file uploads has been identified in ZeroWdd Studentmanager version 1.0. The issue resides in the TeacherController, specifically within the addTeacher and editTeacher functions. This vulnerability allows the upload of files with dangerous extensions, such as JSP and HTML, which can be processed by the application. Although the uploaded files are initially inaccessible and require a system restart to be accessed, this flaw could still be exploited remotely.

A cross-site scripting vulnerability has been identified in the Trimble SPS851 receiver, specifically in version 488.01. The issue arises within the Receiver Status Identity Tab, where the 'System Name' argument can be manipulated to execute malicious scripts. This vulnerability can be exploited remotely.