CVE Catalog

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue resides in the file '/user/plist.php', where the 'cat' parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, potentially allowing attackers to access sensitive information from the application's database.

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue resides in the file del_product.php, where the id parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially allowing attackers to access sensitive information from the application's database.

A cross-site scripting (XSS) vulnerability has been identified in PhpSpreadsheet, a PHP library for reading and writing spreadsheet files. This issue affects versions 3.6.0, 2.3.4, 2.1.5, and prior to 1.29.7. The vulnerability arises in the HTML writer component, specifically within the 'generateRow' method. It allows an attacker to bypass the library's XSS sanitization by using special characters to manipulate the 'javascript' protocol, creating a hyperlink that executes arbitrary JavaScript in the browser. Exploitation occurs when a user views a specially crafted Excel file that triggers this behavior.

A cross-site scripting (XSS) vulnerability has been identified in PhpSpreadsheet, a PHP library for reading and writing spreadsheet files. This issue affects versions 3.6.0, 2.3.4, 2.1.5, and 1.29.6. The vulnerability arises because the HTML page header is generated without properly sanitizing the hyperlink base, allowing for the execution of arbitrary JavaScript in the browser. The issue is present in the 'Html' writer component, specifically within the 'generateHTMLHeader' method.

A cross-site scripting (XSS) vulnerability has been identified in PhpSpreadsheet, a PHP library for reading and writing spreadsheet files. This issue affects versions 3.6.0, 2.1.5, 2.3.4, and all versions prior to 1.29.7. The vulnerability arises because the library generates HTML pages without properly sanitizing custom properties, allowing attackers to inject malicious JavaScript that could be executed in the context of the user's browser.

A vulnerability allowing integer overflow has been identified in the DXA demuxer of FFmpeg version n6.1.1, within the libavformat library. This overflow could lead to a denial-of-service condition or cause other undefined behavior.

A double-free vulnerability has been identified in FFmpeg version n6.1.1, specifically within the audio stream processing function of the fftools component. The issue arises in the 'new_stream_audio' function, where improper management of memory allocation and deallocation creates the potential for exploitation.

A cross-site scripting (XSS) vulnerability has been identified in the Trix editor, a WYSIWYG rich text editor, in versions prior to 2.1.12. The issue arises when users paste malicious 'javascript:' URLs into the link field, which can execute arbitrary JavaScript within the user's session. This could lead to unauthorized actions or the disclosure of sensitive information.

An arbitrary file deletion vulnerability has been identified in SiYuan Note version 3.1.18. The issue arises in the 'POST /api/history/getDocHistoryContent' endpoint, where an attacker can send a crafted payload to delete arbitrary files on the server. This vulnerability has been patched in version 3.1.19.

A vulnerability exists in Karmada's command-line tool, 'karmadactl', and the 'karmada-operator' component, prior to version 1.12.0. These versions allow users to specify a filesystem path or an HTTP(s) URL to download custom resource definitions (CRDs) as a gzipped tar file. This CRD handling is susceptible to a Tar Slip vulnerability, where an attacker can manipulate the CRD file to write arbitrary files to any location on the filesystem during Karmada initialization. From version 1.12.0 onwards, Karmada includes a verification process for CRD archives to prevent such vulnerabilities. Users can manually inspect CRD files for malicious content before uploading them.

A vulnerability exists in Karmada versions prior to 1.12.0, where pull mode clusters registered with the 'karmadactl register' command are granted excessive privileges. This allows an authenticated attacker to the Karmada cluster as a 'karmada-agent' to gain administrative rights over the entire federation system, including all registered member clusters. The issue arises because the 'karmada-agent' is assigned high-level RBAC permissions that inadvertently allow access to sensitive control plane resources. In Karmada v1.12.0 and later, this vulnerability has been addressed by restricting the permissions of pull mode member clusters, preventing agents from controlling other member clusters.

A reflected cross-site scripting vulnerability has been identified in PhpSpreadsheet versions 3.6.0, 2.3.4, 2.1.5, and prior to 1.29.7. The issue arises in the 'Currency.php' file, where user-controlled input is not properly sanitized, allowing for the injection of malicious scripts. This vulnerability can be exploited by an unauthorized user through the '/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php' script.

A reflected cross-site scripting vulnerability has been identified in PhpSpreadsheet versions 3.6.0, 2.3.4, 2.1.5, and prior to 1.29.7. The issue resides in the Accounting.php file, specifically within the NumberFormat Wizard sample. This vulnerability allows an attacker to inject malicious scripts that are executed in the context of the user's browser.

A reflected cross-site scripting vulnerability has been identified in PhpSpreadsheet versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7. The issue arises in the constructor of the 'Downloader' class, where user-supplied GET parameters are processed without proper sanitization. This vulnerability can be exploited by an unauthorized user through the '/vendor/phpoffice/phpspreadsheet/samples/download.php' script, leading to the execution of arbitrary JavaScript in the victim's browser.

A cross-site scripting (XSS) vulnerability has been identified in the PHPOffice PhpSpreadsheet library, specifically in versions 3.6.0 prior to 3.7.0, 2.1.5, and 2.3.4. The issue arises from a lack of input sanitization in the 'Convert-Online.php' sample file, located within the 'Engineering' folder. This oversight allows attackers to inject malicious JavaScript that is executed in the context of the user's browser.

A vulnerability allowing XML External Entity (XXE) injection has been identified in GoCD, a continuous delivery server, in versions prior to 24.5.0. This issue arises from the ability of 'group admins' to edit raw XML configurations for their groups, which can be exploited to inject malicious XML that the server processes. While this XXE vulnerability could theoretically lead to additional attacks such as Server-Side Request Forgery (SSRF), information disclosure, or directory traversal, these secondary exploits have not been demonstrated as possible.

A vulnerability allowing XML External Entity (XXE) injection has been identified in GoCD, a continuous delivery server. This issue affects GoCD versions 16.7.0 prior to 24.5.0. The vulnerability arises from the ability of GoCD admins to exploit a hidden configuration repository feature, 'pipelines as code', leading to XXE injection on the GoCD Server. The injected XML entities are processed when GoCD scans for pipeline updates, either automatically or at the request of an administrator. While the impact is generally limited, as only GoCD (super) admins can exploit this vulnerability, a malicious admin could potentially cause more significant damage than what XXE injection alone would allow.

A vulnerability in GoCD, a continuous delivery server, exists in versions 18.9.0 prior to 24.5.0. It allows GoCD admins to misuse the backup configuration's 'post-backup script' feature to execute arbitrary scripts on the hosting server or container as the GoCD user, instead of the pre-configured scripts. While this vulnerability could be exploited, its impact is generally limited. In most cases, a GoCD admin already has host administration permissions to manage artifact storage and service-level configurations. However, in environments where host and GoCD admin roles are separated, this vulnerability could lead to unexpected script execution.

A vulnerability allowing admin privilege escalation has been identified in GoCD versions prior to 24.5.0. This issue arises from improper authorization of access to the admin 'Configuration XML' user interface and its related API. As a result, a malicious insider or authenticated GoCD user could exploit this vulnerability to gain access to information reserved for GoCD admins or to permanently elevate their privileges to that of an admin. The vulnerability cannot be exploited before authentication.

A privilege escalation vulnerability has been identified in CodeAstro Complaint Management System version 1.0. The issue arises in the delete_e.php component, where a remote attacker can manipulate the id parameter to delete engineer-level accounts. This exploitation can be carried out without a valid session or any privileges, as the endpoint lacks proper authentication and authorization checks.

A vulnerability in IBM Jazz Foundation versions 7.0.2, 7.0.3, and 7.1.0 could allow remote attackers to access sensitive information. This issue arises when detailed technical error messages are displayed in the browser, potentially exposing information that could be exploited in subsequent attacks against the system.

A vulnerability allowing arbitrary file upload has been identified in WukongCRM-11.0-JAVA versions prior to 11.3.3. This vulnerability exists in the image update component located at /adminUser/updateImg. Attackers can exploit this issue by uploading a crafted file, which could lead to the execution of arbitrary code on the server.

A SQL injection vulnerability has been identified in Silverpeas version 6.4.1, specifically within the Taxonomy module. The issue arises in the 'ViewType' parameter of the 'findByWhereClause' function, where inadequate input validation allows remote attackers to inject malicious SQL payloads. This vulnerability can be exploited using union-based and time-based injection techniques, potentially leading to unauthorized access to sensitive information and disruption of database operations.

A vulnerability exists in IBM Jazz Foundation versions 7.0.2, 7.0.3, and 7.1.0, where password fields are not masked during entry. This oversight could enable a physical user to access sensitive information by observing unprotected passwords as they are typed.

A critical OS command injection vulnerability has been identified in Moxa's cellular routers, secure routers, and network security appliances. This vulnerability arises from improperly restricted commands, allowing attackers to inject special characters and execute arbitrary code on the device. The issue affects several product series, including the EDR-8010, EDR-G9004, EDR-G9010, EDF-G1002-BP, NAT-102, OnCell G4302-LTE4, and TN-4900 series, all running specific firmware versions or earlier.

A vulnerability has been identified in Moxa's cellular routers, secure routers, and network security appliances, allowing authenticated users to escalate privileges and gain root access. This issue arises from hard-coded credentials, posing a significant security risk by enabling unauthorized modifications, data exposure, or service disruption.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the WP Job Portal plugin for WordPress, specifically in versions through 2.2.4. This vulnerability arises from inadequate validation of user-controlled keys, enabling authenticated attackers with Subscriber-level access or higher to create jobs for companies with which they are not affiliated.

An information disclosure vulnerability has been identified in iTerm2 versions 3.5.6 through 3.5.10, prior to 3.5.11. This issue arises in certain it2ssh and SSH Integration configurations, during remote logins to hosts with a common Python installation. The vulnerability allows remote attackers to access sensitive information from terminal commands by reading the /tmp/framer.txt file, which may be exposed to other users on the same host.

A remote code execution vulnerability has been identified in the cellular baseband component of Google Pixel devices. The issue arises from an out-of-bounds write in the function 'cc_SendCcImsInfoIndMsg' within 'cc_MmConManagement.c', due to a missing bounds check. This vulnerability can be exploited without any additional privileges or user interaction.

A vulnerability allowing local elevation of privilege has been identified in Google Pixel devices. This issue arises from a permission bypass caused by a confused deputy in the 'startListeningForDeviceStateChanges' function. Exploitation of this vulnerability does not require additional execution privileges or user interaction.

A vulnerability exists in Google Pixel devices that allows for a biometric bypass, potentially leading to unauthorized privilege escalation. This issue arises from an unusual root cause and can be exploited without requiring additional execution privileges or user interaction.

A vulnerability allowing out-of-bounds read has been identified in the Exynos RIL component of Google Pixel devices. This issue arises from a missing bounds check in the GetCellInfoList() function within protocolnetadapter.cpp. Exploitation of this vulnerability could lead to local information disclosure, although it requires a compromise of the baseband firmware. Notably, no user interaction is needed for exploitation.

A vulnerability allowing local escalation of privilege has been identified in the Exynos video processing component of Google Pixel devices. This issue arises from an out-of-bounds write caused by an improper bounds check, which could be exploited to gain elevated privileges without requiring additional execution rights or user interaction.

A vulnerability allowing local privilege escalation has been identified in the LWIS component of Google Pixel devices. This issue arises from an out-of-bounds write caused by an integer overflow, which could be exploited to gain elevated privileges without requiring additional execution rights or user interaction.

A buffer overflow vulnerability has been identified in the WLAN component of Google Pixel devices, specifically within the 'wbrc_bt_dev_write' function of 'wb_regon_coordinator.c'. This vulnerability allows for a possible out-of-bounds write, which could lead to a local elevation of privilege. Exploitation of this issue requires system execution privileges, but does not need user interaction.

A vulnerability exists in Google Pixel devices that allows for a biometric bypass, potentially leading to unauthorized privilege escalation. This issue arises from an unusual root cause and can be exploited without requiring additional execution privileges or user interaction.

A vulnerability allowing out-of-bounds read in the modem component of Google Pixel devices has been identified. This issue arises from an incorrect bounds check in the function sms_DisplayHexDumpOfPrivacyBuffer within sms_Utilities.c. The flaw could lead to remote information disclosure without requiring additional execution privileges or user interaction for exploitation.

A vulnerability allowing local elevation of privilege has been identified in the LWIS component of Google Pixel devices. This issue arises from a possible out-of-bounds write in the 'prepare_response_locked' function of 'lwis_transaction.c', caused by improper input validation. Exploitation of this vulnerability does not require additional execution privileges or user interaction.

A heap buffer overflow vulnerability has been identified in the lwis component of Google Pixel devices, specifically within the construct_transaction_from_cmd function of lwis_ioctl.c. This vulnerability allows for a possible out-of-bounds write, which could lead to local elevation of privilege. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

A vulnerability exists in Google Android Pixel devices that allows apps to be added to bypass VPN restrictions, due to an undeclared permission. This could lead to a local escalation of privileges, with no additional execution privileges required. Exploitation does not require user interaction.

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue arises in the file '/user/add_cart.php', where the 'id' and 'qty' parameters can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially allowing attackers to access sensitive information from the application's database.

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Online Shop version 1.0. The issue resides in the file '/view.php', where user-supplied input in the '$name' and '$details' parameters is echoed without proper validation. This flaw allows remote attackers to inject malicious scripts, potentially leading to the theft of sensitive client information.

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue resides in the file '/user/search_result2.php', specifically within the Parameter Handler component. The vulnerability allows remote attackers to manipulate the 'search' parameter, injecting malicious SQL that could be executed by the database. This exploitation could lead to unauthorized access or manipulation of sensitive database information.

A logic error in the PackageManagerService's isPackageDeviceAdmin function can cause an edge case that prevents the uninstallation of CloudDpc. This issue allows for local privilege escalation without requiring additional execution privileges or user interaction.

A vulnerability has been identified in the Skia graphics library, specifically within the allocation function used by zlib for decompression. This issue arises from an integer overflow that can lead to an out-of-bounds write. As a result, the vulnerability could be exploited to escalate privileges locally, without requiring any additional execution rights or user interaction.

A heap overflow vulnerability has been identified in the Skia graphics library used by Android. The issue arises in the 'prepare_to_draw_into_mask' function within 'SkBlurMaskFilterImpl.cpp', where improper input validation creates the potential for a heap overflow. This vulnerability could be exploited to execute remote code without requiring additional privileges or user interaction.

A vulnerability in the ClipboardListener component of the Android framework has been identified, which allows for a partial bypass of the lock screen. This issue could lead to unauthorized access to certain functionalities, enabling local escalation of privileges without the need for additional execution rights. Notably, user interaction is not required for exploitation.

A logic error in the Android Framework's App Widget service can lead to a local elevation of privilege. This vulnerability allows a malicious application to avoid unbinding a service from the system, potentially leading to unauthorized access or control. The issue does not require any additional execution privileges or user interaction for exploitation.

A vulnerability has been identified in the Skia graphics library used by Android, specifically within the 'resizeToAtLeast' function of 'SkRegion.cpp'. This issue arises from an integer overflow that leads to a potential out-of-bounds write. Exploitation of this vulnerability could result in local escalation of privileges, with no additional execution privileges required. Notably, user interaction is not necessary for exploitation. The vulnerability affects multiple Android versions, including 12, 12L, 13, 14, and 15.

A vulnerability has been identified in the PowerVR-GPU component of Android devices, specifically within the devicemem_server.c file. This issue arises from a possible out-of-bounds write due to memory corruption, which could lead to a local escalation of privilege. Notably, exploitation of this vulnerability does not require any additional execution privileges or user interaction.