8.8
CVE-2024-0637 - Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateDirectory func…
4.5
CVE-2024-3165 - Database Credential Exposure in the Logs
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) Insecure Design OWASP …
4.5
CVE-2024-3164 -
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenan…
9.8
CVE-2023-51573 - Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypas…
Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerab…
9.8
CVE-2023-51572 - Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerabili…
Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The …
7.5
CVE-2023-51571 - Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerabi…
9.8
CVE-2023-51570 - Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The sp…
6.5
CVE-2024-3135 - Cross-Site Request Forgery (CSRF) Vulnerability in mudler/localai
A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers …
6.2
CVE-2024-28232 - Username Enumeration in CasaOS via bypass of CVE-2024-24766
Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that ve…
6.3
CVE-2024-3131 - SourceCodester Computer Laboratory Management System sql injection
A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated r…