Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-01-29
Updated
2024-02-05
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.
Max CVSS
6.3
EPSS Score
0.04%
Published
2024-02-13
Updated
2024-02-13
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.
Max CVSS
6.3
EPSS Score
0.04%
Published
2024-02-13
Updated
2024-02-13
Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments.
Max CVSS
4.4
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
Max CVSS
10.0
EPSS Score
0.14%
Published
2024-02-20
Updated
2024-02-20
electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
Max CVSS
7.5
EPSS Score
0.09%
Published
2024-02-20
Updated
2024-02-20
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
Max CVSS
7.5
EPSS Score
0.09%
Published
2024-02-20
Updated
2024-02-20
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
Max CVSS
9.9
EPSS Score
0.05%
Published
2024-02-20
Updated
2024-02-20
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
Max CVSS
10.0
EPSS Score
0.07%
Published
2024-02-20
Updated
2024-02-20
Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-13
Updated
2024-02-13
Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.
Max CVSS
5.8
EPSS Score
0.04%
Published
2024-02-13
Updated
2024-02-27
Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it's installed by triggering the 0x80112067, 0x801120CB and 0x801120CC IOCTL codes of the fildds.sys driver.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-13
Updated
2024-02-27
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-07
Updated
2024-02-13
SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver.
Max CVSS
5.8
EPSS Score
0.04%
Published
2024-01-29
Updated
2024-02-08
IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-01-22
Updated
2024-01-30
Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-01
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
Max CVSS
9.8
EPSS Score
0.10%
Published
2024-01-04
Updated
2024-01-10
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.
Max CVSS
9.8
EPSS Score
0.10%
Published
2024-01-04
Updated
2024-01-10
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.
Max CVSS
9.8
EPSS Score
0.10%
Published
2024-01-04
Updated
2024-01-10
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.
Max CVSS
9.8
EPSS Score
0.10%
Published
2024-01-04
Updated
2024-01-10
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
Max CVSS
9.8
EPSS Score
0.10%
Published
2024-01-04
Updated
2024-01-10
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.
Max CVSS
9.8
EPSS Score
0.10%
Published
2024-01-04
Updated
2024-01-10
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-01-04
Updated
2024-01-10
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database.
Max CVSS
9.8
EPSS Score
0.10%
Published
2024-01-04
Updated
2024-01-10
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
Max CVSS
9.8
EPSS Score
0.10%
Published
2024-01-04
Updated
2024-01-10
306 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!