| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. |
| lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource- intensive. Therefore, if an attacker sets the p2c parameter in JWE to a very large number, it can cause a lot of computational consumption, resulting in a denial of service. This vulnerability has been addressed in commit `64f2a229b` which has been included in release version 1.2.27 and 2.0.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. |
| Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. |
| Netwrix Password Secure 9.2.0.32454 allows OS command injection. |
| Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls. |
| An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link. |
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. |
| Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. |
| In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible |
| In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible |