Vulnerabilities > Externally Controlled Reference to a Resource in Another Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2024-0728 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foru CMS Project Foru CMS 20200623 A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. | 9.8 |
| 2024-01-10 | CVE-2023-49862 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2024-01-10 | CVE-2023-49863 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2024-01-10 | CVE-2023-49864 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo Devmastercommit15Fed957Fb An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. | 6.5 |
| 2023-12-14 | CVE-2023-6569 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4 External Control of File Name or Path in h2oai/h2o-3 | 8.2 |
| 2023-12-08 | CVE-2023-6618 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Oretnom23 Simple Student Attendance System 1.0 A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. | 8.8 |
| 2023-11-30 | CVE-2023-5247 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mitsubishielectric products Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. | 7.8 |
| 2023-11-27 | CVE-2023-35985 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356 An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. | 8.8 |
| 2023-11-27 | CVE-2023-39542 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356 A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. | 8.8 |
| 2023-11-27 | CVE-2023-40194 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Foxitsoftware Foxit Reader 12.1.3.15356 An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. | 8.8 |