Export limit exceeded: 337711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337711 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0199 | 1 Gnu | 1 Glibc | 2024-11-20 | 9.8 Critical |
| manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. | ||||
| CVE-2024-9356 | 1 Yotpo | 1 Yotpo | 2024-11-20 | 6.1 Medium |
| The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2021-3741 | 1 Chatwoot | 1 Chatwoot | 2024-11-20 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks. | ||||
| CVE-2021-3841 | 1 Sylius | 1 Sylius | 2024-11-20 | 5.4 Medium |
| sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser. | ||||
| CVE-2021-3988 | 1 Janeczku | 1 Calibre-web | 2024-11-20 | 6.1 Medium |
| A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event. | ||||
| CVE-2023-0737 | 1 Wallabag | 1 Wallabag | 2024-11-20 | 6.5 Medium |
| wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4. | ||||
| CVE-2024-33014 | 1 Qualcomm | 653 315 5g Iot Modem, 315 5g Iot Modem Firmware, 860 Mobile Platform and 650 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing ESP IE from beacon/probe response frame. | ||||
| CVE-2024-52714 | 1 Tenda | 3 Ac6, Ac6 Firmware, Ac6v2.0 Firmware | 2024-11-20 | 8.1 High |
| Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. | ||||
| CVE-2024-33015 | 1 Qualcomm | 393 Ar8035, Ar8035 Firmware, Csr8811 and 390 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. | ||||
| CVE-2024-33025 | 1 Qualcomm | 340 Csr8811, Csr8811 Firmware, Fastconnect 6800 and 337 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | ||||
| CVE-2024-33024 | 1 Qualcomm | 364 Ar8035, Ar8035 Firmware, Csr8811 and 361 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. | ||||
| CVE-2024-33018 | 1 Qualcomm | 303 Ar8035, Ar8035 Firmware, Csr8811 and 300 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. | ||||
| CVE-2024-33026 | 1 Qualcomm | 332 Ar8035, Ar8035 Firmware, Csr8811 and 329 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. | ||||
| CVE-2024-33023 | 1 Qualcomm | 317 Ar8035, Ar8035 Firmware, Csra6620 and 314 more | 2024-11-20 | 8.4 High |
| Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. | ||||
| CVE-2024-33022 | 1 Qualcomm | 251 Ar8035, Ar8035 Firmware, Csra6620 and 248 more | 2024-11-20 | 8.4 High |
| Memory corruption while allocating memory in HGSL driver. | ||||
| CVE-2024-33021 | 1 Qualcomm | 279 Ar8035, Ar8035 Firmware, Csra6620 and 276 more | 2024-11-20 | 8.4 High |
| Memory corruption while processing IOCTL call to set metainfo. | ||||
| CVE-2024-33020 | 1 Qualcomm | 198 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 195 more | 2024-11-20 | 7.5 High |
| Transient DOS while processing TID-to-link mapping IE elements. | ||||
| CVE-2024-33019 | 1 Qualcomm | 299 Ar8035, Ar8035 Firmware, Csr8811 and 296 more | 2024-11-20 | 7.5 High |
| Transient DOS while parsing the received TID-to-link mapping action frame. | ||||
| CVE-2024-11081 | 2024-11-20 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-52613 | 1 Justdan96 | 1 Tsmuxer | 2024-11-20 | 5.5 Medium |
| A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file. | ||||