Export limit exceeded: 336063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336063 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10018 | 1 Tecno | 1 Com.transsion.aivoiceassistant | 2024-10-16 | 9.8 Critical |
| Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. | ||||
| CVE-2021-4443 | 1 Quadlayers | 1 Wordpress Mega Menu-quadmenu | 2024-10-16 | 9.8 Critical |
| The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. | ||||
| CVE-2024-38399 | 1 Qualcomm | 80 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 77 more | 2024-10-16 | 8.4 High |
| Memory corruption while processing user packets to generate page faults. | ||||
| CVE-2024-47194 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | 6.7 Medium |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. | ||||
| CVE-2024-47195 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | 6.7 Medium |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. | ||||
| CVE-2020-36837 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-10-16 | 9.9 Critical |
| The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator. | ||||
| CVE-2020-36832 | 1 Wpindeed | 1 Ultimate Membership Pro | 2024-10-16 | 9.8 Critical |
| The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID. | ||||
| CVE-2024-8422 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-10-16 | 7.8 High |
| CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. | ||||
| CVE-2024-8215 | 2 Payara, Payara Platform | 2 Payara, Payara Server | 2024-10-16 | 8.4 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. | ||||
| CVE-2024-9105 | 1 Tophive | 1 Ultimate Ai | 2024-10-16 | 9.8 Critical |
| The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2024-47559 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 7.6 High |
| Authenticated RCE via Path Traversal | ||||
| CVE-2024-47558 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 7.6 High |
| Authenticated RCE via Path Traversal | ||||
| CVE-2024-45382 | 1 Openatom | 1 Openharmony | 2024-10-16 | 3.3 Low |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. | ||||
| CVE-2024-43697 | 1 Openatom | 1 Openharmony | 2024-10-16 | 3.3 Low |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input. | ||||
| CVE-2024-43696 | 1 Openatom | 1 Openharmony | 2024-10-16 | 3.3 Low |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak. | ||||
| CVE-2024-47556 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 8.3 High |
| Pre-Auth RCE via Path Traversal | ||||
| CVE-2024-38425 | 1 Qualcomm | 48 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 45 more | 2024-10-16 | 6.1 Medium |
| Information disclosure while sending implicit broadcast containing APP launch information. | ||||
| CVE-2024-47557 | 1 Xerox | 1 Freeflow Core | 2024-10-16 | 8.3 High |
| Pre-Auth RCE via Path Traversal | ||||
| CVE-2023-32188 | 1 Neuvector | 1 Neuvector | 2024-10-16 | N/A |
| A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||||
| CVE-2023-32192 | 1 Kubernetes | 1 Apiserver | 2024-10-16 | 8.3 High |
| A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser | ||||