Export limit exceeded: 337517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10378 | 1 Esafenet | 1 Cdg | 2024-10-30 | 6.3 Medium |
| A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8421 | 1 Redhat | 1 Openshift Data Foundation | 2024-10-30 | 0.0 Low |
| Red Hat Product Security has come to the conclusion that this CVE is not needed. | ||||
| CVE-2024-44281 | 1 Apple | 1 Macos | 2024-10-30 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a file may lead to disclosure of user information. | ||||
| CVE-2024-44274 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-10-30 | 4.6 Medium |
| The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2024-44262 | 1 Apple | 1 Visionos | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information. | ||||
| CVE-2024-44254 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data. | ||||
| CVE-2024-44239 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-30 | 5.5 Medium |
| An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state. | ||||
| CVE-2024-44235 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-30 | 4.6 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. | ||||
| CVE-2024-44215 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-30 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory. | ||||
| CVE-2024-39205 | 1 Pyload-ng Project | 1 Pyload-ng | 2024-10-30 | 9.8 Critical |
| An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. | ||||
| CVE-2024-27849 | 1 Apple | 1 Macos | 2024-10-30 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information. | ||||
| CVE-2024-45518 | 1 Zimbra | 1 Collaboration | 2024-10-30 | 7.5 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). | ||||
| CVE-2022-23862 | 1 Ysoft | 1 Safeq | 2024-10-30 | 8.4 High |
| A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. | ||||
| CVE-2024-10121 | 2 Radar, Riskengine | 2 Radar, Radar | 2024-10-30 | 7.3 High |
| A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48605 | 1 Helakuru | 1 Helakuru | 2024-10-30 | 7.8 High |
| An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. | ||||
| CVE-2019-25218 | 1 I13websolution | 1 Photo Gallery Slideshow \& Masonry Tiled Gallery | 2024-10-30 | 4.9 Medium |
| The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-49373 | 1 Nofusscomputing | 1 Centurion Erp | 2024-10-30 | 4.1 Medium |
| No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem. | ||||
| CVE-2024-10129 | 2 Hfo4, Shudong-share Project | 2 Shudong-share, Shudong-share | 2024-10-30 | 6.3 Medium |
| A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2016-15042 | 1 Najeebmedia | 3 Frontend File Manager, N-media Post Front-end Form, Post Front-end Form | 2024-10-30 | 9.8 Critical |
| The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | ||||
| CVE-2024-9061 | 1 Themehunk | 1 Wp Popup Builder | 2024-10-30 | 7.3 High |
| The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access. | ||||