Export limit exceeded: 337694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337694 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11086 | 2024-11-20 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-47533 | 1 Cobbler Project | 1 Cobbler | 2024-11-19 | 9.8 Critical |
| Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue. | ||||
| CVE-2024-48293 | 1 Quickheal Antivirus Pro | 1 Quickheal Antivirus Pro | 2024-11-19 | 6.5 Medium |
| Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. | ||||
| CVE-2024-48294 | 1 Wondershare Pdf Reader | 1 Wondershare Pdf Reader | 2024-11-19 | 5.5 Medium |
| A NULL pointer dereference in the component libPdfCore.dll of Wondershare PDF Reader v1.0.9.2544 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||||
| CVE-2024-48292 | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2024-11-19 | 8.8 High |
| An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. | ||||
| CVE-2024-10390 | 2024-11-19 | 6.4 Medium | ||
| The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-52587 | 1 Step Security | 1 Harden Runner | 2024-11-19 | 8.8 High |
| StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of harden-runner as the first step in a job, the likelihood of exploitation is low as the Harden-Runner action reads the environment variable during the pre-step stage. There are no known exploits at this time. Version 2.10.2 contains a patch. | ||||
| CVE-2024-50804 | 1 Micro-star International | 1 Msi Center Pro | 2024-11-19 | 7.8 High |
| Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder | ||||
| CVE-2024-51643 | 2024-11-19 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajan Agaskar Amazon Associate Filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through 0.4. | ||||
| CVE-2024-51053 | 1 Avscms | 1 Avscms | 2024-11-19 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-50517 | 2024-11-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SlovenskoIT a.s. ID-SK Toolkit allows Stored XSS.This issue affects ID-SK Toolkit: from n/a through 1.7.2. | ||||
| CVE-2024-50547 | 2024-11-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themedy Themedy Toolbox allows DOM-Based XSS.This issue affects Themedy Toolbox: from n/a through 1.0.16. | ||||
| CVE-2024-50542 | 2024-11-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zach Silberstein RLM Elementor Widgets Pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through 1.3.1. | ||||
| CVE-2024-52582 | 1 Containerbuildsystem | 1 Cachi2 | 2024-11-19 | 4.7 Medium |
| Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-50513 | 2024-11-19 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15. | ||||
| CVE-2024-21539 | 1 Eslint | 1 Rewrite | 2024-11-19 | 7.5 High |
| Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability. | ||||
| CVE-2024-11075 | 1 Sick Ag | 1 Incoming Goods Suite | 2024-11-19 | 8.8 High |
| A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system. | ||||
| CVE-2024-51632 | 2024-11-19 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sam Hoe SH Slideshow allows Stored XSS.This issue affects SH Slideshow: from n/a through 4.3. | ||||
| CVE-2024-43338 | 2024-11-19 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.1.2. | ||||
| CVE-2024-52583 | 2024-11-19 | 8.2 High | ||
| The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024. | ||||