Export limit exceeded: 337615 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337615 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52416 | 1 Eugenbobrowski | 1 Debug Tool | 2024-11-19 | 10 Critical |
| Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2. | ||||
| CVE-2024-52386 | 2024-11-19 | 5.3 Medium | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1. | ||||
| CVE-2024-52414 | 1 Anthony Carbon | 1 Wdes Responsive Mobile Menu | 2024-11-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through 5.3.18. | ||||
| CVE-2024-52413 | 1 Dmc | 1 Airin Blog | 2024-11-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in DMC Airin Blog allows Object Injection.This issue affects Airin Blog: from n/a through 1.6.1. | ||||
| CVE-2024-52306 | 2 Backpackforlaravel, Laravel-backpack | 2 Filemanager, File Manager | 2024-11-19 | 7.7 High |
| FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9. | ||||
| CVE-2024-52412 | 1 Stephen Cui | 1 Xin | 2024-11-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1. | ||||
| CVE-2024-52411 | 1 Flowcraft Ux Design Studio | 1 Advanced Personalization | 2024-11-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Flowcraft UX Design Studio Advanced Personalization allows Object Injection.This issue affects Advanced Personalization: from n/a through 1.1.2. | ||||
| CVE-2024-52410 | 1 Phoenixheart | 1 Referrer Detector | 2024-11-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0. | ||||
| CVE-2022-1884 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2024-11-19 | 10 Critical |
| A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution. | ||||
| CVE-2024-52407 | 1 Codesavory | 1 Basepress Migration Tools | 2024-11-19 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0. | ||||
| CVE-2024-52406 | 1 Wibergs Web | 1 Cvs To Html | 2024-11-19 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04. | ||||
| CVE-2023-0109 | 1 Usememos | 1 Memos | 2024-11-19 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0. | ||||
| CVE-2024-50329 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 8.8 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50323 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.8 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | ||||
| CVE-2024-50326 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50327 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50322 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.8 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | ||||
| CVE-2024-10315 | 2024-11-18 | N/A | ||
| In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. | ||||