Export limit exceeded: 338433 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338433 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1285 | 2024-11-18 | N/A | ||
| Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-43704 | 1 Imaginationtech | 1 Ddk | 2024-11-18 | 8.4 High |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process. | ||||
| CVE-2020-3532 | 2024-11-18 | N/A | ||
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability. | ||||
| CVE-2024-8873 | 2024-11-18 | 6.1 Medium | ||
| The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-50826 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. | ||||
| CVE-2024-50825 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. | ||||
| CVE-2024-50824 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | ||||
| CVE-2024-50823 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | ||||
| CVE-2024-50835 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. | ||||
| CVE-2024-50834 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. | ||||
| CVE-2024-50833 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. | ||||
| CVE-2024-50832 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | ||||
| CVE-2024-50831 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | ||||
| CVE-2024-50830 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters. | ||||
| CVE-2024-50829 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter. | ||||
| CVE-2024-50828 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter. | ||||
| CVE-2024-50827 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter. | ||||
| CVE-2024-42499 | 1 Fitnesse | 1 Fitnesse | 2024-11-18 | 5.3 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions. | ||||
| CVE-2024-45087 | 1 Ibm | 1 Websphere Application Server | 2024-11-18 | 4.8 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45088 | 1 Ibm | 1 Maximo Asset Management | 2024-11-18 | 6.4 Medium |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||