Export limit exceeded: 335275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335275 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45695 | 1 Dlink | 2 Dir-x4860, Dir-x4860 Firmware | 2024-09-17 | 9.8 Critical |
| The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | ||||
| CVE-2024-45694 | 1 Dlink | 4 Dir-x4860, Dir-x4860 Firmware, Dir-x5460 and 1 more | 2024-09-17 | 9.8 Critical |
| The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | ||||
| CVE-2024-45804 | 2024-09-17 | N/A | ||
| This CVE is a duplicate of another CVE. | ||||
| CVE-2024-43251 | 1 Bitapps | 1 Bit Form | 2024-09-17 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.This issue affects Bit Form Pro: from n/a through 2.6.4. | ||||
| CVE-2024-43255 | 1 Stormhillmedia | 1 Mybook Table Bookstore | 2024-09-17 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9. | ||||
| CVE-2024-40643 | 2 Joplin Project, Joplinapp | 2 Joplin, Joplin | 2024-09-17 | 9.7 Critical |
| Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag. | ||||
| CVE-2024-8601 | 2 Techexcel, Techexcel Inc. | 2 Back Office Software, Back Office | 2024-09-17 | 6.5 Medium |
| This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users. | ||||
| CVE-2024-8042 | 1 Rapid7 | 1 Insight Platform | 2024-09-17 | 2.4 Low |
| Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024. | ||||
| CVE-2023-34979 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-17 | 6.6 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2790 build 20240606 and later | ||||
| CVE-2024-6921 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2024-09-17 | 7.5 High |
| Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024. | ||||
| CVE-2024-6920 | 1 Nac | 1 Nacpremium | 2024-09-17 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.This issue affects NACPremium: through 01082024. | ||||
| CVE-2024-6919 | 2 Nac, Nac Telecommunication Systems | 2 Nacpremium, Nacpremium | 2024-09-17 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024. | ||||
| CVE-2024-38878 | 1 Siemens | 1 Omnivise T3000 Application Server | 2024-09-17 | 7.2 High |
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. | ||||
| CVE-2024-7110 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. | ||||
| CVE-2024-3958 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | ||||
| CVE-2024-3035 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.8 Medium |
| A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | ||||
| CVE-2024-39626 | 1 5starplugins | 1 Pretty Simple Popup Builder | 2024-09-17 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.7. | ||||
| CVE-2024-38876 | 1 Siemens | 14 Omnivise T3000 Application Server, Omnivise T3000 Application Server R9.2, Omnivise T3000 Domain Controller and 11 more | 2024-09-17 | 7.8 High |
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. | ||||
| CVE-2024-3100 | 1 Lenovo | 55 100w Gen 3 Firmware, 100w Gen 4 Firmware, 13w Yoga Firmware and 52 more | 2024-09-17 | 6.7 Medium |
| A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
| CVE-2024-46451 | 1 Totolink | 3 Ac1200 T8 Firmware, T8, T8 Firmware | 2024-09-17 | 9.8 Critical |
| TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | ||||