Export limit exceeded: 336904 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336904 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9546 | 1 Xplodedthemes | 2 Wpide, Wpide - File Manager \& Code Editor | 2024-10-17 | 5.3 Medium |
| The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2024-9348 | 1 Docker | 1 Desktop | 2024-10-17 | N/A |
| Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. | ||||
| CVE-2024-9656 | 2024-10-17 | 6.4 Medium | ||
| The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-47044 | 1 Ntt-east | 8 Pr-400mi Firmware, Pr-500mi Firmware, Pr-600mi Firmware and 5 more | 2024-10-17 | 5.3 Medium |
| Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. | ||||
| CVE-2024-9894 | 2 Blood Bank System Project, Code-projects | 2 Blood Bank System, Blood Bank System | 2024-10-16 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9906 | 2 Oretnom23, Sourcecodester | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-10-16 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9916 | 2 Huangdou, Usualtool | 2 Utcms, Usualtoolcms | 2024-10-16 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-9983 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 7.5 High |
| Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | ||||
| CVE-2024-9984 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 9.8 Critical |
| Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | ||||
| CVE-2024-9985 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 10 Critical |
| Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | ||||
| CVE-2024-49193 | 1 Zendesk | 1 Zendesk | 2024-10-16 | 7.5 High |
| Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the support e-mail addresses associated with individual tickets are predictable. | ||||
| CVE-2024-48795 | 1 Creative Labs Pte Ltd | 1 Com Creative Apps Xficonnect | 2024-10-16 | 5.3 Medium |
| An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-41997 | 1 Warp Terminal | 1 Warp Terminal | 2024-10-16 | 6.6 Medium |
| An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim's machine. | ||||
| CVE-2024-23370 | 1 Qualcomm | 22 Qca6584au, Qca6584au Firmware, Qca6698aq and 19 more | 2024-10-16 | 6.7 Medium |
| Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. | ||||
| CVE-2024-23374 | 1 Qualcomm | 52 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 49 more | 2024-10-16 | 6.7 Medium |
| Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. | ||||
| CVE-2024-23375 | 1 Qualcomm | 28 Sa4150p, Sa4150p Firmware, Sa4155p and 25 more | 2024-10-16 | 6.7 Medium |
| Memory corruption during the network scan request. | ||||
| CVE-2024-43780 | 1 Mattermost | 1 Mattermost Server | 2024-10-16 | 4.3 Medium |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. | ||||
| CVE-2024-23376 | 1 Qualcomm | 42 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 39 more | 2024-10-16 | 6.7 Medium |
| Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. | ||||
| CVE-2024-42497 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2024-10-16 | 6 Medium |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams. | ||||
| CVE-2024-8231 | 1 Tenda | 2 O6, O6 Firmware | 2024-10-16 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||