Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48293 | 1 Quickheal Antivirus Pro | 1 Quickheal Antivirus Pro | 2024-11-19 | 6.5 Medium |
| Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. | ||||
| CVE-2024-48294 | 1 Wondershare Pdf Reader | 1 Wondershare Pdf Reader | 2024-11-19 | 5.5 Medium |
| A NULL pointer dereference in the component libPdfCore.dll of Wondershare PDF Reader v1.0.9.2544 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||||
| CVE-2024-48292 | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2024-11-19 | 8.8 High |
| An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. | ||||
| CVE-2024-10390 | 2024-11-19 | 6.4 Medium | ||
| The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-52587 | 1 Step Security | 1 Harden Runner | 2024-11-19 | 8.8 High |
| StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of harden-runner as the first step in a job, the likelihood of exploitation is low as the Harden-Runner action reads the environment variable during the pre-step stage. There are no known exploits at this time. Version 2.10.2 contains a patch. | ||||
| CVE-2024-50804 | 1 Micro-star International | 1 Msi Center Pro | 2024-11-19 | 7.8 High |
| Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder | ||||
| CVE-2024-51053 | 1 Avscms | 1 Avscms | 2024-11-19 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-52582 | 1 Containerbuildsystem | 1 Cachi2 | 2024-11-19 | 4.7 Medium |
| Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-21539 | 1 Eslint | 1 Rewrite | 2024-11-19 | 7.5 High |
| Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability. | ||||
| CVE-2024-11075 | 1 Sick Ag | 1 Incoming Goods Suite | 2024-11-19 | 8.8 High |
| A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system. | ||||
| CVE-2024-52583 | 2024-11-19 | 8.2 High | ||
| The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024. | ||||
| CVE-2024-51051 | 1 Avscms | 1 Avscms | 2024-11-19 | 9.8 Critical |
| AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. | ||||
| CVE-2024-33231 | 2024-11-19 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. | ||||
| CVE-2024-10486 | 1 Automattic | 1 Woocommerce | 2024-11-19 | 5.3 Medium |
| The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | ||||
| CVE-2024-11194 | 1 Techlabpro1 | 1 Classified Listing Plugin | 2024-11-19 | 8.8 High |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array. | ||||
| CVE-2024-10204 | 1 Dassault | 1 Edrawings | 2024-11-19 | 7.8 High |
| Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. | ||||
| CVE-2022-47424 | 2024-11-19 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1. | ||||
| CVE-2024-11247 | 2 Oretnom23, Sourcecodester | 2 Online Eyewear Shop, Online Eyewear Shop | 2024-11-19 | 3.5 Low |
| A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-11248 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2024-11-19 | 8.8 High |
| A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39726 | 3 Ibm, Linux, Microsoft | 4 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights, Linux Kernel and 1 more | 2024-11-19 | 8.2 High |
| IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||