Export limit exceeded: 334964 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334964 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24759 | 1 Mindsdb | 1 Mindsdb | 2024-09-06 | 9.3 Critical |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. | ||||
| CVE-2024-45098 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | 6.8 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | ||||
| CVE-2024-45097 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | ||||
| CVE-2024-45096 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | 6.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. | ||||
| CVE-2024-8473 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php. | ||||
| CVE-2024-8472 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php. | ||||
| CVE-2024-8471 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php. | ||||
| CVE-2024-8470 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8469 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8468 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8467 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8466 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8465 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8464 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it. | ||||
| CVE-2024-7381 | 2 Infinitumform, Wordpress | 2 Geo Controller, Geo Controller | 2024-09-06 | 5.3 Medium |
| The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site. | ||||
| CVE-2024-7380 | 1 Infinitumform | 1 Geo Controller | 2024-09-06 | 4.3 Medium |
| The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create or delete WordPress menus. | ||||
| CVE-2020-36830 | 2 Nescalante, Urlregex Project | 2 Urlregex, Urlregex | 2024-09-05 | 4.3 Medium |
| A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.5.1 is able to address this issue. The identifier of the patch is e5a085afe6abfaea1d1a78f54c45af9ef43ca1f9. It is recommended to upgrade the affected component. | ||||
| CVE-2024-45692 | 2 Virtualmin, Webmin | 2 Virtualmin, Webmin | 2024-09-05 | 7.5 High |
| Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. | ||||
| CVE-2024-42416 | 1 Freebsd | 1 Freebsd | 2024-09-05 | 8.4 High |
| The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | ||||
| CVE-2024-43110 | 1 Freebsd | 1 Freebsd | 2024-09-05 | 8.4 High |
| The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | ||||