Export limit exceeded: 334963 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334963 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41879 | 2 Adobe, Microsoft | 2 Acrobat Reader, Edge | 2024-09-05 | 7.8 High |
| Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-37136 | 1 Dell | 1 Path To Powerprotect | 2024-09-05 | 6.8 Medium |
| Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure. | ||||
| CVE-2024-8173 | 2 Blood Bank System Project, Code-projects | 2 Blood Bank System, Blood Bank System | 2024-09-05 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file /login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41444 | 1 Seacms | 1 Seacms | 2024-09-05 | 9.8 Critical |
| SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | ||||
| CVE-2024-42790 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-09-05 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. | ||||
| CVE-2024-42792 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-09-05 | 3.5 Low |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page. | ||||
| CVE-2024-45265 | 2 Skyss, Skysystem | 2 Arfa-cms, Arfa Cms | 2024-09-05 | 9.8 Critical |
| A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. | ||||
| CVE-2024-42906 | 2 Jenkins, Testlink | 2 Testlink, Testlink | 2024-09-05 | 4.1 Medium |
| TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. | ||||
| CVE-2024-44793 | 1 Gazelle Project | 1 Gazelle | 2024-09-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter. | ||||
| CVE-2024-44794 | 2 Picuploader, Xiebruce | 2 Commit, Picuploader | 2024-09-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter. | ||||
| CVE-2024-44795 | 1 Gazelle Project | 1 Gazelle | 2024-09-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | ||||
| CVE-2024-34637 | 1 Samsung | 1 Android | 2024-09-05 | 6.2 Medium |
| Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background. | ||||
| CVE-2024-34638 | 1 Samsung | 1 Android | 2024-09-05 | 6.7 Medium |
| Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications. | ||||
| CVE-2024-34648 | 1 Samsung | 1 Android | 2024-09-05 | 5.1 Medium |
| Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | ||||
| CVE-2024-34653 | 1 Samsung | 1 Android | 2024-09-05 | 4.6 Medium |
| Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege. | ||||
| CVE-2024-34639 | 1 Samsung | 1 Android | 2024-09-05 | 4.6 Medium |
| Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. | ||||
| CVE-2024-34640 | 1 Samsung | 1 Android | 2024-09-05 | 3.3 Low |
| Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. | ||||
| CVE-2024-34642 | 1 Samsung | 1 Android | 2024-09-05 | 4.6 Medium |
| Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. | ||||
| CVE-2024-34643 | 1 Samsung | 1 Android | 2024-09-05 | 4.4 Medium |
| Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34644 | 1 Samsung | 1 Android | 2024-09-05 | 4.4 Medium |
| Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | ||||