Export limit exceeded: 34119 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335240 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335240 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8340 | 2 Oretnom23, Sourcecodester | 2 Electric Billing Management System, Electric Billing Management System | 2024-09-06 | 7.3 High |
| A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8119 | 1 Wpextended | 1 Wp Extended | 2024-09-06 | 6.1 Medium |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-8117 | 1 Wpextended | 1 Wp Extended | 2024-09-06 | 6.1 Medium |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-43250 | 1 Bitapps | 1 Bit Form | 2024-09-06 | 7.1 High |
| Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4. | ||||
| CVE-2024-34656 | 1 Samsung | 1 Notes | 2024-09-06 | 7.3 High |
| Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-8181 | 1 Flowiseai | 1 Flowise | 2024-09-06 | 9.8 Critical |
| An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. | ||||
| CVE-2024-34641 | 1 Samsung | 1 Android | 2024-09-06 | 5.1 Medium |
| Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. | ||||
| CVE-2024-8298 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 6.2 Medium |
| Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-38321 | 1 Ibm | 1 Business Automation Workflow | 2024-09-06 | 5.3 Medium |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. | ||||
| CVE-2024-45449 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.1 Medium |
| Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-45447 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 4.4 Medium |
| Access control vulnerability in the camera framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-45446 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.5 Medium |
| Access permission verification vulnerability in the camera driver module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-45445 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 4 Medium |
| Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-45444 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.5 Medium |
| Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-45443 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 6.1 Medium |
| Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2024-45392 | 1 Salesagility | 1 Suitecrm | 2024-09-06 | 7.7 High |
| SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | ||||
| CVE-2024-44728 | 2 Angeljudesuarez, Sourcecodehero | 2 Event Management System, Event Management System | 2024-09-06 | 7.6 High |
| Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. | ||||
| CVE-2024-44727 | 2 Angeljudesuarez, Sourcecodehero | 2 Event Management System, Event Management System | 2024-09-06 | 7.4 High |
| Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. | ||||
| CVE-2024-24759 | 1 Mindsdb | 1 Mindsdb | 2024-09-06 | 9.3 Critical |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. | ||||
| CVE-2024-45098 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | 6.8 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | ||||