Export limit exceeded: 72586 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (72586 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31842 | 1 Italtel | 1 Embrace | 2024-10-29 | 8.8 High |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover. | ||||
| CVE-2024-7255 | 1 Google | 1 Chrome | 2024-10-29 | 8.8 High |
| Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-48459 | 1 Tenda | 1 Ax2 Pro Firmware | 2024-10-29 | 7.3 High |
| A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and further obtain shell access to the router's file system with the highest privileges. | ||||
| CVE-2024-50434 | 1 Themehorse | 1 Newscard | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse NewsCard.This issue affects NewsCard: from n/a through 1.3. | ||||
| CVE-2024-50435 | 1 Themehorse | 1 Meta News | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Meta News.This issue affects Meta News: from n/a through 1.1.7. | ||||
| CVE-2024-50436 | 1 Themehorse | 1 Clean Retina | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Clean Retina.This issue affects Clean Retina: from n/a through 3.0.6. | ||||
| CVE-2024-50457 | 1 Qodeinteractive | 1 Qode Essential Addons | 2024-10-29 | 7.5 High |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. | ||||
| CVE-2024-44667 | 1 Shenzhen Haichangxing Technology | 1 Hcx H822 Firmware | 2024-10-29 | 8 High |
| Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. | ||||
| CVE-2024-50450 | 2 Pluginus, Realmag777 | 2 Wordpress Meta Data And Taxonomies Filter, Wordpress Meta Data And Taxonomies Filter | 2024-10-29 | 7.3 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. | ||||
| CVE-2024-50416 | 1 Wpclever | 1 Wpc Shop As A Customer For Woocommerce | 2024-10-29 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through 1.2.6. | ||||
| CVE-2024-50481 | 1 Stack Themes | 1 Bstone Demo Importer | 2024-10-29 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1. | ||||
| CVE-2024-10436 | 1 Wpclever | 1 Wpc Smart Messages For Woocommerce | 2024-10-29 | 8.8 High |
| The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-50550 | 1 Litespeed Technologies | 1 Litespeed Cache | 2024-10-29 | 8.1 High |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1. | ||||
| CVE-2024-42028 | 1 Ubiquiti | 1 Unifi Network Application | 2024-10-29 | 8.8 High |
| A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. | ||||
| CVE-2024-49650 | 2024-10-29 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in xarbo BuddyPress Greeting Message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through 1.0.3. | ||||
| CVE-2024-9593 | 1 Wpplugin | 2 Time Clock, Time Clock Pro | 2024-10-29 | 8.3 High |
| The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified. | ||||
| CVE-2024-47023 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-45262 | 1 Gl-inet | 20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more | 2024-10-28 | 8.8 High |
| An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path. | ||||
| CVE-2024-45261 | 1 Gl-inet | 20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more | 2024-10-28 | 8 High |
| An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control. | ||||
| CVE-2024-45260 | 1 Gl-inet | 20 Gl-a1300 Firmware, Gl-ar300m16 Firmware, Gl-ar300m Firmware and 17 more | 2024-10-28 | 8 High |
| An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it. | ||||