Export limit exceeded: 72204 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (72204 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45854 | 1 Shopkit Project | 1 Shopkit | 2024-09-20 | 7.5 High |
| A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function. | ||||
| CVE-2024-43778 | 1 Takenaka Engineering | 9 Ahd04t-a Firmware, Ahd08t-a Firmware, Ahd16t-a Firmware and 6 more | 2024-09-20 | 8.8 High |
| OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2024-41929 | 1 Takenaka Engineering | 9 Ahd04t-a Firmware, Ahd08t-a Firmware, Ahd16t-a Firmware and 6 more | 2024-09-20 | 8.8 High |
| Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2024-42503 | 1 Arubanetworks | 1 Arubaos | 2024-09-20 | 7.2 High |
| Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. | ||||
| CVE-2024-42502 | 1 Arubanetworks | 1 Arubaos | 2024-09-20 | 7.2 High |
| Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. | ||||
| CVE-2024-21743 | 1 Favethemes | 1 Houzez | 2024-09-20 | 8.8 High |
| Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5. | ||||
| CVE-2024-47001 | 1 Takenaka Engineering | 9 Ahd04t-a Firmware, Ahd08t-a Firmware, Ahd16t-a Firmware and 6 more | 2024-09-20 | 8.8 High |
| Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2024-42501 | 1 Arubanetworks | 1 Arubaos | 2024-09-20 | 7.2 High |
| An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants. | ||||
| CVE-2024-43969 | 2024-09-20 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12. | ||||
| CVE-2024-7737 | 1 Dassault | 3 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023, 3dswymer 3dexperience 2024 | 2024-09-20 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-45858 | 1 Guardrailsai | 1 Guardrails | 2024-09-20 | 7.8 High |
| An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing it to execute on the user's machine. | ||||
| CVE-2023-47105 | 1 Chaosblade | 1 Chaosblade | 2024-09-20 | 8.6 High |
| exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. | ||||
| CVE-2022-25769 | 1 Mautic | 1 Mautic | 2024-09-20 | 7.2 High |
| ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path. | ||||
| CVE-2024-7736 | 1 3ds | 1 3dexperience Enovia | 2024-09-20 | 8.7 High |
| A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-45601 | 2024-09-20 | 7.5 High | ||
| Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served. Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability. At time of publication 0.12.4 is the most recently available version of Mesop. | ||||
| CVE-2024-37406 | 1 Brave | 1 Android Browser | 2024-09-20 | 7.5 High |
| In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion. | ||||
| CVE-2024-46048 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | 8.8 High |
| Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | ||||
| CVE-2024-7717 | 1 Thimpress | 1 Wp Events Manager | 2024-09-20 | 8.8 High |
| The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-45696 | 1 Dlink | 4 Covr-x1870, Covr-x1870 Firmware, Dir-x4860 and 1 more | 2024-09-19 | 8.8 High |
| Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device. | ||||
| CVE-2024-34344 | 1 Nuxt | 1 Nuxt | 2024-09-19 | 8.8 High |
| Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts. | ||||