Export limit exceeded: 72204 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (72204 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37015 | 1 Adacore | 1 Ada Web Services | 2024-08-14 | 7.4 High |
| An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers. | ||||
| CVE-2024-39091 | 1 Annke | 2 Crater 2, Crater 2 Firmware | 2024-08-13 | 8.8 High |
| An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request. | ||||
| CVE-2024-42742 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42623 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1 | ||||
| CVE-2024-42743 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42631 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. | ||||
| CVE-2024-42627 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3. | ||||
| CVE-2024-42543 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-08-13 | 8.8 High |
| TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | ||||
| CVE-2024-43220 | 2024-08-13 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26. | ||||
| CVE-2024-42747 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 7.3 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 7.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-27442 | 1 Zimbra | 1 Collaboration | 2024-08-13 | 7.8 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. | ||||
| CVE-2024-6997 | 1 Google | 1 Chrome | 2024-08-13 | 8.8 High |
| Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-42632 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. | ||||
| CVE-2024-42630 | 2 Frog Cms Project, Frogcms Project | 2 Frog Cms, Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. | ||||
| CVE-2024-42626 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. | ||||
| CVE-2022-4002 | 1 Motorola | 3 Q14, Q14 Firmware, Q14 Mesh Router Firmware | 2024-08-13 | 7.2 High |
| A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. | ||||
| CVE-2023-1577 | 1 Lenovo | 1 Drivers Management | 2024-08-13 | 7.8 High |
| A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2019-6198 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2019-6197 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||