Export limit exceeded: 328243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 328243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 73160 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (73160 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42743 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42631 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. | ||||
| CVE-2024-42627 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3. | ||||
| CVE-2024-42543 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-08-13 | 8.8 High |
| TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | ||||
| CVE-2024-43220 | 2024-08-13 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26. | ||||
| CVE-2024-42747 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 7.3 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 7.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-27442 | 1 Zimbra | 1 Collaboration | 2024-08-13 | 7.8 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. | ||||
| CVE-2024-6997 | 1 Google | 1 Chrome | 2024-08-13 | 8.8 High |
| Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-42632 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. | ||||
| CVE-2024-42630 | 2 Frog Cms Project, Frogcms Project | 2 Frog Cms, Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. | ||||
| CVE-2024-42626 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. | ||||
| CVE-2022-4002 | 1 Motorola | 3 Q14, Q14 Firmware, Q14 Mesh Router Firmware | 2024-08-13 | 7.2 High |
| A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. | ||||
| CVE-2023-1577 | 1 Lenovo | 1 Drivers Management | 2024-08-13 | 7.8 High |
| A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2019-6198 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2019-6197 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2024-7311 | 2 Code-projects, Fabianros | 2 Online Bus Reservation Site, Online Bus Reservation Site | 2024-08-13 | 7.3 High |
| A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273203. | ||||
| CVE-2024-41908 | 1 Siemens | 6 Nx 1957 Firmware, Nx 1961 Firmware, Nx 1965 Firmware and 3 more | 2024-08-13 | 7.8 High |
| A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process. | ||||
| CVE-2024-43217 | 1 Pierre Lebedel | 1 Kodex Posts Likes | 2024-08-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. | ||||
| CVE-2024-43163 | 1 Parcel Panel | 1 Parcelpanel Wordpress | 2024-08-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2. | ||||