Export limit exceeded: 330376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 330376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 73978 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (73978 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45392 | 1 Salesagility | 1 Suitecrm | 2024-09-06 | 7.7 High |
| SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | ||||
| CVE-2024-44728 | 2 Angeljudesuarez, Sourcecodehero | 2 Event Management System, Event Management System | 2024-09-06 | 7.6 High |
| Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. | ||||
| CVE-2024-44727 | 2 Angeljudesuarez, Sourcecodehero | 2 Event Management System, Event Management System | 2024-09-06 | 7.4 High |
| Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. | ||||
| CVE-2024-45692 | 2 Virtualmin, Webmin | 2 Virtualmin, Webmin | 2024-09-05 | 7.5 High |
| Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. | ||||
| CVE-2024-42416 | 1 Freebsd | 1 Freebsd | 2024-09-05 | 8.4 High |
| The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | ||||
| CVE-2024-43110 | 1 Freebsd | 1 Freebsd | 2024-09-05 | 8.4 High |
| The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | ||||
| CVE-2024-36068 | 1 Rubrik | 2 Cdm, Cloud Data Management | 2024-09-05 | 7.5 High |
| An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | ||||
| CVE-2024-41879 | 2 Adobe, Microsoft | 2 Acrobat Reader, Edge | 2024-09-05 | 7.8 High |
| Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-8173 | 2 Blood Bank System Project, Code-projects | 2 Blood Bank System, Blood Bank System | 2024-09-05 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file /login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7834 | 1 Overwolf | 1 Overwolf | 2024-09-05 | 7.8 High |
| A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location. | ||||
| CVE-2024-44383 | 1 Wayos | 2 Fbm-291w, Fbm-291w Firmware | 2024-09-05 | 8 High |
| WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. | ||||
| CVE-2024-40645 | 1 Fogproject | 1 Fogproject | 2024-09-05 | 8.8 High |
| FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41. | ||||
| CVE-2024-41108 | 1 Fogproject | 1 Fogproject | 2024-09-05 | 7.5 High |
| FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. The domainpassword in the hostinfo dump is hidden even to authenticated users, as it is displayed as a row of asterisks when navigating to the host's Active Directory settings. This vulnerability is fixed in 1.5.10.41. | ||||
| CVE-2024-43942 | 1 Wpsoul | 1 Greenshift Query Addon | 2024-09-05 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2. | ||||
| CVE-2024-43943 | 1 Wpsoul | 1 Greenshift Woocommerce Addon | 2024-09-05 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8. | ||||
| CVE-2024-20089 | 4 Google, Linuxfoundation, Mediatek and 1 more | 15 Android, Yocto, Mt6835 and 12 more | 2024-09-05 | 7.5 High |
| In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526. | ||||
| CVE-2024-20087 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-09-05 | 7.8 High |
| In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550. | ||||
| CVE-2024-20086 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-09-05 | 7.8 High |
| In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551. | ||||
| CVE-2024-6473 | 1 Yandex | 1 Yandex Browser | 2024-09-05 | 7.8 High |
| Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. | ||||
| CVE-2024-7345 | 1 Progress | 1 Openedge | 2024-09-05 | 8.3 High |
| Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | ||||