Export limit exceeded: 18175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338070 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40120 | 1 Seaweedfs | 1 Seaweedfs | 2025-06-17 | 6.5 Medium |
| seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go. | ||||
| CVE-2023-40284 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2024-28635 | 1 Devsoftbaltic | 1 Survey-creator | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | ||||
| CVE-2023-40285 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 6.5 Medium |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2024-24574 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-06-17 | 6.5 Medium |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. | ||||
| CVE-2024-25167 | 1 Markerhub | 1 Eblog | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. | ||||
| CVE-2024-25359 | 2 Zuoxingdong, Zuoxingdong Lagom | 2 Lagom, Zuoxingdong Lagom | 2025-06-17 | 6.6 Medium |
| An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. | ||||
| CVE-2024-27626 | 1 Dotclear | 1 Dotclear | 2025-06-17 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. | ||||
| CVE-2024-23824 | 1 Mailcow | 1 Mailcow\ | 2025-06-17 | 4.7 Medium |
| mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. | ||||
| CVE-2024-29858 | 1 Misp | 1 Misp | 2025-06-17 | 9.8 Critical |
| In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. | ||||
| CVE-2024-0418 | 1 Upredsun | 1 File Sharing Wizard | 2025-06-17 | 5.3 Medium |
| A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-29862 | 1 Chirpstack | 4 Gateway-bridge, Gateway Bridge, Mqtt-forwarder and 1 more | 2025-06-17 | 7.5 High |
| The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. | ||||
| CVE-2024-29864 | 1 89luca89 | 1 Distrobox | 2025-06-17 | 9.8 Critical |
| Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. | ||||
| CVE-2024-26307 | 1 Apache | 1 Doris | 2025-06-17 | 5.3 Medium |
| Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue. | ||||
| CVE-2024-27438 | 1 Apache | 1 Doris | 2025-06-17 | 9.8 Critical |
| Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue. | ||||
| CVE-2024-29866 | 1 Datalust | 1 Seq | 2025-06-17 | 9.1 Critical |
| Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. | ||||
| CVE-2023-7068 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2025-06-17 | 4.3 Medium |
| The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information. | ||||
| CVE-2024-29243 | 1 Szlbt | 3 Lbt-t300-mini1, Lbt-t300-mini1 Firmware, Lbt-t300-mini Firmware | 2025-06-17 | 9.8 Critical |
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. | ||||
| CVE-2024-29244 | 1 Szlbt | 2 Lbt-t300-mini1, Lbt-t300-mini1 Firmware | 2025-06-17 | 5.3 Medium |
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. | ||||
| CVE-2024-2463 | 1 Cdex | 1 Cdex | 2025-06-17 | 8.0 High |
| Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1. | ||||