Export limit exceeded: 341845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45980 | 1 Meanstore | 1 Meanstore | 2024-09-30 | 8.8 High |
| A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts. | ||||
| CVE-2024-45981 | 1 Bookreviewlibrary | 1 Bookreviewlibrary | 2024-09-30 | 8.8 High |
| A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. | ||||
| CVE-2024-45982 | 1 Scheduler | 1 Scheduler | 2024-09-30 | 8.8 High |
| A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts. | ||||
| CVE-2024-45989 | 1 Butterflyeffectpte | 1 Monica | 2024-09-30 | 4 Medium |
| Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server. | ||||
| CVE-2024-46627 | 1 Becn | 1 Datagerry | 2024-09-30 | 9.1 Critical |
| Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. | ||||
| CVE-2024-9166 | 1 Atelmo | 1 Atemio Am 520 Hd Firmware | 2024-09-30 | N/A |
| The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access. | ||||
| CVE-2024-9283 | 2024-09-30 | 3.3 Low | ||
| A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9278 | 1 Huankemao | 1 Scrm | 2024-09-30 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9276 | 1 Tmsoft | 1 Myauthgateway | 2024-09-30 | 3.5 Low |
| A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-9275 | 1 Jeanmarc77 | 1 123solar | 2024-09-30 | 6.3 Medium |
| A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9160 | 2024-09-30 | N/A | ||
| In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered. | ||||
| CVE-2024-8310 | 1 Opwglobal | 1 Sitesentinel Firmware | 2024-09-30 | 9.8 Critical |
| OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. | ||||
| CVE-2024-22170 | 1 Westerndigital | 10 My Cloud Dl2100 Firmware, My Cloud Dl4100 Firmware, My Cloud Ex2100 Firmware and 7 more | 2024-09-30 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102. | ||||
| CVE-2024-33369 | 1 Plasmoapp | 1 Rpshare | 2024-09-30 | 8.8 High |
| Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask | ||||
| CVE-2024-3373 | 1 Rsm Design | 1 Web Template | 2024-09-30 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2. | ||||
| CVE-2024-45773 | 1 Facebook | 1 Thrift | 2024-09-30 | 7.5 High |
| A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00. | ||||
| CVE-2024-45863 | 1 Facebook | 1 Thrift | 2024-09-30 | 5.3 Medium |
| A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. | ||||
| CVE-2024-46441 | 1 Kacins | 1 Ypay | 2024-09-30 | 8.8 High |
| An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an uncompressed file is not checked. | ||||
| CVE-2024-6981 | 1 Omntec | 1 Proteus Tank Monitoring | 2024-09-30 | 9.8 Critical |
| OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication. | ||||
| CVE-2022-39068 | 1 Zte | 2 Mf296r, Mf296r Firmware | 2024-09-29 | 4.5 Medium |
| There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack. | ||||