Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344006 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46044 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2024-10-15 | 5.7 Medium |
| CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. | ||||
| CVE-2024-46049 | 1 Tenda | 2 O6, O6 Firmware | 2024-10-15 | 5.7 Medium |
| Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. | ||||
| CVE-2024-6747 | 1 Checkmk | 1 Checkmk | 2024-10-15 | 5.3 Medium |
| Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | ||||
| CVE-2024-48813 | 1 Employee Management System Project | 1 Employee Management System | 2024-10-15 | 8.8 High |
| SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. | ||||
| CVE-2024-46088 | 1 Zhejiang University | 1 Entersoft Customer Resource Management | 2024-10-15 | 9.8 Critical |
| An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-45316 | 1 Sonicwall | 1 Connect Tunnel | 2024-10-15 | 7.8 High |
| The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. | ||||
| CVE-2024-33582 | 1 Lenovo | 1 Service Framework | 2024-10-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33581 | 1 Lenovo | 1 Pcmanager | 2024-10-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33580 | 1 Lenovo | 1 Personal Cloud | 2024-10-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33579 | 1 Lenovo | 1 Baiying | 2024-10-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2023-42133 | 1 Paxtechnology | 1 Paydroid | 2024-10-15 | 6.7 Medium |
| PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226. | ||||
| CVE-2023-25581 | 1 Pac4j | 1 Pac4j | 2024-10-15 | N/A |
| pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-9002 | 1 Schneider-electric | 1 Easergy Studio | 2024-10-15 | 7.8 High |
| CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries | ||||
| CVE-2024-33578 | 1 Lenovo | 1 Leyun | 2024-10-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-8070 | 2024-10-15 | 8.5 High | ||
| CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary | ||||
| CVE-2024-44414 | 1 Wayos | 1 Fbm 292w Firmware | 2024-10-15 | 8.8 High |
| A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection. | ||||
| CVE-2024-1342 | 2024-10-14 | 4.2 Medium | ||
| Unable to reproduce. | ||||
| CVE-2023-45817 | 2024-10-14 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9823. Reason: This candidate is a reservation duplicate of CVE-2024-9823. Notes: All CVE users should reference CVE-2024-9823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-9142 | 1 Olgu Computer Systems | 1 E-belediye | 2024-10-14 | 9.8 Critical |
| External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.This issue affects e-Belediye: before 2.0.642. | ||||
| CVE-2024-48261 | 2024-10-14 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-48251. Reason: This candidate is a reservation duplicate of CVE-2024-48251. Notes: All CVE users should reference CVE-2024-48251 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||