Export limit exceeded: 345031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345031 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10594 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.3 Medium |
| A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10659 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10660 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the argument hookId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10214 | 1 Mattermost | 1 Mattermost | 2024-11-05 | 3.5 Low |
| Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings. | ||||
| CVE-2024-10701 | 1 Phpgurukul | 1 Car Rental Portal | 2024-11-05 | 3.5 Low |
| A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-50310 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-05 | 4.9 Medium |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | ||||
| CVE-2024-10507 | 1 Codezips | 1 Free Exam Hall Seating Management System | 2024-11-05 | 7.3 High |
| A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10609 | 2 Angeljudesuarez, Tailoring Management System Project | 2 Tailoring Management System, Tailoring Management System | 2024-11-05 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10607 | 2 Carmelogarcia, Courier Management System Project | 2 Courier Management System, Courier Management System | 2024-11-05 | 7.3 High |
| A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10608 | 2 Carmelogarcia, Courier Management System Project | 2 Courier Management System, Courier Management System | 2024-11-05 | 7.3 High |
| A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10610 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.3 Medium |
| A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10613 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.3 Medium |
| A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10612 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.3 Medium |
| A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10611 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.3 Medium |
| A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10596 | 1 Esafenet | 1 Cdg | 2024-11-05 | 6.3 Medium |
| A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-50612 | 2 Libsndfile Project, Redhat | 3 Libsndfile, Enterprise Linux, Rhel Eus | 2024-11-05 | 5.3 Medium |
| libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. | ||||
| CVE-2024-37846 | 2 Radix Iot, Radixiot | 2 Mango Os, Mango | 2024-11-05 | 9.8 Critical |
| MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. | ||||
| CVE-2024-37844 | 2 Radix Iot, Radixiot | 2 Mango Os, Mango | 2024-11-05 | 4.7 Medium |
| A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-37847 | 2 Radix Iot, Radixiot | 4 Mango Api, Mango Os, Mango and 1 more | 2024-11-05 | 9.8 Critical |
| An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2024-10661 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-05 | 8.8 High |
| A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||