Export limit exceeded: 345020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10301 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 4.7 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-40493 | 2 Keith-cullen, Keithcullen | 2 Freecoap, Freecoap | 2024-10-25 | 5.3 Medium |
| Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. | ||||
| CVE-2024-44812 | 2 Janobe, Sourcecodester | 2 Online Complaint Site, Online Complaint Site | 2024-10-25 | 9.8 Critical |
| SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | ||||
| CVE-2024-48652 | 1 Tuzitio | 1 Camaleon Cms | 2024-10-25 | 4.8 Medium |
| Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. | ||||
| CVE-2024-30158 | 1 Mitel | 1 Micollab | 2024-10-25 | 7.2 High |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. | ||||
| CVE-2024-48926 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | 4.2 Medium |
| Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue. | ||||
| CVE-2024-48927 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | 4.6 Medium |
| Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue. As a workaround, derver-side file validation is available to strip script tags from file's content during the file upload process. | ||||
| CVE-2024-48929 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | 4.2 Medium |
| Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue. | ||||
| CVE-2024-43177 | 1 Ibm | 1 Concert | 2024-10-25 | 5.9 Medium |
| IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | ||||
| CVE-2024-43173 | 1 Ibm | 1 Concert | 2024-10-25 | 3.7 Low |
| IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | ||||
| CVE-2024-46902 | 1 Trendmicro | 1 Deep Discovery Inspector | 2024-10-25 | 4.9 Medium |
| A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-47819 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | 4.2 Medium |
| Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users. | ||||
| CVE-2024-48925 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | 0 Low |
| Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch. | ||||
| CVE-2024-7973 | 1 Google | 1 Chrome | 2024-10-24 | 8.8 High |
| Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) | ||||
| CVE-2024-7535 | 1 Google | 1 Chrome | 2024-10-24 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-42986 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-10-24 | 7.5 High |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42977 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-10-24 | 7.5 High |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42966 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-10-24 | 9.8 Critical |
| Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | ||||
| CVE-2024-20455 | 1 Cisco | 3 Ios Xe, Ios Xe Catalyst Sd-wan, Ios Xe Sd-wan | 2024-10-24 | 8.6 High |
| A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability. | ||||
| CVE-2024-20464 | 1 Cisco | 1 Ios Xe | 2024-10-24 | 8.6 High |
| A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet. | ||||