Export limit exceeded: 345573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8336 | 2 Oretnom23, Sourcecodester | 2 Music Gallery Site, Music Gallery Site | 2024-09-04 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41372 | 2 Causefx, Organizr | 2 Organizr, Organizr | 2024-09-04 | 9.8 Critical |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. | ||||
| CVE-2024-41371 | 1 Organizr | 1 Organizr | 2024-09-04 | 6.1 Medium |
| Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | ||||
| CVE-2024-41370 | 2 Causefx, Organizr | 2 Organizr, Organizr | 2024-09-04 | 9.8 Critical |
| Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. | ||||
| CVE-2024-41351 | 1 Baijunyao | 2 Bjyadmin, Thinkphp-bjyadmin | 2024-09-04 | 6.1 Medium |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | ||||
| CVE-2024-41350 | 1 Baijunyao | 2 Bjyadmin, Thinkphp-bjyadmin | 2024-09-04 | 6.1 Medium |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | ||||
| CVE-2024-44921 | 1 Seacms | 1 Seacms | 2024-09-04 | 9.8 Critical |
| SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | ||||
| CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | ||||
| CVE-2024-8004 | 2 3ds, Dassault | 4 3dexperience Enovia, 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 and 1 more | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-7938 | 2 3ds, Dassault | 3 3dexperience, 3dswymer 3dexperience 2023, 3dswymer 3dexperience 2024 | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2024-09-04 | 6.1 Medium |
| Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | ||||
| CVE-2024-2881 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2024-09-04 | 6.7 Medium |
| Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | ||||
| CVE-2024-1543 | 1 Wolfssl | 2 Wolfcrypt, Wolfssl | 2024-09-04 | 4.1 Medium |
| The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500 | ||||
| CVE-2024-6672 | 1 Progress | 2 Whatsup Gold, Whatsupgold | 2024-09-04 | 8.8 High |
| In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. | ||||
| CVE-2024-6716 | 2024-09-04 | 7.5 High | ||
| Invalid security issue. | ||||
| CVE-2024-43921 | 1 Magic-post-thumbnail | 1 Magic Post Thumbnail | 2024-09-04 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9. | ||||
| CVE-2024-43920 | 1 Jegstudio | 1 Gutenverse | 2024-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4. | ||||
| CVE-2024-43941 | 1 Propovoice | 2 Propovoice, Propovoice Pro | 2024-09-04 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.This issue affects Propovoice Pro: from n/a through 1.7.0.3. | ||||
| CVE-2024-43776 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2024-09-04 | 8.8 High |
| SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. | ||||
| CVE-2024-43775 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2024-09-04 | 8.8 High |
| SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. | ||||