Export limit exceeded: 346380 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346380 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43409 | 1 Ghost | 1 Ghost | 2024-09-03 | 6.5 Medium |
| Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | ||||
| CVE-2024-42361 | 1 Apache | 1 Hertzbeat | 2024-09-03 | 7.5 High |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. | ||||
| CVE-2024-7448 | 2 Magnet Forensics, Magnetforensics | 2 Axiom, Axiom | 2024-09-03 | 8.0 High |
| Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device. The specific flaw exists within the Android device image acquisition functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23964. | ||||
| CVE-2024-8331 | 1 Openrapid | 1 Rapidcms | 2024-09-03 | 6.3 Medium |
| A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8332 | 1 Master-nan | 1 Sweet-cms | 2024-09-03 | 6.3 Medium |
| A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 146359646a5a90cb09156dbd0013b7df77f2aa6c. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-8371 | 2024-09-03 | N/A | ||
| Duplicate of CVE-2024-45305. | ||||
| CVE-2024-41718 | 2024-09-03 | N/A | ||
| ** REJECT ** DO NOT USE THIS CVE ID. ConsultIDs: CVE-2024-39771. Reason: This CVE ID is a reservation duplicate of CVE-2024-39771. Notes: All CVE users should reference CVE-2024-39771 instead of this CVE ID. All references and descriptions in this CVE ID have been removed to prevent accidental usage. | ||||
| CVE-2022-48936 | 1 Redhat | 1 Enterprise Linux | 2024-08-31 | 0.0 Low |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-41864 | 1 Adobe | 1 Substance 3d Designer | 2024-08-31 | 7.8 High |
| Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-25562 | 1 Intel | 2 Distribution For Gdb, Oneapi Base Toolkit | 2024-08-31 | 5.8 Medium |
| Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-24973 | 1 Intel | 2 Distribution For Gdb, Oneapi Base Toolkit | 2024-08-31 | 2.2 Low |
| Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-23495 | 1 Intel | 3 Distribution For Gdb, Distribution For Gdb Software, Oneapi Base Toolkit | 2024-08-31 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-23491 | 1 Intel | 3 Distribution For Gdb, Distribution For Gdb Software, Oneapi Base Toolkit | 2024-08-31 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-42939 | 1 Yzncms | 1 Yzncms | 2024-08-31 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field. | ||||
| CVE-2022-4538 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4528 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4412 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-42379 | 2024-08-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-4540 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4530 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||