Export limit exceeded: 74717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74717 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49276 | 2024-10-18 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themis Solutions, Inc. Clio Grow allows Reflected XSS.This issue affects Clio Grow: from n/a through 1.0.2. | ||||
| CVE-2024-49285 | 1 Moridrin | 1 Ssv Mailchimp | 2024-10-18 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5. | ||||
| CVE-2024-49287 | 1 Marco Heine | 1 Pdf-rechnungsverwaltung | 2024-10-18 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Marco Heine PDF-Rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through 0.0.1. | ||||
| CVE-2024-49297 | 2024-10-18 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0. | ||||
| CVE-2024-49299 | 2024-10-18 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502. | ||||
| CVE-2024-49317 | 1 Zipang | 1 Point Maker | 2024-10-18 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through 0.1.4. | ||||
| CVE-2024-10068 | 1 Flashfxp | 1 Flashfxp | 2024-10-18 | 7.8 High |
| A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6729 | 1 Nokia | 1 Service Router Operating System | 2024-10-18 | 7.3 High |
| Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. | ||||
| CVE-2024-48911 | 1 Thinkst | 1 Opencanary | 2024-10-17 | 7.8 High |
| OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue. | ||||
| CVE-2024-9687 | 1 Dueclic | 1 Wp 2fa With Telegram | 2024-10-17 | 8.8 High |
| The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. | ||||
| CVE-2024-9971 | 2 New Type, Newtype | 2 Flowmaster Bpm Plus, Flowmaster Bpm Plus | 2024-10-17 | 8.8 High |
| The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. | ||||
| CVE-2024-9970 | 2 New Type, Newtype | 2 Flowmaster Bpm Plus, Flowmaster Bpm Plus | 2024-10-17 | 8.8 High |
| The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie. | ||||
| CVE-2024-45711 | 1 Solarwinds | 1 Serv-u | 2024-10-17 | 7.5 High |
| SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability | ||||
| CVE-2024-4089 | 1 Lenovo | 1 Superfile | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-4130 | 1 Lenovo | 1 App Store | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-4131 | 1 Lenovo | 1 Emulator | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-4132 | 1 Lenovo | 1 Lock Screen | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-9046 | 1 Lenovo | 1 Starstudio | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-48251 | 1 Wavelog | 1 Wavelog | 2024-10-17 | 7.3 High |
| Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. | ||||
| CVE-2024-8918 | 1 Filemanagerpro | 2 File Manager, File Manager Pro | 2024-10-17 | 7.4 High |
| The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. | ||||