Export limit exceeded: 35283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35283 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40520 | 1 Seacms | 1 Seacms | 2024-11-21 | 8.8 High |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | ||||
| CVE-2024-40518 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.2 High |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | ||||
| CVE-2024-3959 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user. | ||||
| CVE-2024-3454 | 1 Csa-iot | 1 Matter | 2024-11-21 | 3.5 Low |
| An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information. | ||||
| CVE-2024-3297 | 1 Csa-iot | 1 Matter | 2024-11-21 | 6.5 Medium |
| An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled. | ||||
| CVE-2024-3175 | 1 Google | 1 Chrome | 2024-11-21 | 6.3 Medium |
| Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2024-39807 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 3.1 Low |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels. | ||||
| CVE-2024-39740 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-11-21 | 4.3 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009. | ||||
| CVE-2024-39729 | 1 Ibm | 2 Datacap, Datacap Navigator | 2024-11-21 | 4.3 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968. | ||||
| CVE-2024-39674 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 6.2 Medium |
| Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-39672 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 8.4 High |
| Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | ||||
| CVE-2024-39670 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 6.2 Medium |
| Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-39593 | 1 Sap | 1 Landscape Management | 2024-11-21 | 6.9 Medium |
| SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities. | ||||
| CVE-2024-39376 | 1 Markoni | 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more | 2024-11-21 | 9.8 Critical |
| TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions. | ||||
| CVE-2024-39353 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 2.7 Low |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents. | ||||
| CVE-2024-39322 | 1 Aimeos Project | 1 Ai-controller-frontend | 2024-11-21 | 5.5 Medium |
| aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue. | ||||
| CVE-2024-39202 | 1 Dlink | 3 Dir-823x Ax3000, Dir-823x Ax3000 Firmware, Dir-823x Firmware | 2024-11-21 | 7.6 High |
| D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. | ||||
| CVE-2024-39028 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | ||||
| CVE-2024-38462 | 1 Irods | 1 Irods | 2024-11-21 | 9.8 Critical |
| iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. | ||||
| CVE-2024-38368 | 1 Cocoapods | 2 Cocoapods, Trunk.cocoapods.org | 2024-11-21 | 9.3 Critical |
| trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all owners removed from a pod, and that made the pod available for the same claiming system. This was patched server-side in commit 71be5440906b6bdfbc0bcc7f8a9fec33367ea0f4 in September 2023. | ||||