Export limit exceeded: 74746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74746 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44383 | 1 Wayos | 2 Fbm-291w, Fbm-291w Firmware | 2024-09-05 | 8 High |
| WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. | ||||
| CVE-2024-40645 | 1 Fogproject | 1 Fogproject | 2024-09-05 | 8.8 High |
| FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41. | ||||
| CVE-2024-41108 | 1 Fogproject | 1 Fogproject | 2024-09-05 | 7.5 High |
| FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. The domainpassword in the hostinfo dump is hidden even to authenticated users, as it is displayed as a row of asterisks when navigating to the host's Active Directory settings. This vulnerability is fixed in 1.5.10.41. | ||||
| CVE-2024-43942 | 1 Wpsoul | 1 Greenshift Query Addon | 2024-09-05 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2. | ||||
| CVE-2024-43943 | 1 Wpsoul | 1 Greenshift Woocommerce Addon | 2024-09-05 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8. | ||||
| CVE-2024-20089 | 4 Google, Linuxfoundation, Mediatek and 1 more | 15 Android, Yocto, Mt6835 and 12 more | 2024-09-05 | 7.5 High |
| In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526. | ||||
| CVE-2024-20087 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-09-05 | 7.8 High |
| In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550. | ||||
| CVE-2024-20086 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-09-05 | 7.8 High |
| In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551. | ||||
| CVE-2024-6473 | 1 Yandex | 1 Yandex Browser | 2024-09-05 | 7.8 High |
| Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. | ||||
| CVE-2024-7345 | 1 Progress | 1 Openedge | 2024-09-05 | 8.3 High |
| Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | ||||
| CVE-2024-7346 | 1 Progress | 1 Openedge | 2024-09-05 | 7.2 High |
| Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation. | ||||
| CVE-2024-7654 | 1 Progress | 1 Openedge | 2024-09-05 | 8.3 High |
| An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users. Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default. | ||||
| CVE-2024-34659 | 1 Samsung | 1 Group Sharing | 2024-09-05 | 7.5 High |
| Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group. | ||||
| CVE-2024-34657 | 1 Samsung | 1 Notes | 2024-09-05 | 8.6 High |
| Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. | ||||
| CVE-2024-8330 | 2 6shr System Project, Gethertechnology | 2 6shr System, 6shr | 2024-09-05 | 8.8 High |
| 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server. | ||||
| CVE-2024-8329 | 2 6shr System Project, Gethertechnology | 2 6shr System, 6shr | 2024-09-05 | 8.8 High |
| 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents. | ||||
| CVE-2024-34660 | 1 Samsung | 1 Notes | 2024-09-05 | 7.3 High |
| Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-8102 | 1 Wpextended | 1 Wp Extended | 2024-09-05 | 8.8 High |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-8104 | 1 Wpextended | 1 Wp Extended | 2024-09-05 | 8.8 High |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-45050 | 2024-09-05 | 7.1 High | ||
| Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch. | ||||