Export limit exceeded: 79041 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79041 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42386 | 1 Cesanta | 1 Mongoose | 2024-11-19 | 8.2 High |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | ||||
| CVE-2024-52293 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | 7.2 High |
| Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3. | ||||
| CVE-2021-3742 | 1 Chatwoot | 1 Chatwoot | 2024-11-19 | 7.9 High |
| A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection. | ||||
| CVE-2024-9409 | 1 Schneider-electric | 6 Powerlogic Pm5320, Powerlogic Pm5320 Firmware, Powerlogic Pm5340 and 3 more | 2024-11-19 | 7.5 High |
| CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. | ||||
| CVE-2022-31671 | 1 Linuxfoundation | 1 Harbor | 2024-11-19 | 7.4 High |
| Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database. | ||||
| CVE-2022-31668 | 1 Linuxfoundation | 1 Harbor | 2024-11-19 | 7.4 High |
| Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects. | ||||
| CVE-2022-31670 | 1 Linuxfoundation | 1 Harbor | 2024-11-19 | 7.7 High |
| Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects. | ||||
| CVE-2024-52306 | 2 Backpackforlaravel, Laravel-backpack | 2 Filemanager, File Manager | 2024-11-19 | 7.7 High |
| FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9. | ||||
| CVE-2024-50329 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 8.8 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50323 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.8 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | ||||
| CVE-2024-50326 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50327 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50322 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.8 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | ||||
| CVE-2024-3760 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-11-18 | 7.5 High |
| In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only overwhelms the victim's mailbox, making it difficult to manage and locate legitimate emails, but also significantly impacts mail servers by consuming their resources. The increased load can cause performance degradation and, in severe cases, make the mail servers unresponsive or unavailable, disrupting email services for the entire organization. | ||||
| CVE-2024-48837 | 1 Dell | 1 Smartfabric Os10 | 2024-11-18 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution | ||||
| CVE-2024-42676 | 2 Isellerpal, Shenzhen Huizhi Software Development | 2 Enterprise Resource Management System, Enterprise Resource Management System | 2024-11-18 | 8.8 High |
| File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component | ||||
| CVE-2024-11100 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 7.3 High |
| A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11017 | 1 Vice | 1 Webopac | 2024-11-18 | 8.8 High |
| Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. | ||||