Export limit exceeded: 79002 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79002 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10282 | 1 Tenda | 3 Rx9, Rx9 Pro, Rx9 Pro Firmware | 2024-11-01 | 8.8 High |
| A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-30358 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 8.8 High |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required. | ||||
| CVE-2022-30356 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 8.8 High |
| OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege. | ||||
| CVE-2024-7783 | 2 Miniplex Labs, Mintplexlabs | 2 Miniplex Labs\/anything Lim, Anythingllm | 2024-10-31 | 7.5 High |
| mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3. | ||||
| CVE-2024-48227 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 7.5 High |
| Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). | ||||
| CVE-2024-48224 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 7.5 High |
| Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. | ||||
| CVE-2024-20421 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | 7.1 High |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | ||||
| CVE-2024-10449 | 1 Codezips | 1 Hospital Appointment System | 2024-10-31 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10230 | 1 Google | 1 Chrome | 2024-10-31 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-48427 | 2 Oretnom23, Sourcecodester | 2 Packers And Movers Management System, Packers And Movers Management System | 2024-10-31 | 8.1 High |
| A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id | ||||
| CVE-2024-47035 | 1 Google | 2 Android, Pixel | 2024-10-31 | 7.4 High |
| In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-45518 | 1 Zimbra | 1 Collaboration | 2024-10-30 | 7.5 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). | ||||
| CVE-2022-23862 | 1 Ysoft | 1 Safeq | 2024-10-30 | 8.4 High |
| A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. | ||||
| CVE-2024-10121 | 2 Radar, Riskengine | 2 Radar, Radar | 2024-10-30 | 7.3 High |
| A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48605 | 1 Helakuru | 1 Helakuru | 2024-10-30 | 7.8 High |
| An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. | ||||
| CVE-2023-22649 | 2 Rancher, Suse | 2 Rancher, Rancher | 2024-10-30 | 8.4 High |
| A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue. | ||||
| CVE-2024-45715 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-30 | 7.1 High |
| The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. | ||||
| CVE-2024-44459 | 1 Octavolabs | 1 Vernemq | 2024-10-30 | 7.5 High |
| A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption. | ||||
| CVE-2024-10120 | 2 Radar, Riskengine | 2 Radar, Radar | 2024-10-30 | 7.3 High |
| A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-44460 | 1 Emqx | 1 Nanomq | 2024-10-30 | 7.5 High |
| An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). | ||||