Export limit exceeded: 78998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20464 | 1 Cisco | 1 Ios Xe | 2024-10-24 | 8.6 High |
| A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet. | ||||
| CVE-2024-20437 | 1 Cisco | 1 Ios Xe | 2024-10-24 | 8.1 High |
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | ||||
| CVE-2024-48657 | 2 Itsourcecode, Princelycesar | 2 Hospital Management System, Hospital Management System | 2024-10-24 | 8.1 High |
| SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2024-10200 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | 7.5 High |
| Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server. | ||||
| CVE-2024-10201 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | 8.8 High |
| Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells. | ||||
| CVE-2024-8625 | 2 Pollbytotalsoft, Total-soft | 2 Ts Poll, Ts Poll | 2024-10-24 | 7.2 High |
| The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-9922 | 1 Teamplus | 2 Team\+, Team\+ Pro | 2024-10-24 | 7.5 High |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | ||||
| CVE-2024-10194 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-10-23 | 8.8 High |
| A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-47845 | 1 Wikimedia | 2 Mediawiki-extensions-css, Wikimedia-extensions-css | 2024-10-23 | 8.2 High |
| Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | ||||
| CVE-2024-41902 | 1 Siemens | 1 Jt2go | 2024-10-23 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-46898 | 1 Ss-proj | 1 Shirasagi | 2024-10-23 | 7.5 High |
| SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests. | ||||
| CVE-2024-9954 | 1 Google | 1 Chrome | 2024-10-22 | 8.8 High |
| Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-20458 | 1 Cisco | 5 Ata 190 Firmware, Ata 191, Ata 191 Firmware and 2 more | 2024-10-22 | 8.2 High |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the firmware. | ||||
| CVE-2024-10173 | 2 Didi, Didiglobal | 2 Ddmq, Ddmq | 2024-10-22 | 7.3 High |
| A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6055 | 1 Bitdefender | 1 Total Security | 2024-10-22 | 7.4 High |
| A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product does not verify the certificate's compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | ||||
| CVE-2023-6056 | 1 Bitdefender | 1 Total Security | 2024-10-22 | 7.4 High |
| A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites. | ||||
| CVE-2023-49570 | 1 Bitdefender | 1 Total Security | 2024-10-22 | 7.4 High |
| A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | ||||
| CVE-2024-7890 | 1 Citrix | 2 Workspace, Workspace App | 2024-10-22 | 7.3 High |
| Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
| CVE-2024-7889 | 1 Citrix | 2 Workspace, Workspace App | 2024-10-22 | 7.3 High |
| Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
| CVE-2024-10156 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 7.3 High |
| A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||