IDCVSSSummaryLast (major) updatePublished
CVE-2024-22326 None
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.   IBM X-Force
15-10-2024 - 19:51 06-06-2024 - 19:15
CVE-2024-37154 None
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 and e
15-10-2024 - 19:43 06-06-2024 - 19:15
CVE-2024-24880 None
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.
15-10-2024 - 19:41 08-02-2024 - 12:15
CVE-2024-37153 None
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the sa
15-10-2024 - 19:40 06-06-2024 - 19:15
CVE-2024-24879 None
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.
15-10-2024 - 19:39 08-02-2024 - 12:15
CVE-2024-48915 None
Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDe
15-10-2024 - 19:35 15-10-2024 - 17:15
CVE-2024-48253 None
Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.
15-10-2024 - 19:35 14-10-2024 - 14:15
CVE-2024-48259 None
Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.
15-10-2024 - 19:35 14-10-2024 - 15:15
CVE-2024-48769 None
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.
15-10-2024 - 19:35 11-10-2024 - 20:15
CVE-2024-48777 None
LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.
15-10-2024 - 19:35 11-10-2024 - 20:15
CVE-2024-48778 None
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process.
15-10-2024 - 19:35 11-10-2024 - 20:15
CVE-2024-48784 None
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process.
15-10-2024 - 19:35 11-10-2024 - 20:15
CVE-2024-48786 None
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process.
15-10-2024 - 19:35 11-10-2024 - 20:15
CVE-2024-48787 None
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process.
15-10-2024 - 19:35 11-10-2024 - 20:15
CVE-2024-48772 None
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process.
15-10-2024 - 19:35 11-10-2024 - 21:15
CVE-2024-48788 None
An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process.
15-10-2024 - 19:35 11-10-2024 - 21:15
CVE-2024-9859 None
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
15-10-2024 - 19:35 11-10-2024 - 17:15
CVE-2023-30577 None
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
15-10-2024 - 19:35 26-07-2023 - 17:15
CVE-2023-38408 None
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading
15-10-2024 - 19:35 20-07-2023 - 03:15
CVE-2023-38428 None
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
15-10-2024 - 19:35 18-07-2023 - 00:15
CVE-2023-36189 None
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
15-10-2024 - 19:35 06-07-2023 - 14:15
CVE-2023-37203 None
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This v
15-10-2024 - 19:35 05-07-2023 - 10:15
CVE-2023-31038 None
SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that
15-10-2024 - 19:35 08-05-2023 - 09:15
CVE-2023-31039 None
Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execut
15-10-2024 - 19:35 08-05-2023 - 09:15
CVE-2022-45048 None
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.
15-10-2024 - 19:35 05-05-2023 - 08:15
CVE-2023-27530 None
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
15-10-2024 - 19:35 10-03-2023 - 22:15
CVE-2022-42716 None
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.
15-10-2024 - 19:35 12-12-2022 - 20:15
CVE-2022-30550 None
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definiti
15-10-2024 - 19:35 17-07-2022 - 19:15
CVE-2022-28136 6.8
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
15-10-2024 - 19:35 29-03-2022 - 13:15
CVE-2021-34620 6.8
The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX
15-10-2024 - 19:35 07-07-2021 - 13:15
CVE-2020-35662 5.8
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
15-10-2024 - 19:35 27-02-2021 - 05:15
CVE-2019-18279 6.8
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UE
15-10-2024 - 19:35 13-11-2019 - 18:15
CVE-2020-5529 6.8
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Andro
15-10-2024 - 19:35 11-02-2020 - 12:15
CVE-2019-17661 9.0
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a n
15-10-2024 - 19:35 08-11-2019 - 18:15
CVE-2016-6817 5.0
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
15-10-2024 - 19:35 10-08-2017 - 22:29
CVE-2016-8747 5.0
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different
15-10-2024 - 19:35 14-03-2017 - 09:59
CVE-2015-8963 7.6
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.
15-10-2024 - 19:35 16-11-2016 - 05:59
CVE-2019-13990 7.5
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
15-10-2024 - 19:35 26-07-2019 - 19:15
CVE-2016-9428 6.8
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a craft
15-10-2024 - 19:35 12-12-2016 - 02:59
CVE-2024-36735 None
OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating.
15-10-2024 - 19:31 06-06-2024 - 19:15
CVE-2024-9974 None
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. The
15-10-2024 - 19:28 15-10-2024 - 10:15
CVE-2024-9973 None
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date lead
15-10-2024 - 19:27 15-10-2024 - 10:15
CVE-2024-36730 None
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.
15-10-2024 - 19:25 06-06-2024 - 19:15
CVE-2024-9813 None
A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injectio
15-10-2024 - 19:23 10-10-2024 - 21:15
CVE-2024-9810 None
A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2_user.php. The manipulation of the argument qualification leads to cross
15-10-2024 - 19:22 10-10-2024 - 20:15
CVE-2024-9811 None
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiat
15-10-2024 - 19:22 10-10-2024 - 21:15
CVE-2024-9812 None
A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remo
15-10-2024 - 19:22 10-10-2024 - 21:15
CVE-2024-32873 None
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulner
15-10-2024 - 19:22 06-06-2024 - 19:15
CVE-2024-9809 None
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id
15-10-2024 - 19:21 10-10-2024 - 20:15
CVE-2024-9808 None
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulation of the argument id leads to sql injection. It is
15-10-2024 - 19:19 10-10-2024 - 20:15
Back to Top Mark selected
Back to Top