Export limit exceeded: 359259 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359259 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359259 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49993 | 1 Redhat | 1 Enterprise Linux | 2024-11-10 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-44952 | 1 Redhat | 1 Enterprise Linux | 2024-11-09 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-6626 | 2 Theinnovs, Thelnnovs | 2 Eleforms, Eleforms | 2024-11-08 | 5.3 Medium |
| The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions. | ||||
| CVE-2024-43998 | 1 Websiteinwp | 1 Blogpoet | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. | ||||
| CVE-2024-43982 | 2 Geek Code Lab, Geekcodelab | 2 Login As Users, Login As Users | 2024-11-08 | 8.8 High |
| Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3. | ||||
| CVE-2024-43981 | 1 Ayecode | 1 Geodirectory | 2024-11-08 | 4.3 Medium |
| Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70. | ||||
| CVE-2024-51740 | 1 Combodo | 1 Itop | 2024-11-08 | 4.3 Medium |
| Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-10919 | 1 Didi | 2 Super-jacoco, Super Jacoco | 2024-11-08 | 6.3 Medium |
| A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9484 | 2 Avast, Avg | 2 Antivirus, Antivirus | 2024-11-08 | 5.1 Medium |
| An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. | ||||
| CVE-2024-9483 | 2 Avast, Avg | 2 Antivirus, Antivirus | 2024-11-08 | 5.1 Medium |
| A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. | ||||
| CVE-2024-9482 | 2 Avast, Avg | 2 Antivirus, Antivirus | 2024-11-08 | 5.1 Medium |
| An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. | ||||
| CVE-2024-9481 | 2 Avast, Avg | 2 Antivirus, Antivirus | 2024-11-08 | 5.1 Medium |
| An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. | ||||
| CVE-2024-43980 | 1 Cozythemes | 1 Fotawp | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1. | ||||
| CVE-2024-43979 | 1 Cozythemes | 1 Blockbooster | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10. | ||||
| CVE-2024-43974 | 1 Cozythemes | 1 Revivenews | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2. | ||||
| CVE-2024-43962 | 1 Lws | 1 Affiliation | 2024-11-08 | 5.4 Medium |
| Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4. | ||||
| CVE-2024-52043 | 1 Humhub | 1 Humhub | 2024-11-08 | 5.3 Medium |
| Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2. | ||||
| CVE-2024-8615 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-08 | 10 Critical |
| The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-10916 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-08 | 5.3 Medium |
| A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10915 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-08 | 8.1 High |
| A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||