Export limit exceeded: 359497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359497 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6510 | 1 Avg | 1 Internet Security | 2024-10-02 | 7.8 High |
| Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. | ||||
| CVE-2024-8803 | 1 Madfishdigital | 1 Bulk Noindex \& Nofollow Toolkit | 2024-10-02 | 6.1 Medium |
| The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-8350 | 1 Uncannyowl | 1 Uncanny Groups For Learndash | 2024-10-02 | 2.7 Low |
| The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site. | ||||
| CVE-2023-51157 | 1 Zkteco | 2 Wdms, Wdms Pro | 2024-10-02 | 5.4 Medium |
| Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. | ||||
| CVE-2024-46489 | 1 Ferrislucas | 1 Promptr | 2024-10-02 | 8.8 High |
| A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. | ||||
| CVE-2024-46488 | 2 Asg017, Sqlite | 2 Sqlite-vec, Sqlite-vec | 2024-10-02 | 9.1 Critical |
| sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2024-7781 | 1 Artbees | 1 Jupiter X Core | 2024-10-02 | 8.1 High |
| The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8. | ||||
| CVE-2024-5480 | 2024-10-02 | 10.0 Critical | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-46655 | 1 Ellevo | 1 Ellevo | 2024-10-02 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. | ||||
| CVE-2023-52947 | 1 Synology | 1 Active Backup For Business Agent | 2024-10-02 | 4 Medium |
| Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout. | ||||
| CVE-2021-22518 | 1 Opentext | 1 Identity Manager Azuread Driver | 2024-10-02 | 5.8 Medium |
| A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0 | ||||
| CVE-2022-26322 | 1 Netiq | 1 Identity Manager Rest Driver | 2024-10-02 | 4.9 Medium |
| Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200. | ||||
| CVE-2024-45823 | 1 Rockwellautomation | 1 Factorytalk Batch View | 2024-10-02 | 8.1 High |
| CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication. | ||||
| CVE-2024-0132 | 2 Linux, Nvidia | 5 Linux Kernel, Container Toolkit, Gpu Operator and 2 more | 2024-10-02 | 9 Critical |
| NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0133 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2024-10-02 | 4.1 Medium |
| NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. | ||||
| CVE-2024-45825 | 1 Rockwellautomation | 2 5015-u8ihft, 5015-u8ihft Firmware | 2024-10-02 | 7.5 High |
| CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service. | ||||
| CVE-2024-45826 | 1 Rockwellautomation | 1 Thinmanager | 2024-10-02 | 6.8 Medium |
| CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file. | ||||
| CVE-2024-9199 | 2 Clibo Manager, Clibomanager | 2 Clibo Manager, Clibo Manager | 2024-10-02 | 5.8 Medium |
| Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS). | ||||
| CVE-2024-9198 | 1 Clibomanager | 1 Clibo Manager | 2024-10-02 | 7.6 High |
| Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture. | ||||
| CVE-2024-3635 | 2 Post Grid Team By Radiustheme, Radiustheme | 2 The Post Grid, The Post Grid | 2024-10-02 | 4.8 Medium |
| The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||