Export limit exceeded: 346022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42630 | 2 Frog Cms Project, Frogcms Project | 2 Frog Cms, Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. | ||||
| CVE-2024-42626 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. | ||||
| CVE-2022-4002 | 1 Motorola | 3 Q14, Q14 Firmware, Q14 Mesh Router Firmware | 2024-08-13 | 7.2 High |
| A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. | ||||
| CVE-2023-1577 | 1 Lenovo | 1 Drivers Management | 2024-08-13 | 7.8 High |
| A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2019-6198 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2019-6197 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2024-42347 | 1 Matrix | 1 Matrix-react-sdk | 2024-08-12 | 7.7 High |
| matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-7502 | 1 Deltaww | 1 Diascreen | 2024-08-12 | 7.8 High |
| A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2024-34620 | 1 Samsung | 1 Android | 2024-08-12 | 8.4 High |
| Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. | ||||
| CVE-2024-34619 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-08-12 | 7.5 High |
| Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34614 | 1 Samsung | 1 Android | 2024-08-12 | 7.3 High |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-34612 | 1 Samsung | 1 Android | 2024-08-12 | 7.3 High |
| Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-7550 | 1 Google | 1 Chrome | 2024-08-12 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7536 | 1 Google | 1 Chrome | 2024-08-12 | 8.8 High |
| Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7533 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-12 | 8.8 High |
| Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7532 | 1 Google | 1 Chrome | 2024-08-12 | 8.8 High |
| Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2024-42219 | 1 1password | 1 1password | 2024-08-12 | 7 High |
| 1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. | ||||
| CVE-2024-7286 | 2 Oretnom23, Sourcecodester | 2 Establishment Billing Management System, Establishment Billing Management System | 2024-08-12 | 7.3 High |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273155. | ||||
| CVE-2024-7320 | 2 Adonesevangelista, Itsourcecode | 2 Online Blood Bank Management System, Online Blood Bank Management System | 2024-08-12 | 7.3 High |
| A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. This affects an unknown part of the file /admin/index.php of the component Admin Login. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273231. | ||||
| CVE-2024-30170 | 2 Privx, Ssh | 2 Privx, Privx | 2024-08-12 | 7.5 High |
| PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later, | ||||