Export limit exceeded: 350462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7925 | 1 Zzcms | 1 Zzcms | 2024-09-03 | 4.3 Medium |
| A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/E_bak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-45435 | 2 Chartist, Chartistjs | 2 Chartist, Chartist | 2024-09-03 | 9.8 Critical |
| Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. | ||||
| CVE-2024-6918 | 1 Schneider-electric | 1 Accutech Manager | 2024-09-03 | 7.5 High |
| CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. | ||||
| CVE-2024-42369 | 1 Matrix | 1 Javascript Sdk | 2024-09-03 | 4.1 Medium |
| matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1. | ||||
| CVE-2024-43377 | 1 Umbraco | 1 Umbraco Cms | 2024-09-03 | 5.4 Medium |
| Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2. | ||||
| CVE-2024-28972 | 1 Dell | 1 Insightiq | 2024-09-03 | 5.9 Medium |
| Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2024-6585 | 1 Lightdash | 1 Lightdash | 2024-09-03 | 5.4 Medium |
| Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application. | ||||
| CVE-2024-45623 | 1 D-link | 1 Dap-2310 Firmware | 2024-09-03 | 9.8 Critical |
| D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-43949 | 1 Automattic | 2 Ghacitivity, Ghactivity | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha. | ||||
| CVE-2024-43948 | 1 Dineshkarki | 2 Wp Armour, Wp Armour Extended | 2024-09-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26. | ||||
| CVE-2024-43946 | 1 Sktthemes | 1 Skt Blocks | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.5. | ||||
| CVE-2024-43936 | 1 Wpdeveloper | 1 Embedpress | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8. | ||||
| CVE-2024-43935 | 1 Wpdelicious | 1 Wp Delicious | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes – WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes – WordPress Recipe Plugin: from n/a through 1.6.7. | ||||
| CVE-2024-43934 | 1 Robfelty | 1 Collapsing Archives | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Robert Felty Collapsing Archives allows Stored XSS.This issue affects Collapsing Archives: from n/a through 3.0.5. | ||||
| CVE-2024-45056 | 1 Matter-labs | 2 Era-compiler-solidity, Zksolc | 2024-09-03 | 5.9 Medium |
| zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. Analysis has shown that no contracts were affected by the date of publishing this advisory. This issue has been addressed in version 1.5.3. Users are advised to upgrade and redeploy all contracts. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-7782 | 1 Bitapps | 1 Contact Form Builder | 2024-09-03 | 8.7 High |
| The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2024-45045 | 2 Collabora, Google | 2 Online, Android | 2024-09-03 | 6.3 Medium |
| Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-34463 | 1 Bpl | 1 Pws-01-bt | 2024-09-03 | 5.1 Medium |
| BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.) | ||||
| CVE-2024-43380 | 1 Floraison | 1 Fugit | 2024-09-03 | 5.3 Medium |
| fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1. | ||||
| CVE-2024-43409 | 1 Ghost | 1 Ghost | 2024-09-03 | 6.5 Medium |
| Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | ||||