Export limit exceeded: 75194 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75194 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40721 | 1 Changingtec | 2 Servisign, Tcb Servisign | 2024-08-09 | 8.8 High |
| The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path. | ||||
| CVE-2024-40720 | 2 Changinginformationtechnology, Changingtec | 2 Tcbservisign, Tcb Servisign | 2024-08-09 | 8.8 High |
| The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands. | ||||
| CVE-2024-7366 | 2 Oretnom23, Sourcecodester | 2 Tracking Monitoring Management System, Tracking Monitoring Management System | 2024-08-09 | 7.3 High |
| A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273345 was assigned to this vulnerability. | ||||
| CVE-2024-7337 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-09 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7335 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2024-08-09 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7334 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-09 | 8.8 High |
| A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7333 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-08-09 | 8.8 High |
| A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-37142 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | 7.3 High |
| Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | ||||
| CVE-2024-32857 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | 7.3 High |
| Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | ||||
| CVE-2024-7582 | 1 Tenda | 2 I22, I22 Firmware | 2024-08-08 | 8.8 High |
| A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7583 | 1 Tenda | 2 I22, I22 Firmware | 2024-08-08 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-41309 | 2 Enjay, Enjayworld | 2 Crm, Enjay Crm | 2024-08-08 | 8.4 High |
| An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. | ||||
| CVE-2024-41245 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details. | ||||
| CVE-2024-41244 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details. | ||||
| CVE-2024-41248 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry. | ||||
| CVE-2024-41249 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details. | ||||
| CVE-2024-41308 | 2 Enjay, Enjayworld | 2 Crm, Enjay Crm | 2024-08-08 | 8.4 High |
| An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. | ||||
| CVE-2024-7279 | 2 Oretnom23, Sourcecodester | 2 Lot Reservation Management System, Lot Reservation Management System | 2024-08-08 | 7.3 High |
| A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273148. | ||||
| CVE-2024-6989 | 1 Google | 1 Chrome | 2024-08-07 | 8.8 High |
| Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-6994 | 1 Google | 1 Chrome | 2024-08-07 | 8.8 High |
| Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||