Export limit exceeded: 79183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45794 | 1 Kubernetes | 1 Devtron | 2024-11-08 | 8.3 High |
| devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-8424 | 2 Watchgua, Watchguard | 3 Panda Dome Firmware, Epdr Firmware, Panda Ad360 Firmware | 2024-11-08 | 7.8 High |
| Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00. | ||||
| CVE-2024-51989 | 1 Apnotic Llc | 1 Passwordpusher | 2024-11-08 | 7.1 High |
| Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. To exploit this vulnerability, an attacker would need to convince a user to click a malicious account confirmation link. It is highly recommended to update to version `v1.48.1` or later to mitigate this risk. There are no known workarounds for this vulnerability. ### Solution Update to version `v1.48.1` or later where input sanitization has been applied to the account confirmation process. If updating is not immediately possible, | ||||
| CVE-2024-51998 | 1 Dgtlmoon | 1 Changedetection.io | 2024-11-08 | 8.6 High |
| changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and `ALLOW_FILE_URI` false or not defined. The check used for URL protocol, `is_safe_url`, allows `file:` as a URL scheme. It later checks if local files are permitted, but one of the preconditions for the check is that the URL starts with `file://`. The issue comes with the fact that the file URI scheme is not required to have double slashes. This issue has been addressed in version 0.47.06 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-46960 | 1 Asdcom | 1 Hd Video Downloader | 2024-11-08 | 8.8 High |
| The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. | ||||
| CVE-2024-46961 | 1 Inshot.com | 1 X Downloader | 2024-11-08 | 8.1 High |
| The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component. | ||||
| CVE-2023-1973 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus | 2024-11-08 | 7.5 High |
| A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory. | ||||
| CVE-2024-9579 | 2 Hp, Poly | 24 Poly Studio G62, Poly Studio G62 Firmware, Poly Studio G7500 and 21 more | 2024-11-08 | 7.5 High |
| A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. | ||||
| CVE-2024-49522 | 1 Adobe | 1 Substance 3d Painter | 2024-11-08 | 7.8 High |
| Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29117 | 2 Enel X, Enelx | 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 8.8 High |
| Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | ||||
| CVE-2024-51739 | 1 Combodo | 1 Itop | 2024-11-08 | 7.5 High |
| Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. Users unable to upgrade may overload the dictionary entry `"UI:ResetPwd-Error-WrongLogin"` through an extension and replace it with a generic message. | ||||
| CVE-2024-38408 | 1 Qualcomm | 470 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 467 more | 2024-11-08 | 8.2 High |
| Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. | ||||
| CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | 7.5 High |
| There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | ||||
| CVE-2024-43966 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-11-08 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1. | ||||
| CVE-2024-33068 | 1 Qualcomm | 246 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 243 more | 2024-11-07 | 7.5 High |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. | ||||
| CVE-2024-38403 | 1 Qualcomm | 156 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 153 more | 2024-11-07 | 7.5 High |
| Transient DOS while parsing BTM ML IE when per STA profile is not included. | ||||
| CVE-2024-38405 | 1 Qualcomm | 200 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 197 more | 2024-11-07 | 7.5 High |
| Transient DOS while processing the CU information from RNR IE. | ||||
| CVE-2024-23385 | 1 Qualcomm | 189 205 Mobile Platform, 205 Mobile Platform Firmware, Apq8017 and 186 more | 2024-11-07 | 7.5 High |
| Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. | ||||
| CVE-2024-51523 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 7.1 High |
| Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-51526 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 8.2 High |
| Permission control vulnerability in the hidebug module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||