Export limit exceeded: 74787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9556 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9558 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9555 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-37868 | 2 Emiloimagtolis, Online Discussion Forum Project | 2 Online Discussion Forum, Online Discussion Forum | 2024-10-08 | 8.8 High |
| File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. | ||||
| CVE-2024-37869 | 2 Emiloimagtolis, Online Discussion Forum Project | 2 Online Discussion Forum, Online Discussion Forum | 2024-10-08 | 8.8 High |
| File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable | ||||
| CVE-2022-49038 | 1 Synology | 2 Drive, Drive Client | 2024-10-08 | 7.8 High |
| Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2023-52946 | 1 Synology | 2 Drive, Drive Client | 2024-10-08 | 8.2 High |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. | ||||
| CVE-2024-42417 | 1 Deltaww | 1 Diaenergie | 2024-10-08 | 8.8 High |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. | ||||
| CVE-2024-20449 | 1 Cisco | 2 Data Center Network Manager, Nexus Dashboard Fabric Controller | 2024-10-08 | 8.8 High |
| A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root. | ||||
| CVE-2024-20393 | 1 Cisco | 9 Rv340 Dual Wan Gigabit Vpn Router, Rv340 Dual Wan Gigabit Vpn Router Firmware, Rv340w Dual Wan Gigabit Wireless-ac Vpn Router and 6 more | 2024-10-08 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin. | ||||
| CVE-2024-9460 | 2 Codezips, Online Shopping Portal Project | 2 Online Shopping Portal, Online Shopping Portal | 2024-10-08 | 7.3 High |
| A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8352 | 1 Hypestudio | 1 Social Web Suite | 2024-10-08 | 7.5 High |
| The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-46041 | 1 Iothaat | 1 Smart Plug Ih In 16a S | 2024-10-07 | 8.8 High |
| IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. | ||||
| CVE-2024-47910 | 1 Sonarsource | 1 Sonarqube | 2024-10-07 | 7.2 High |
| An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | ||||
| CVE-2024-46658 | 1 Syrotech | 1 Sy-gpon-8olt-l3 Firmware | 2024-10-07 | 8 High |
| Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. | ||||
| CVE-2024-9018 | 2 Hahncgdev, Plugingarden | 2 Wp Easy Gallery Wordpress Gallery Plugin, Wp Easy Gallery | 2024-10-07 | 8.8 High |
| The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-6362 | 1 Winhex | 1 Winhex | 2024-10-07 | 7.3 High |
| A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. | ||||
| CVE-2023-6361 | 1 Winhex | 1 Winhex | 2024-10-07 | 7.3 High |
| A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. | ||||
| CVE-2024-47527 | 1 Librenms | 1 Librenms | 2024-10-07 | 7.5 High |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. | ||||
| CVE-2024-47525 | 1 Librenms | 1 Librenms | 2024-10-07 | 7.5 High |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. | ||||