Total
307026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11237 | 1 Tp-link | 2 Vn020-f3v\(t\), Vn020-f3v\(t\) Firmware | 2024-11-19 | 7.8 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11211 | 1 Eyoucms | 1 Eyoucms | 2024-11-19 | 5.8 MEDIUM | 7.2 HIGH |
| A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11238 | 1 Landray | 1 Landray Ekp | 2024-11-19 | 6.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11239 | 1 Landray | 1 Landray Ekp | 2024-11-19 | 5.5 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11210 | 1 Eyoucms | 1 Eyoucms | 2024-11-19 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-52292 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | N/A | 6.5 MEDIUM |
| Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8. | |||||
| CVE-2024-49256 | 1 Wpchill | 1 Htaccess File Editor | 2024-11-19 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. | |||||
| CVE-2024-43323 | 1 Wpdeveloper | 1 Reviewx | 2024-11-19 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. | |||||
| CVE-2024-43211 | 2024-11-19 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9. | |||||
| CVE-2024-52291 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | N/A | 7.2 HIGH |
| Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5. | |||||
| CVE-2024-52305 | 1 Webkul | 1 Unopim | 2024-11-19 | N/A | 4.8 MEDIUM |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5. | |||||
| CVE-2024-42392 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 7.5 HIGH |
| Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | |||||
| CVE-2024-42383 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 9.8 CRITICAL |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | |||||
| CVE-2024-42385 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 7.0 HIGH |
| Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. | |||||
| CVE-2024-42386 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 7.5 HIGH |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | |||||
| CVE-2024-42387 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 5.3 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||||
| CVE-2024-52293 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | N/A | 7.2 HIGH |
| Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3. | |||||
| CVE-2024-42388 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 5.3 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||||
| CVE-2024-42389 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 5.3 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||||
| CVE-2024-42390 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 5.3 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||||