Total
306264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49640 | 1 Amadercodelab | 1 Acl Floating Cart For Woocommerce | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through 0.9. | |||||
| CVE-2024-49639 | 1 Edwardstoever | 1 Monitor.chat | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a through 1.1.1. | |||||
| CVE-2024-48230 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php. | |||||
| CVE-2024-49638 | 1 Aliazlan | 1 Risk Warning Bar | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through 1.0. | |||||
| CVE-2024-48229 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin. | |||||
| CVE-2024-7783 | 1 Mintplexlabs | 1 Anythingllm | 2024-10-31 | N/A | 7.5 HIGH |
| mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3. | |||||
| CVE-2024-48227 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 4.9 MEDIUM |
| Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). | |||||
| CVE-2024-48223 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist. | |||||
| CVE-2024-48222 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit. | |||||
| CVE-2024-48218 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list. | |||||
| CVE-2024-48226 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. | |||||
| CVE-2024-48225 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 6.5 MEDIUM |
| Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. | |||||
| CVE-2023-31310 | 2024-10-31 | N/A | 5.0 MEDIUM | ||
| Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability. | |||||
| CVE-2024-48224 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 4.9 MEDIUM |
| Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. | |||||
| CVE-2024-49635 | 1 Manzurulhaque | 1 Banner Slider | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manzurul Haque Banner Slider allows Reflected XSS.This issue affects Banner Slider: from n/a through 2.1. | |||||
| CVE-2023-50355 | 1 Hcltech | 1 Sametime | 2024-10-31 | N/A | 5.3 MEDIUM |
| HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. | |||||
| CVE-2024-49980 | 1 Linux | 1 Linux Kernel | 2024-10-31 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. dev_queue_xmit_nit is expected to be called with BH disabled. __dev_queue_xmit has the following: /* Disable soft irqs for various locks below. Also * stops preemption for RCU. */ rcu_read_lock_bh(); VRF must follow this invariant. The referenced commit removed this protection. Which triggered a lockdep warning: ================================ WARNING: inconsistent lock state 6.11.0 #1 Tainted: G W -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30 {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 packet_rcv+0xa33/0x1320 __netif_receive_skb_core.constprop.0+0xcb0/0x3a90 __netif_receive_skb_list_core+0x2c9/0x890 netif_receive_skb_list_internal+0x610/0xcc0 [...] other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rlock-AF_PACKET); <Interrupt> lock(rlock-AF_PACKET); *** DEADLOCK *** Call Trace: <TASK> dump_stack_lvl+0x73/0xa0 mark_lock+0x102e/0x16b0 __lock_acquire+0x9ae/0x6170 lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 tpacket_rcv+0x863/0x3b30 dev_queue_xmit_nit+0x709/0xa40 vrf_finish_direct+0x26e/0x340 [vrf] vrf_l3_out+0x5f4/0xe80 [vrf] __ip_local_out+0x51e/0x7a0 [...] | |||||
| CVE-2022-49000 | 1 Linux | 1 Linux Kernel | 2024-10-31 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in has_external_pci() for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() before 'return true' to avoid reference count leak. | |||||
| CVE-2024-49637 | 1 Foxskav | 1 Bet Wc 2018 Russia | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through 2.1. | |||||
| CVE-2024-49636 | 1 Prashantmavinkurve | 1 Agile Video Player Lite | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through 1.0. | |||||