Total
303293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38482 | 1 Dell | 1 Cloudlink | 2024-09-05 | N/A | 7.2 HIGH |
| CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database. | |||||
| CVE-2024-42458 | 1 Any1 | 1 Neatvnc | 2024-09-05 | N/A | 9.8 CRITICAL |
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369. | |||||
| CVE-2024-6710 | 1 Metaphorcreations | 1 Ditty | 2024-09-05 | N/A | 5.4 MEDIUM |
| The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | |||||
| CVE-2024-43942 | 1 Wpsoul | 1 Greenshift Query Addon | 2024-09-05 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.This issue affects Greenshift Query and Meta Addon: from n/a before 3.9.2. | |||||
| CVE-2024-43943 | 1 Wpsoul | 1 Greenshift Woocommerce Addon | 2024-09-05 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8. | |||||
| CVE-2024-43957 | 1 Wpmart | 1 Animated Number Counters | 2024-09-05 | N/A | 8.8 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9. | |||||
| CVE-2024-8407 | 1 Alwindoss | 1 Akademy | 2024-09-05 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file cmd/akademy/handler/handlers.go. The manipulation of the argument emailAddress leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2024-8408 | 1 Linksys | 2 Wrt54g, Wrt54g Firmware | 2024-09-05 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-43961 | 1 Azurecurve | 1 Toggle Show\/hide | 2024-09-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Toggle Show/Hide: from n/a through 2.1.3. | |||||
| CVE-2024-7076 | 1 Semtekyazilim | 1 Semtek Sempos | 2024-09-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024. | |||||
| CVE-2024-7077 | 1 Semtekyazilim | 1 Semtek Sempos | 2024-09-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS.This issue affects Semtek Sempos: through 31072024. | |||||
| CVE-2024-21658 | 1 Discourse | 1 Discourse Calendar | 2024-09-05 | N/A | 4.3 MEDIUM |
| discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible. | |||||
| CVE-2024-7078 | 1 Semtekyazilim | 1 Semtek Sempos | 2024-09-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024. | |||||
| CVE-2024-45522 | 1 Linen | 1 Linen | 2024-09-05 | N/A | 9.8 CRITICAL |
| Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | |||||
| CVE-2024-20089 | 4 Google, Linuxfoundation, Mediatek and 1 more | 15 Android, Yocto, Mt6835 and 12 more | 2024-09-05 | N/A | 7.5 HIGH |
| In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526. | |||||
| CVE-2024-20087 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-09-05 | N/A | 6.7 MEDIUM |
| In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550. | |||||
| CVE-2024-20086 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-09-05 | N/A | 6.7 MEDIUM |
| In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1551. | |||||
| CVE-2024-8409 | 1 Abcd-community | 1 Abcd | 2024-09-05 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8410 | 1 Abcd-community | 1 Abcd | 2024-09-05 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argument sitio leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6473 | 1 Yandex | 1 Yandex Browser | 2024-09-05 | N/A | 7.8 HIGH |
| Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. | |||||