Total
262521 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-41975 | 1 Apple | 1 Macos | 2024-09-10 | 4.3 Medium |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown. | ||||
CVE-2023-42857 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-10 | 3.3 Low |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | ||||
CVE-2023-41997 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-10 | 4.6 Medium |
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | ||||
CVE-2023-41254 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-10 | 5.5 Medium |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data. | ||||
CVE-2024-44902 | 1 Thinkphp | 1 Thinkphp | 2024-09-10 | 9.8 Critical |
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | ||||
CVE-2024-44893 | 1 Jeecg | 1 Jimureport | 2024-09-10 | 9.8 Critical |
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | ||||
CVE-2024-44872 | 1 Mozilocms | 1 Mozilocms | 2024-09-10 | 6.1 Medium |
A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
CVE-2024-44871 | 1 Mozilo | 1 Mozilocms | 2024-09-10 | 7.2 High |
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
CVE-2024-44676 | 1 Eladmin | 1 Eladmin | 2024-09-10 | 6.1 Medium |
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. | ||||
CVE-2024-44667 | 1 Shenzhen Haichangxing Technology | 1 Hcx H822 Firmware | 2024-09-10 | 8 High |
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. | ||||
CVE-2024-44072 | 1 Buffalo Inc | 18 Wex 1166dhp, Wex 1166dhp2, Wex 1166dhps and 15 more | 2024-09-10 | 5.7 Medium |
OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed. | ||||
CVE-2024-34831 | 1 Gibbon | 1 Core | 2024-09-10 | 6.1 Medium |
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. | ||||
CVE-2024-31960 | 1 Samsung Mobile | 1 Exynos | 2024-09-10 | 7.8 High |
An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free. | ||||
CVE-2024-0744 | 1 Mozilla | 1 Firefox | 2024-09-10 | 7.5 High |
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. | ||||
CVE-2023-42490 | 1 Busbaer | 1 Eisbaer Scada | 2024-09-10 | 7.5 High |
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
CVE-2023-40408 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-10 | 5.3 Medium |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly. | ||||
CVE-2023-37232 | 1 Loftware | 1 Spectrum | 2024-09-10 | 7.5 High |
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor. | ||||
CVE-2023-36103 | 1 Tenda | 1 Ac15 Firmware | 2024-09-10 | 8 High |
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | ||||
CVE-2023-26572 | 1 Idattend | 1 Idweb | 2024-09-10 | 9.8 Critical |
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
CVE-2023-26578 | 1 Idattend | 1 Idweb | 2024-09-10 | 8.8 High |
Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. |