Total 262521 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-41975 1 Apple 1 Macos 2024-09-10 4.3 Medium
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.
CVE-2023-42857 1 Apple 3 Ipados, Iphone Os, Macos 2024-09-10 3.3 Low
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
CVE-2023-41997 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-09-10 4.6 Medium
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
CVE-2023-41254 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-09-10 5.5 Medium
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.
CVE-2024-44902 1 Thinkphp 1 Thinkphp 2024-09-10 9.8 Critical
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
CVE-2024-44893 1 Jeecg 1 Jimureport 2024-09-10 9.8 Critical
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.
CVE-2024-44872 1 Mozilocms 1 Mozilocms 2024-09-10 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
CVE-2024-44871 1 Mozilo 1 Mozilocms 2024-09-10 7.2 High
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-44676 1 Eladmin 1 Eladmin 2024-09-10 6.1 Medium
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
CVE-2024-44667 1 Shenzhen Haichangxing Technology 1 Hcx H822 Firmware 2024-09-10 8 High
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access.
CVE-2024-44072 1 Buffalo Inc 18 Wex 1166dhp, Wex 1166dhp2, Wex 1166dhps and 15 more 2024-09-10 5.7 Medium
OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.
CVE-2024-34831 1 Gibbon 1 Core 2024-09-10 6.1 Medium
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.
CVE-2024-31960 1 Samsung Mobile 1 Exynos 2024-09-10 7.8 High
An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.
CVE-2024-0744 1 Mozilla 1 Firefox 2024-09-10 7.5 High
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
CVE-2023-42490 1 Busbaer 1 Eisbaer Scada 2024-09-10 7.5 High
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-40408 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-09-10 5.3 Medium
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.
CVE-2023-37232 1 Loftware 1 Spectrum 2024-09-10 7.5 High
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.
CVE-2023-36103 1 Tenda 1 Ac15 Firmware 2024-09-10 8 High
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
CVE-2023-26572 1 Idattend 1 Idweb 2024-09-10 9.8 Critical
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26578 1 Idattend 1 Idweb 2024-09-10 8.8 High
Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.