Total 264749 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-22562 1 Swftools 1 Swftools 2024-08-01 7.8 High
swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c.
CVE-2024-22705 1 Linux 1 Linux Kernel 2024-08-01 7.8 High
An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.
CVE-2024-22714 1 Codelyfe 1 Stupid Simple Cms 2024-08-01 6.1 Medium
Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content.
CVE-2024-22717 2024-08-01 N/A
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.
CVE-2024-22715 1 Codelyfe 1 Stupid Simple Cms 2024-08-01 8.8 High
Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.
CVE-2024-22545 1 Trendnet 2 Tew-824dru, Tew-824dru Firmware 2024-08-01 7.8 High
An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.
CVE-2024-22569 1 Poscms 1 Poscms 2024-08-01 5.4 Medium
Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0.
CVE-2024-22641 2024-08-01 7.5 High
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.
CVE-2024-22546 2024-08-01 6.4 Medium
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.
CVE-2024-22640 2024-08-01 7.5 High
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
CVE-2024-22627 1 Campcodes 1 Supplier Management System 2024-08-01 7.2 High
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=.
CVE-2024-22570 1 Njtech 1 Greencms 2024-08-01 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-22663 1 Totolink 2 A3700r, A3700r Firmware 2024-08-01 9.8 Critical
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
CVE-2024-22563 1 Openvswitch 1 Openvswitch 2024-08-01 7.5 High
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
CVE-2024-22523 1 Fuwushe 1 Ifair 2024-08-01 7.5 High
Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component.
CVE-2024-22601 1 Flycms Project 1 Flycms 2024-08-01 8.8 High
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save
CVE-2024-22628 1 Oretnom23 1 Budget And Expense Tracker System 2024-08-01 7.2 High
Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=
CVE-2024-22626 1 Campcodes 1 Supplier Management System 2024-08-01 7.2 High
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.
CVE-2024-22544 2024-08-01 8.0 High
An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function.
CVE-2024-22643 1 Seopanel 1 Seo Panel 2024-08-01 6.5 Medium
A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.