Total
264749 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-22562 | 1 Swftools | 1 Swftools | 2024-08-01 | 7.8 High |
swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. | ||||
CVE-2024-22705 | 1 Linux | 1 Linux Kernel | 2024-08-01 | 7.8 High |
An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. | ||||
CVE-2024-22714 | 1 Codelyfe | 1 Stupid Simple Cms | 2024-08-01 | 6.1 Medium |
Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content. | ||||
CVE-2024-22717 | 2024-08-01 | N/A | ||
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. | ||||
CVE-2024-22715 | 1 Codelyfe | 1 Stupid Simple Cms | 2024-08-01 | 8.8 High |
Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. | ||||
CVE-2024-22545 | 1 Trendnet | 2 Tew-824dru, Tew-824dru Firmware | 2024-08-01 | 7.8 High |
An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. | ||||
CVE-2024-22569 | 1 Poscms | 1 Poscms | 2024-08-01 | 5.4 Medium |
Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. | ||||
CVE-2024-22641 | 2024-08-01 | 7.5 High | ||
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. | ||||
CVE-2024-22546 | 2024-08-01 | 6.4 Medium | ||
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. | ||||
CVE-2024-22640 | 2024-08-01 | 7.5 High | ||
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. | ||||
CVE-2024-22627 | 1 Campcodes | 1 Supplier Management System | 2024-08-01 | 7.2 High |
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=. | ||||
CVE-2024-22570 | 1 Njtech | 1 Greencms | 2024-08-01 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
CVE-2024-22663 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-08-01 | 9.8 Critical |
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | ||||
CVE-2024-22563 | 1 Openvswitch | 1 Openvswitch | 2024-08-01 | 7.5 High |
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | ||||
CVE-2024-22523 | 1 Fuwushe | 1 Ifair | 2024-08-01 | 7.5 High |
Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component. | ||||
CVE-2024-22601 | 1 Flycms Project | 1 Flycms | 2024-08-01 | 8.8 High |
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | ||||
CVE-2024-22628 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-08-01 | 7.2 High |
Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= | ||||
CVE-2024-22626 | 1 Campcodes | 1 Supplier Management System | 2024-08-01 | 7.2 High |
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=. | ||||
CVE-2024-22544 | 2024-08-01 | 8.0 High | ||
An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. | ||||
CVE-2024-22643 | 1 Seopanel | 1 Seo Panel | 2024-08-01 | 6.5 Medium |
A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. |