Search Results (363504 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-11648 1 1000projects 1 Beauty Parlour Management System 2024-11-26 7.3 High
A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-23352 1 Qualcomm 211 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 208 more 2024-11-26 7.5 High
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
CVE-2023-50803 1 Samsung 26 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 23 more 2024-11-26 3.7 Low
An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check replay protection specified by the NAS (Non-Access-Stratum) module. This can lead to denial of service.
CVE-2024-23350 1 Qualcomm 50 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 47 more 2024-11-26 6.5 Medium
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
CVE-2024-33565 1 Ukrsolution 1 Barcode Scanner And Inventory Manager 2024-11-26 9.1 Critical
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.
CVE-2023-48812 1 Totolink 2 X6000r, X6000r Firmware 2024-11-26 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2024-21479 1 Qualcomm 192 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 189 more 2024-11-26 7.5 High
Transient DOS during music playback of ALAC content.
CVE-2024-21467 1 Qualcomm 258 Csr8811, Csr8811 Firmware, Fastconnect 6800 and 255 more 2024-11-26 6.5 Medium
Information disclosure while handling beacon probe frame during scan entry generation in client side.
CVE-2023-47453 1 Sohu 1 Video Player 2024-11-26 7.8 High
An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory.
CVE-2023-46353 1 Mypresta 1 Product Tag Icons Pro 2024-11-26 9.8 Critical
In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2024-7245 1 Pandasecurity 1 Panda Dome 2024-11-26 7.8 High
Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Hydra Sdk Windows Service. The issue lies in the lack of proper permissions set on a folder created by the service. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23429.
CVE-2024-23353 1 Qualcomm 502 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 499 more 2024-11-26 7.5 High
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.
CVE-2023-43298 1 Linecorp 1 Line 2024-11-26 5.3 Medium
An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-48208 1 Phpjabbers 1 Availability Booking Calendar 2024-11-26 6.1 Medium
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
CVE-2023-48836 1 Phpjabbers 1 Car Rental Script 2024-11-26 5.4 Medium
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
CVE-2023-48861 2 Baidu, Microsoft 2 Ttplayer, Windows 2024-11-26 7.8 High
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.
CVE-2023-49432 1 Tenda 2 Ax9, Ax9 Firmware 2024-11-26 9.8 Critical
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
CVE-2024-23355 1 Qualcomm 286 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 283 more 2024-11-26 7.8 High
Memory corruption when keymaster operation imports a shared key.
CVE-2023-49999 1 Tenda 2 W30e, W30e Firmware 2024-11-26 9.8 Critical
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
CVE-2024-34435 1 Coderevolution 1 Aiomatic 2024-11-26 4.3 Medium
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3.