Search Results (363250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40518 1 Seacms 1 Seacms 2024-11-21 7.2 High
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-40416 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 6.5 Medium
A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40415 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 9.8 Critical
A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40414 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 9.6 Critical
A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40334 2 Idccms, Idccms Project 2 Idccms, Idccms 2024-11-21 8.8 High
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3
CVE-2024-40332 2 Idccms, Idccms Project 2 Idccms, Idccms 2024-11-21 6.8 Medium
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord
CVE-2024-40324 1 Datex-soft 1 E-staff 2024-11-21 9.8 Critical
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.
CVE-2024-40322 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 6.3 Medium
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
CVE-2024-40318 1 Webkul 1 Qloapps 2024-11-21 7.2 High
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40130 1 Open5gs 1 Open5gs 2024-11-21 9.8 Critical
open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
CVE-2024-40129 1 Open5gs 1 Open5gs 2024-11-21 8.6 High
Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
CVE-2024-40060 1 Wcharczuk 1 Go-chart 2024-11-21 7.5 High
go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function.
CVE-2024-40051 1 Ip-guard 1 Ip-guard 2024-11-21 7.5 High
IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter.
CVE-2024-40037 1 Idccms Project 1 Idccms 2024-11-21 8.8 High
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del
CVE-2024-40034 1 Idccms Project 1 Idccms 2024-11-21 8.8 High
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del
CVE-2024-3999 1 Spider-themes 1 Eazydocs 2024-11-21 4.8 Medium
The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-3978 1 Andrewabarber 1 Wordpress Jitsi Shortcode 2024-11-21 5.4 Medium
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-3977 1 Andrewabarber 1 Wordpress Jitsi Shortcode 2024-11-21 4.8 Medium
The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-3972 1 Davidjmiller 1 Similarity 2024-11-21 4.3 Medium
The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2024-3966 1 Projectcaruso 1 Pray For Me 2024-11-21 6.1 Medium
The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin