Search Results (363161 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37883 1 Nextcloud 1 Deck 2024-11-21 4.3 Medium
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
CVE-2024-37882 1 Nextcloud 1 Nextcloud Server 2024-11-21 8.1 High
Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4.
CVE-2024-37880 1 Pq-crystals 1 Kyber 2024-11-21 7.5 High
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.
CVE-2024-37873 2 Itsourcecode, Payroll Management System Project 2 Payroll Management System Project In Php With Source Code, Payroll Management System 2024-11-21 9.1 Critical
SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2024-37865 1 S3browser 1 S3 Browser 2024-11-21 5.9 Medium
An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.
CVE-2024-37856 1 Oretnom23 1 Lost And Found Information System 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
CVE-2024-37849 1 Itsourcecode 1 Billing System 2024-11-21 9.8 Critical
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.
CVE-2024-37843 1 Craftcms 1 Craft Cms 2024-11-21 7.5 High
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
CVE-2024-37831 1 Itsourcecode 1 Payroll Management System 2024-11-21 9.1 Critical
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter.
CVE-2024-37830 1 Getoutline 1 Outline 2024-11-21 4.3 Medium
An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.
CVE-2024-37802 2 Codeprojects, Health Care Hospital Management System Project 2 Health Care Hospital Management System, Health Care Hospital Management System 2024-11-21 9.4 Critical
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter.
CVE-2024-37769 1 B1ackc4t 1 14finger 2024-11-21 8.8 High
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.
CVE-2024-37741 1 Openplcproject 2 Openplc V3, Openplc V3 Firmware 2024-11-21 5.4 Medium
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
CVE-2024-37732 1 Anchorcms 2 Anchor, Anchor Cms 2024-11-21 8.8 High
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.
CVE-2024-37679 2 Finesoft Project, Hangzhou Meisoft Information Technology 2 Finesoft, Finesoft 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter.
CVE-2024-37677 2 Access Management Specialist Project, Shenzhenweitillage 2 Access Management Specialist, Access Management Specialist 2024-11-21 7.5 High
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information.
CVE-2024-37673 1 Tessi 2 Docubase, Docubase Document Management 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter.
CVE-2024-37672 1 Tessi 1 Docubase 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter.
CVE-2024-37635 1 Totolink 2 A3700r, A3700r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg
CVE-2024-37625 1 Zhimengzhel 1 Ibarn 2024-11-21 6.1 Medium
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php.