Search Results (362833 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23105 1 Fortinet 1 Fortiportal 2024-11-21 7.1 High
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
CVE-2024-23081 1 Redhat 1 Apache Camel Spring Boot 2024-11-21 7.5 High
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CVE-2024-23058 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVE-2024-23057 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVE-2024-23054 1 Plone 1 Plone Docker Official Image 2024-11-21 9.8 Critical
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).
CVE-2024-22920 1 Swftools 1 Swftools 2024-11-21 7.8 High
swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.
CVE-2024-22916 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-11-21 9.8 Critical
In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.
CVE-2024-22914 1 Swftools 1 Swftools 2024-11-21 5.5 Medium
A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.
CVE-2024-22894 2 Alpha-innotec, Novelan 4 Heat Pumps, Heat Pumps Firmware, Heat Pumps and 1 more 2024-11-21 6.8 Medium
An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.
CVE-2024-22779 1 Kihron 1 Serverrpexposer 2024-11-21 8.8 High
Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.
CVE-2024-22651 1 Dlink 2 Dir-815, Dir-815 Firmware 2024-11-21 9.8 Critical
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
CVE-2024-22637 1 Formtools 1 Form Tools 2024-11-21 6.1 Medium
Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2.
CVE-2024-22603 1 Flycms Project 1 Flycms 2024-11-21 8.8 High
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link
CVE-2024-22593 1 Flycms Project 1 Flycms 2024-11-21 8.8 High
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save
CVE-2024-22550 1 Shopsite 1 Shopsite 2024-11-21 6.1 Medium
An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2024-22514 1 Ispyconnect 2 Agent Dvr, Ispy 2024-11-21 8.8 High
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.
CVE-2024-22493 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22490 1 Beetl-bbs Project 1 Beetl-bbs 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter.
CVE-2024-22477 1 Pingidentity 1 Pingfederate 2024-11-21 1.8 Low
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
CVE-2024-22455 1 Dell 1 E-lab Navigator 2024-11-21 4.4 Medium
Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.