Total
18194 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25366 | 1 Siglent | 2 Sds 1104x-e, Sds 1104x-e Firmware | 2024-12-12 | 9.8 Critical |
| In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. | ||||
| CVE-2023-28365 | 3 Linux, Ubiquiti, Ui | 3 Linux Kernel, Unifi Network Application, Unifi Network Application | 2024-12-12 | 9.1 Critical |
| A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | ||||
| CVE-2024-44256 | 1 Apple | 2 Mac Os, Macos | 2024-12-12 | 9.3 Critical |
| The issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to break out of its sandbox. | ||||
| CVE-2024-54934 | 2024-12-12 | 9.8 Critical | ||
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. | ||||
| CVE-2024-54933 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | ||||
| CVE-2024-54932 | 2024-12-12 | 9.8 Critical | ||
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | ||||
| CVE-2024-54930 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | ||||
| CVE-2024-54925 | 2024-12-12 | 9.8 Critical | ||
| A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||||
| CVE-2024-54922 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
| A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | ||||
| CVE-2024-54918 | 2024-12-12 | 9.8 Critical | ||
| Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | ||||
| CVE-2024-54842 | 2024-12-12 | 9.8 Critical | ||
| A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter. | ||||
| CVE-2024-23538 | 1 Apache | 1 Fineract | 2024-12-12 | 9.9 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | ||||
| CVE-2024-55884 | 2024-12-12 | 9 Critical | ||
| In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial. | ||||
| CVE-2023-32754 | 1 Thinkingsoftware | 1 Efence | 2024-12-12 | 9.8 Critical |
| Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | ||||
| CVE-2024-11015 | 2024-12-12 | 9.8 Critical | ||
| The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator. | ||||
| CVE-2020-25014 | 1 Zyxel | 52 Access Points Firmware, Nwa110ax, Nwa1123-ac Hd and 49 more | 2024-12-12 | 9.8 Critical |
| A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet. | ||||
| CVE-2023-2686 | 1 Silabs | 1 Gecko Software Development Kit | 2024-12-12 | 9.8 Critical |
| Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | ||||
| CVE-2023-34548 | 1 Simple Customer Relationship Management Project | 1 Simple Customer Relationship Management | 2024-12-12 | 9.8 Critical |
| Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. | ||||
| CVE-2024-53480 | 2024-12-12 | 9.8 Critical | ||
| Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter. | ||||
| CVE-2024-10124 | 2024-12-12 | 9.8 Critical | ||
| The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1. | ||||