Total
18197 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-53442 | 2024-12-11 | 9.8 Critical | ||
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. | ||||
CVE-2024-41579 | 2024-12-11 | 9.8 Critical | ||
DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability | ||||
CVE-2023-50913 | 2024-12-11 | 9.1 Critical | ||
Oxide control plane software before 5 allows SSRF. | ||||
CVE-2023-48010 | 2024-12-11 | 9.8 Critical | ||
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | ||||
CVE-2023-35853 | 1 Oisf | 1 Suricata | 2024-12-11 | 9.8 Critical |
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section. | ||||
CVE-2023-25736 | 1 Mozilla | 1 Firefox | 2024-12-11 | 9.8 Critical |
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110. | ||||
CVE-2019-25136 | 1 Mozilla | 1 Firefox | 2024-12-11 | 10 Critical |
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. | ||||
CVE-2023-35855 | 1 Valvesoftware | 1 Counter-strike | 2024-12-11 | 9.8 Critical |
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. | ||||
CVE-2023-35856 | 1 Nintendo | 1 Mario Kart Wii | 2024-12-11 | 9.8 Critical |
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet. | ||||
CVE-2023-35857 | 1 Siren | 1 Investigate | 2024-12-11 | 9.8 Critical |
In Siren Investigate before 13.2.2, session keys remain active even after logging out. | ||||
CVE-2024-53676 | 1 Hpe | 1 Insight Remote Support | 2024-12-11 | 9.8 Critical |
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. | ||||
CVE-2024-54931 | 2024-12-11 | 9.8 Critical | ||
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||||
CVE-2024-54924 | 2024-12-11 | 9.8 Critical | ||
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | ||||
CVE-2024-54923 | 2024-12-11 | 9.8 Critical | ||
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | ||||
CVE-2024-54921 | 2024-12-11 | 9.8 Critical | ||
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | ||||
CVE-2024-54751 | 2024-12-11 | 9.8 Critical | ||
COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
CVE-2024-53552 | 2024-12-11 | 9.8 Critical | ||
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover. | ||||
CVE-2024-53477 | 2024-12-11 | 9.8 Critical | ||
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java | ||||
CVE-2024-48956 | 2024-12-11 | 9.8 Critical | ||
Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution. | ||||
CVE-2024-40583 | 2024-12-11 | 9.1 Critical | ||
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. |