Total 18197 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-53442 2024-12-11 9.8 Critical
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.
CVE-2024-41579 2024-12-11 9.8 Critical
DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability
CVE-2023-50913 2024-12-11 9.1 Critical
Oxide control plane software before 5 allows SSRF.
CVE-2023-48010 2024-12-11 9.8 Critical
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.
CVE-2023-35853 1 Oisf 1 Suricata 2024-12-11 9.8 Critical
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
CVE-2023-25736 1 Mozilla 1 Firefox 2024-12-11 9.8 Critical
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.
CVE-2019-25136 1 Mozilla 1 Firefox 2024-12-11 10 Critical
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.
CVE-2023-35855 1 Valvesoftware 1 Counter-strike 2024-12-11 9.8 Critical
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
CVE-2023-35856 1 Nintendo 1 Mario Kart Wii 2024-12-11 9.8 Critical
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
CVE-2023-35857 1 Siren 1 Investigate 2024-12-11 9.8 Critical
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
CVE-2024-53676 1 Hpe 1 Insight Remote Support 2024-12-11 9.8 Critical
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.
CVE-2024-54931 2024-12-11 9.8 Critical
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
CVE-2024-54924 2024-12-11 9.8 Critical
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
CVE-2024-54923 2024-12-11 9.8 Critical
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
CVE-2024-54921 2024-12-11 9.8 Critical
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
CVE-2024-54751 2024-12-11 9.8 Critical
COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVE-2024-53552 2024-12-11 9.8 Critical
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.
CVE-2024-53477 2024-12-11 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java
CVE-2024-48956 2024-12-11 9.8 Critical
Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.
CVE-2024-40583 2024-12-11 9.1 Critical
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.