Total 18196 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-40583 2024-12-11 9.1 Critical
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
CVE-2023-29542 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2024-12-11 9.8 Critical
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
CVE-2023-29534 1 Mozilla 2 Firefox, Firefox Focus 2024-12-11 9.1 Critical
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
CVE-2023-29531 2 Apple, Mozilla 4 Macos, Firefox, Firefox Esr and 1 more 2024-12-11 9.8 Critical
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
CVE-2022-38947 2024-12-11 9.8 Critical
SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.
CVE-2022-38946 2024-12-11 9.8 Critical
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.
CVE-2024-54920 1 Lopalopa 1 E-learning Management System 2024-12-11 9.8 Critical
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
CVE-2024-11737 2024-12-11 9.8 Critical
CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device.
CVE-2024-51363 2024-12-11 9.8 Critical
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.
CVE-2024-46442 2024-12-11 9.8 Critical
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.
CVE-2024-12286 2024-12-11 9.8 Critical
MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.
CVE-2024-8980 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2024-12-10 9.6 Critical
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.
CVE-2024-38002 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2024-12-10 9 Critical
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API.
CVE-2020-20413 1 Wuzhicms 1 Wuzhicms 2024-12-10 9.8 Critical
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
CVE-2024-47547 2 Ruijie, Ruijienetworks 2 Reyee Os, Reyee Os 2024-12-10 9.4 Critical
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
CVE-2024-48874 2 Ruijie, Ruijienetworks 2 Reyee Os, Reyee Os 2024-12-10 9.8 Critical
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
CVE-2024-52324 2 Ruijie, Ruijienetworks 2 Reyee Os, Reyee Os 2024-12-10 9.8 Critical
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
CVE-2024-38164 1 Microsoft 1 Groupme 2024-12-10 9.6 Critical
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
CVE-2024-38089 1 Microsoft 1 Defender For Iot 2024-12-10 9.1 Critical
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-38076 1 Microsoft 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more 2024-12-10 9.8 Critical
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability