Total
54925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38699 | 1 Wpswings | 1 Wallet System For Woocommerce | 2024-08-13 | 7.5 High |
| Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. | ||||
| CVE-2024-37935 | 1 Anhvnit | 1 Woocommerce Openpos | 2024-08-13 | 7.5 High |
| Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. | ||||
| CVE-2024-41913 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2024-08-13 | 8.8 High |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input. | ||||
| CVE-2024-40488 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. | ||||
| CVE-2024-40479 | 1 Kashipara | 1 Online Exam System | 2024-08-13 | 8.1 High |
| A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. | ||||
| CVE-2024-37826 | 1 Vercot | 1 Serva | 2024-08-12 | 7.5 High |
| A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2024-36132 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-12 | 7.5 High |
| Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | ||||
| CVE-2024-42347 | 1 Matrix | 1 Matrix-react-sdk | 2024-08-12 | 7.7 High |
| matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-7502 | 1 Deltaww | 1 Diascreen | 2024-08-12 | 7.8 High |
| A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2024-34620 | 1 Samsung | 1 Android | 2024-08-12 | 8.4 High |
| Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. | ||||
| CVE-2024-34619 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2024-08-12 | 7.5 High |
| Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2024-34614 | 1 Samsung | 1 Android | 2024-08-12 | 7.3 High |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-34612 | 1 Samsung | 1 Android | 2024-08-12 | 7.3 High |
| Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-7550 | 1 Google | 1 Chrome | 2024-08-12 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7536 | 1 Google | 1 Chrome | 2024-08-12 | 8.8 High |
| Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7533 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-12 | 8.8 High |
| Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7532 | 1 Google | 1 Chrome | 2024-08-12 | 8.8 High |
| Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2024-42219 | 1 1password | 1 1password | 2024-08-12 | 7 High |
| 1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. | ||||
| CVE-2024-7286 | 2 Oretnom23, Sourcecodester | 2 Establishment Billing Management System, Establishment Billing Management System | 2024-08-12 | 7.3 High |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273155. | ||||
| CVE-2024-7320 | 2 Adonesevangelista, Itsourcecode | 2 Online Blood Bank Management System, Online Blood Bank Management System | 2024-08-12 | 7.3 High |
| A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. This affects an unknown part of the file /admin/index.php of the component Admin Login. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273231. | ||||