Search Results (120973 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-25895 1 Churchcrm 1 Churchcrm 2025-03-17 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php
CVE-2023-35859 1 Moderncampus 1 Omni Cms 2025-03-17 6.1 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters.
CVE-2022-45600 1 Aztech 2 Wmb250ac, Wmb250ac Firmware 2025-03-17 8.8 High
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
CVE-2024-47197 1 Apache 1 Maven Archetype 2025-03-17 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. We expect that on many developer machines, this also contains credentials. When the user runs mvn verify again (without a mvn clean), this file becomes part of the final artifact. If a developer were to publish this into Maven Central or any other remote repository (whether as a release or a snapshot) their credentials would be published without them knowing.
CVE-2024-45231 1 Djangoproject 1 Django 2025-03-17 5.3 Medium
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
CVE-2024-3176 1 Google 1 Chrome 2025-03-17 8.8 High
Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-2630 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-17 6.5 Medium
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-23009 3 Debian, Libreswan, Redhat 5 Debian Linux, Libreswan, Enterprise Linux and 2 more 2025-03-17 6.5 Medium
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
CVE-2024-3116 3 Fedoraproject, Pgadmin, Postgresql 3 Fedora, Pgadmin 4, Pgadmin 4 2025-03-17 7.4 High
pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.
CVE-2024-8909 2 Apple, Google 2 Iphone Os, Chrome 2025-03-17 4.3 Medium
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-42812 1 Dlink 2 Dir-860l, Dir-860l Firmware 2025-03-17 9.8 Critical
In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVE-2025-20637 1 Mediatek 3 Mt7981, Mt7986, Software Development Kit 2025-03-17 7.5 High
In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380.
CVE-2024-7421 1 Devolutions 1 Remote Desktop Manager 2025-03-17 5.5 Medium
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions
CVE-2024-48826 1 Tenda 2 Ac7, Ac7 Firmware 2025-03-17 8 High
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVE-2024-48825 1 Tenda 2 Ac7, Ac7 Firmware 2025-03-17 8 High
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVE-2024-10153 1 Phpgurukul 1 Boat Booking System 2025-03-16 6.3 Medium
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument bookingdatefrom/nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-45506 1 Haproxy 1 Haproxy 2025-03-14 7.5 High
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
CVE-2020-16304 4 Artifex, Canonical, Debian and 1 more 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more 2025-03-14 5.5 Medium
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
CVE-2020-16297 4 Artifex, Canonical, Debian and 1 more 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more 2025-03-14 5.5 Medium
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2024-1675 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-14 8.8 High
Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)