Search Results (120681 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38018 1 Microsoft 1 Sharepoint Server 2024-12-31 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-26191 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2024-12-31 8.8 High
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-26186 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2024-12-31 8.8 High
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37339 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2024-12-31 8.8 High
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37340 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2024-12-31 8.8 High
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37335 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2024-12-31 8.8 High
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37338 1 Microsoft 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more 2024-12-31 8.8 High
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2023-1329 1 Hp 1914 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy14a Firmware, Laserjet Managed Mfp E62665 3gy15a and 1911 more 2024-12-31 9.8 Critical
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.
CVE-2024-2071 1 Remyandrade 1 Faq Management System 2024-12-31 3.5 Low
A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack may be launched remotely. VDB-255386 is the identifier assigned to this vulnerability.
CVE-2021-39090 2 Ibm, Linux 2 Cloud Pak For Security, Linux Kernel 2024-12-31 5.9 Medium
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.
CVE-2022-43842 3 Ibm, Linux, Microsoft 3 Aspera Console, Linux Kernel, Windows 2024-12-31 8.6 High
IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.
CVE-2024-1750 1 Temmokumvc 1 Temmokumvc 2024-12-31 5.6 Medium
A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254532. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1749 1 Bdtask 1 Bhojon 2024-12-31 2.4 Low
A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254531. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-13006 2024-12-30 7.3 High
A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. This issue affects some unknown processing of the file /employeeview.php. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-34251 1 Getgrav 1 Grav 2024-12-27 10 Critical
Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this issue.
CVE-2020-25952 1 Phpgurukul 1 User Registration \& Login And User Management System 2024-12-27 9.8 Critical
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
CVE-2024-12940 2024-12-26 7.3 High
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. The manipulation of the argument student_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12942 2024-12-26 7.3 High
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/admin_login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12959 2024-12-26 7.3 High
A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /update_personal_details.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-6776 1 Google 1 Chrome 2024-12-26 8.8 High
Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)