Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40601 1 Mediawiki 1 Mediawiki 2024-11-21 6.3 Medium
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.
CVE-2024-40600 1 Mediawiki 2 Mediawiki, Metrolook Skin 2024-11-21 6.1 Medium
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2024-40551 1 Publiccms 1 Publiccms 2024-11-21 6.2 Medium
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40550 1 Publiccms 1 Publiccms 2024-11-21 8.8 High
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40548 1 Publiccms 1 Publiccms 2024-11-21 8.8 High
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40546 1 Publiccms 1 Publiccms 2024-11-21 8.8 High
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40545 1 Publiccms 1 Publiccms 2024-11-21 7.2 High
An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-40543 1 Publiccms 1 Publiccms 2024-11-21 6.4 Medium
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
CVE-2024-40542 2 Codermy, Witmy 2 My-springsecurity-plus, My-springsecurity-plus 2024-11-21 6.3 Medium
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.
CVE-2024-40541 2 Codermy, Witmy 2 My-springsecurity-plus, My-springsecurity-plus 2024-11-21 6.2 Medium
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.
CVE-2024-40540 1 Codermy 1 My-springsecurity-plus 2024-11-21 6.2 Medium
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.
CVE-2024-40539 2 Codermy, Witmy 2 My-springsecurity-plus, My-springsecurity-plus 2024-11-21 6.2 Medium
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.
CVE-2024-40520 1 Seacms 1 Seacms 2024-11-21 8.8 High
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-40518 1 Seacms 1 Seacms 2024-11-21 7.2 High
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-40416 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 6.5 Medium
A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40415 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 9.8 Critical
A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40414 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 9.6 Critical
A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40334 2 Idccms, Idccms Project 2 Idccms, Idccms 2024-11-21 8.8 High
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3
CVE-2024-40332 2 Idccms, Idccms Project 2 Idccms, Idccms 2024-11-21 6.8 Medium
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord
CVE-2024-40324 1 Datex-soft 1 E-staff 2024-11-21 9.8 Critical
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.