Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38723 1 Json-content-importer 1 Json Content Importer 2024-11-21 6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6.
CVE-2024-38692 1 Spiffyplugins 1 Spiffy Calendar 2024-11-21 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
CVE-2024-38536 1 Oisf 1 Suricata 2024-11-21 7.5 High
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.
CVE-2024-38535 1 Oisf 1 Suricata 2024-11-21 7.5 High
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
CVE-2024-38534 1 Oisf 1 Suricata 2024-11-21 7.5 High
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
CVE-2024-38529 1 Admidio 1 Admidio 2024-11-21 9.1 Critical
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. This vulnerability is fixed in 4.3.10.
CVE-2024-38522 1 Hushline 1 Hush Line 2024-11-21 6.3 Medium
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.
CVE-2024-38521 1 Hushline 1 Hush Line 2024-11-21 8.8 High
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.
CVE-2024-38507 1 Jetbrains 1 Hub 2024-11-21 3.5 Low
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
CVE-2024-38506 1 Jetbrains 1 Youtrack 2024-11-21 6.3 Medium
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
CVE-2024-38505 1 Jetbrains 1 Youtrack 2024-11-21 5.3 Medium
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
CVE-2024-38504 1 Jetbrains 1 Youtrack 2024-11-21 4.3 Medium
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
CVE-2024-38493 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
CVE-2024-38462 1 Irods 1 Irods 2024-11-21 9.8 Critical
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.
CVE-2024-38461 1 Irods 1 Irods 2024-11-21 7.5 High
irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory.
CVE-2024-38458 1 Xenforo 1 Xenforo 2024-11-21 8.8 High
Xenforo before 2.2.16 allows code injection.
CVE-2024-38457 1 Xenforo 1 Xenforo 2024-11-21 8.8 High
Xenforo before 2.2.16 allows CSRF.
CVE-2024-38438 1 Dlink 2 Dsl-225, Dsl-225 Firmware 2024-11-21 9.8 Critical
D-Link - CWE-294: Authentication Bypass by Capture-replay
CVE-2024-38437 1 Dlink 2 Dsl-225, Dsl-225 Firmware 2024-11-21 9.8 Critical
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
CVE-2024-38436 1 Commugen 1 Sox 365 2024-11-21 6.1 Medium
Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')