Search Results (363715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37999 1 Siemens 1 Medicalis Workflow Orchestrator 2024-11-21 7.8 High
A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.
CVE-2024-37958 1 Mekshq 1 Meks Smart Author Widget 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.
CVE-2024-37956 1 Vektor-inc 1 Vk All In One Expansion Unit 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.
CVE-2024-37955 1 Makegutenblock 1 Gutslider 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3.
CVE-2024-37954 1 Marcelotorres 1 Simple Responsive Slider 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.
CVE-2024-37942 1 Berqier 1 Berqwp 2024-11-21 7.2 High
Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5.
CVE-2024-37889 1 Treyww 1 Myfinances 2024-11-21 6.5 Medium
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
CVE-2024-37888 1 Mlewand 1 Open Link 2024-11-21 6.1 Medium
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**.
CVE-2024-37885 2 Apple, Nextcloud 2 Macos, Desktop 2024-11-21 3.8 Low
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0.
CVE-2024-37884 1 Nextcloud 1 Nextcloud Server 2024-11-21 3.5 Low
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.
CVE-2024-37883 1 Nextcloud 1 Deck 2024-11-21 4.3 Medium
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1.
CVE-2024-37882 1 Nextcloud 1 Nextcloud Server 2024-11-21 8.1 High
Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4.
CVE-2024-37880 1 Pq-crystals 1 Kyber 2024-11-21 7.5 High
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.
CVE-2024-37873 2 Itsourcecode, Payroll Management System Project 2 Payroll Management System Project In Php With Source Code, Payroll Management System 2024-11-21 9.1 Critical
SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2024-37865 1 S3browser 1 S3 Browser 2024-11-21 5.9 Medium
An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.
CVE-2024-37856 1 Oretnom23 1 Lost And Found Information System 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
CVE-2024-37849 1 Itsourcecode 1 Billing System 2024-11-21 9.8 Critical
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.
CVE-2024-37843 1 Craftcms 1 Craft Cms 2024-11-21 7.5 High
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
CVE-2024-37831 1 Itsourcecode 1 Payroll Management System 2024-11-21 9.1 Critical
Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter.
CVE-2024-37830 1 Getoutline 1 Outline 2024-11-21 4.3 Medium
An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.