Total
276638 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7399 | 2 Samsung, Samsung Electronics | 2 Magicinfo 9 Server, Magicinfo 9 Server | 2024-08-13 | 8.8 High |
| Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. | ||||
| CVE-2024-7574 | 2024-08-13 | 6.1 Medium | ||
| The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-37129 | 1 Dell | 6 Alienware Update, Command Update, Inventory Collector and 3 more | 2024-08-13 | 6.7 Medium |
| Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. | ||||
| CVE-2022-4002 | 1 Motorola | 3 Q14, Q14 Firmware, Q14 Mesh Router Firmware | 2024-08-13 | 7.2 High |
| A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. | ||||
| CVE-2022-4003 | 1 Motorola | 2 Q14, Q14 Firmware | 2024-08-13 | 2.7 Low |
| A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request. | ||||
| CVE-2024-7503 | 1 Wpweb | 1 Woocommerce Social Login | 2024-08-13 | 9.8 Critical |
| The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'woo_slg_confirm_email_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the userID. This requires the email module to be enabled. | ||||
| CVE-2024-7272 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-13 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-1577 | 1 Lenovo | 1 Drivers Management | 2024-08-13 | 7.8 High |
| A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2019-6198 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to versionĀ 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2019-6197 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 7.8 High |
| A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||||
| CVE-2017-3772 | 1 Lenovo | 1 Pcmanager | 2024-08-13 | 5.5 Medium |
| A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot. | ||||
| CVE-2024-7311 | 2 Code-projects, Fabianros | 2 Online Bus Reservation Site, Online Bus Reservation Site | 2024-08-13 | 7.3 High |
| A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273203. | ||||
| CVE-2024-7310 | 2 Jkev, Sourcecodester | 2 Record Management System, Record Management System | 2024-08-13 | 3.5 Low |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file sort_user.php. The manipulation of the argument sort leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273202 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-7309 | 2 Jkev, Sourcecodester | 2 Record Management System, Record Management System | 2024-08-13 | 3.5 Low |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273201 was assigned to this vulnerability. | ||||
| CVE-2024-7308 | 2 Oretnom23, Sourcecodester | 2 Establishment Billing Management System, Establishment Billing Management System | 2024-08-13 | 6.3 Medium |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273200. | ||||
| CVE-2024-43226 | 2024-08-13 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11. | ||||
| CVE-2024-43210 | 2024-08-13 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2. | ||||
| CVE-2024-43147 | 2024-08-13 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.11. | ||||
| CVE-2024-7307 | 2 Oretnom23, Sourcecodester | 2 Establishment Billing Management System, Establishment Billing Management System | 2024-08-13 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199. | ||||
| CVE-2024-43137 | 2024-08-13 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. | ||||